我确实参考了所有论坛,以了解我所面临的问题。我仍然将Authentication对象设为null
Tomcat版本为8.0.44
Java 1.7.0 我不确定是否会调用安全过滤器 请查找安全上下文的详细信息。看起来我缺少一些配置。提前致谢。
终点是 https://ssotest-1246771484.ap-south-1.elb.amazonaws.com/spring-security-saml2-sample/index.jsp
***securityContext.xml***
<?xml version="1.0" encoding="UTF-8" ?>
<beans >
<!-- Enable auto-wiring -->
<context:annotation-config />
<context:component-scan base-package="org.springframework.security.saml" />
<!-- Unsecured pages -->
<security:http security="none" pattern="/saml/web/**" />
<security:http security="none" pattern="/logout.jsp" />
<security:http security="none" pattern="/index.jsp" />
<security:http security="none" pattern="/favicon.ico" />
<!-- Secured pages -->
<bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant">
<security:filter-chain pattern="/saml/login/**"
filters="samlEntryPoint" />
<security:filter-chain pattern="/saml/logout/**"
filters="samlLogoutFilter" />
<security:filter-chain pattern="/saml/metadata/**"
filters="metadataDisplayFilter" />
<security:filter-chain pattern="/index.jsp"
filters="samlWebSSOProcessingFilter" />
<security:filter-chain pattern="/saml/SSOHoK/**"
filters="samlWebSSOHoKProcessingFilter" />
<security:filter-chain pattern="/saml/SingleLogout/**"
filters="samlLogoutProcessingFilter" />
<security:filter-chain pattern="/saml/discovery/**"
filters="samlIDPDiscovery" />
</security:filter-chain-map>
</bean>
<!-- Register authentication manager with SAML provider -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="samlAuthenticationProvider" />
</security:authentication-manager>
<!-- Central storage of cryptographic keys -->
<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
<constructor-arg value="classpath:security/samlKeystore.jks" />
<constructor-arg type="java.lang.String" value="nalle123" />
<constructor-arg>
<map>
<entry key="apollo" value="nalle123" />
</map>
</constructor-arg>
<constructor-arg type="java.lang.String" value="apollo" />
</bean>
<!-- Filter automatically generates default SP metadata -->
<bean id="metadataGeneratorFilter"
class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.MetadataGenerator">
<property name="entityId" value="urn:vf:vshare" />
<property name="signMetadata" value="false" />
</bean>
</constructor-arg>
</bean>
<!-- IDP Metadata configuration - paths to metadata of IDPs in circle of
trust is here -->
<!-- Do no forget to call iniitalize method on providers -->
<bean id="metadata"
class="org.springframework.security.saml.metadata.CachingMetadataManager">
<constructor-arg>
<list>
<bean
class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean
class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
<constructor-arg>
<value type="java.io.File">classpath:security/FederationMetadata.xml</value>
</constructor-arg>
<property name="parserPool" ref="parserPool" />
</bean>
</constructor-arg>
<constructor-arg>
<bean
class="org.springframework.security.saml.metadata.ExtendedMetadata">
</bean>
</constructor-arg>
<property name="metadataTrustCheck" value="false" />
</bean>
<bean
class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean
class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
<constructor-arg>
<value type="java.io.File">classpath:security/localhost_sp.xml</value>
</constructor-arg>
<property name="parserPool" ref="parserPool" />
</bean>
</constructor-arg>
<constructor-arg>
<bean
class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="signingKey" value="apollo" />
<property name="encryptionKey" value="apollo" />
<property name="alias" value="defaultAlias" />
</bean>
</constructor-arg>
</bean>
</list>
</constructor-arg>
<!-- OPTIONAL used when one of the metadata files contains information
about this service provider -->
<!-- <property name="hostedSPName" value=""/> -->
<property name="hostedSPName" value="urn:vf:vshare" />
<!-- OPTIONAL property: can tell the system which IDP should be used for
authenticating user by default. -->
<!-- <property name="defaultIDP" value="http://localhost:8080/opensso"/> -->
</bean>
<!-- SAML Authentication Provider responsible for validating of received
SAML messages -->
<!-- <bean id="samlAuthenticationProvider" class="org.springframework.security.saml.SAMLAuthenticationProvider"> -->
<bean id="samlAuthenticationProvider"
class="org.springframework.security.saml.SAMLAuthenticationProviderCust">
<!-- OPTIONAL property: can be used to store/load user data after login -->
<!-- <property name="userDetails" ref="bean" /> -->
<property name="userDetails" ref="samlUserDetailsServiceImpl" />
<property name="forcePrincipalAsString" value="false" />
<property name="excludeCredential" value="false" />
</bean>
</beans>