我目前正在开发一个使用Spring SAML(http://projects.spring.io/spring-security-saml/)项目作为身份验证一部分的应用程序。我知道它仍然在RC中,但我们正在开发的应用程序也是如此。我们在部署到Tomcat7时集成了库并且功能完备,但在部署到Weblogic 12c(12.0.1.2)时遇到了问题。在Weblogic上没有抛出任何错误,断言值将被解释为空无错误。
问题似乎出现在Xerces库中。 Spring SAML(由于OpenSAML)需要2.10.0,据我所知,但Weblogic提供了2.8.0的Xerces库。我试图通过在xercesImpl和xml-apis中包含适当的xercesImpl和xml-apis来更新Xerces库版本。项目WEB-INF / lib文件夹。这解决了Spring SAML的decrpyting问题,但破坏了Weblogics解析JSP页面的能力。我已经为下面的非升级和升级的Xerces异常包含了部分堆栈跟踪。如果有人知道如何正确解决这个问题,以便Spring SAML可以在不破坏默认功能的情况下运行Weblogic,我将非常感激。
这是更新Xerces之前的堆栈跟踪
2014-07-31 10:43:37,675 [[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for U
RI http://www.w3.org/2001/04/xmlenc#aes256-cbc
2014-07-31 10:43:37,675 [[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.apache.xml.security.encryption.XMLCipher - JCE Algorithm
= AES/CBC/ISO10126Padding
<Jul 31, 2014 10:43:37 AM EDT> <Error> <HTTP> <BEA-101020> <[ServletContext@1538876008[app:intranet module:intranet.war path:null spec-version:3.0]] Servlet failed with an
Exception
java.lang.NumberFormatException: For input string: ""
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
at java.lang.Integer.parseInt(Integer.java:504)
at java.lang.Integer.valueOf(Integer.java:582)
at org.opensaml.common.SAMLVersion.valueOf(SAMLVersion.java:89)
at org.opensaml.saml2.core.impl.AssertionUnmarshaller.processAttribute(AssertionUnmarshaller.java:71)
at org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshallAttribute(AbstractXMLObjectUnmarshaller.java:254)
at org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObjectUnmarshaller.java:113)
at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:479)
at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:403)
at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141)
at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69)
at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:190)
at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:82)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:84)
这是将Xerces更新为2.10.0后的堆栈跟踪。
weblogic.servlet.jsp.CompilationException: Failed to compile JSP /WEB- INF/jsp/errors/500.jsp
500.jsp:1:1: The validator class: "org.apache.taglibs.standard.tlv.JstlCoreTLV" has failed with the following exception: "java.lang.ClassCastException: weblogic.xml.jaxp.Re
gistrySAXParserFactory cannot be cast to javax.xml.parsers.SAXParserFactory".
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
^-------------------------------------------------------------^
500.jsp:2:5: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@ taglib prefix="int" uri="intranet"%>
^----^
500.jsp:2:5: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@ taglib prefix="int" uri="intranet"%>
^----^
500.jsp:6:3: This tag can only appear as a subelement of a standard or custom action. Exceptions are: jsp:body, jsp:attribute, jsp:expression, jsp:scriptlet, and jsp:declaration.
<jsp:attribute name="minifiedJs">
^-----------^
500.jsp:8:3: This tag can only appear as a subelement of a standard or custom action. Exceptions are: jsp:body, jsp:attribute, jsp:expression, jsp:scriptlet, and jsp:declaration.
<jsp:attribute name="nonMinifiedJs">
^-----------^
500.jsp:11:3: This tag can only appear as a subelement of a standard or custom action. Exceptions are: jsp:body, jsp:attribute, jsp:expression, jsp:scriptlet, and jsp:declaration.
<jsp:body>
^------^
at weblogic.servlet.jsp.JavelinxJSPStub.reportCompilationErrorIfNeccessary(JavelinxJSPStub.java:243)
at weblogic.servlet.jsp.JavelinxJSPStub.compilePage0(JavelinxJSPStub.java:179)
at weblogic.servlet.jsp.JavelinxJSPStub.access$000(JavelinxJSPStub.java:50)
at weblogic.servlet.jsp.JavelinxJSPStub$1.run(JavelinxJSPStub.java:108)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.servlet.jsp.JavelinxJSPStub.compilePage(JavelinxJSPStub.java:105)
at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:247)
at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:200)
at weblogic.servlet.internal.ServletStubImpl.getServlet(ServletStubImpl.java:403)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:295)
at weblogic.servlet.internal.ServletStubImpl.onAddToMapException(ServletStubImpl.java:478)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:367)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
...
答案 0 :(得分:2)
对于后来遇到此事的人。我最终通过更新到xercesImpl版本2.9.0解决了这个问题。这似乎是这个问题的最佳版本,尽管它比OpenSAML要求它解决问题的要少,而不会引起Weblogic的任何其他问题(据我目前遇到)。 Xerces 2.10.0需要xml-apis的更新版本才能运行,这导致了Weblogic的问题(2.9.0似乎与Weblogic中包含的xml-apis版本一起使用)。
答案 1 :(得分:1)
以下方法允许在Weblogic中捆绑自定义Xerces和Xalan库:
spring-security-saml2-sample.ear spring-security-saml2-sample.war包含在耳内,战争应该包含自己的Xerces和Xalan版本。使用以下内容在耳内创建文件META-INF/application.xml:
<application xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd" version="5">
<module>
<web>
<web-uri>spring-security-saml2-sample.war</web-uri>
<context-root>spring-security-saml2-sample</context-root>
</web>
</module>
</application>
使用以下内容创建文件META-INF/weblogic-application.xml:
<weblogic-application xmlns="http://www.bea.com/ns/weblogic/90"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.bea.com/ns/weblogic/90 http://www.oracle.com/technology/weblogic/920/weblogic-application.xsd">
<xml>
<parser-factory>
<saxparser-factory>
org.apache.xerces.jaxp.SAXParserFactoryImpl
</saxparser-factory>
<document-builder-factory>
org.apache.xerces.jaxp.DocumentBuilderFactoryImpl
</document-builder-factory>
<transformer-factory>
org.apache.xalan.processor.TransformerFactoryImpl
</transformer-factory>
</parser-factory>
</xml>
<prefer-application-packages>
<package-name>org.opensaml.*</package-name>
<package-name>org.apache.xerces.*</package-name>
<package-name>org.apache.xalan.*</package-name>
</prefer-application-packages>
</weblogic-application>
部署档案
答案 2 :(得分:0)
您是使用prefer-web-inf-classes播放战争文件还是prefer-application-packages播放耳文?其中一个可能会解决问题:
在weblogic-application.xml中:
<wls:prefer-application-packages>
<wls:package-name>org.apache.xerces.xni.parser.*</wls:package-name>
<wls:package-name>org.apache.xerces.parsers.*</wls:package-name>
<wls:package-name>org.apache.xalan.*</wls:package-name>
</wls:prefer-application-packages>
在weblogic.xml中:
<wls:container-descriptor>
<wls:prefer-web-inf-classes>true</prefer-web-inf-classes>
</wls:container-descriptor>
请参阅这些Oracle docs here