我正在使用Spring SAML和OKTA以及JSF。
当我为静态文件添加任何servlet映射时,我从OKTA重定向后,甚至在/ saml / SSO页面上都看不到org.springframework.security.saml.SAMLProcessingFilter被执行过。我从申请表中获得了404,就是这样。
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.css</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.jpg</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.png</url-pattern>
</servlet-mapping>
当我删除此条目时,我被重定向到&#34; succes page&#34;。我试图从spring security中删除这些文件,但它没有帮助。
<security:http security="none" pattern="/favicon.ico"/>
<security:http security="none" pattern="/images/**"/>
<security:http security="none" pattern="/css/**"/>
<security:http security="none" pattern="/resources/**"/>
<security:http security="none" pattern="/javax.faces.resource/**"/>
<security:http security="none" pattern="/logout.jsp"/>
没有例外,授权看起来没问题,但是当我加载任何安全页面时,我被重定向到/ saml / SSO。然后我希望我会被authenticationSuccessHandler重定向,但没有任何反应。
WEB.XML
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<!-- omega, redmond -->
<context-param>
<param-name>primefaces.THEME</param-name>
<param-value>omega</param-value>
</context-param>
<!-- SSO -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/security/securityContext.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- LOG4j -->
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/log4j.xml</param-value>
</context-param>
<!-- PRIMEFACES -->
<context-param>
<param-name>primefaces.FONT_AWESOME</param-name>
<param-value>true</param-value>
</context-param>
<!-- <filter-mapping> <filter-name>Character Encoding Filter</filter-name>
<servlet-name>Faces Servlet</servlet-name> </filter-mapping> -->
<filter>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<servlet>
<servlet-name>Push Servlet</servlet-name>
<servlet-class>org.primefaces.push.PushServlet</servlet-class>
<load-on-startup>0</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<servlet-mapping>
<servlet-name>Push Servlet</servlet-name>
<url-pattern>/primepush/*</url-pattern>
</servlet-mapping>
<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>/error/error.xhtml</location>
</error-page>
<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/error/viewExpired.xhtml</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/error/404.xhtml</location>
</error-page>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>faces-servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>faces-servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<!-- default mappings -->
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>
<servlet-mapping>
[ images and others ...]
</web-app>
SPRING LOG:
18:23:23.496 [http-apr-80-exec-10] DEBUG o.s.s.s.c.SAMLContextProviderImpl - No IDP specified, using default http://www.okta.com/exk6fkmm7e84LEY4W0h7
18:23:23.496 [http-apr-80-exec-10] DEBUG o.s.security.saml.util.SAMLUtil - Index for AssertionConsumerService not specified, returning default
18:23:23.496 [http-apr-80-exec-10] DEBUG o.s.security.saml.SAMLEntryPoint - Processing SSO using WebSSO profile
18:23:23.497 [http-apr-80-exec-10] DEBUG o.s.s.saml.websso.WebSSOProfileImpl - Using default consumer service with binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
18:23:23.524 [http-apr-80-exec-10] DEBUG o.s.security.saml.util.SLF4JLogChute - ResourceManager : found /templates/saml2-post-binding.vm with loader org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader
18:23:23.524 [http-apr-80-exec-10] DEBUG o.s.security.saml.util.SLF4JLogChute - ResourceManager : found /templates/add-html-head-content.vm with loader org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader
18:23:23.525 [http-apr-80-exec-10] DEBUG o.s.security.saml.util.SLF4JLogChute - ResourceManager : found /templates/add-html-body-content.vm with loader org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader
18:23:23.525 [http-apr-80-exec-10] DEBUG o.s.s.s.storage.HttpSessionStorage - Storing message a4c93jc724eg7e2f25i81c6a80hb481 to session D29095A9F7579F9357419777D414EE2E
18:23:23.525 [http-apr-80-exec-10] INFO o.s.s.saml.log.SAMLDefaultLogger - AuthNRequest;SUCCESS;127.0.0.1;http://trucksapp:80/saml/metadata;http://www.okta.com/exk6fkmm7e84LEY4W0h7;;;