Question

我已经设置了Maven和应用程序上下文。该bean已设置为读取元数据信息

 <bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
    <constructor-arg>
      <list>
        <!-- IDP Metadata configuration - paths to metadata of IDPs in circle of trust is here -->
        <!-- Example of classpath metadata with Extended Metadata -->
        <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
          <constructor-arg>
            <bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
              <constructor-arg>
                <bean class="java.util.Timer" />
              </constructor-arg>
              <constructor-arg>
                <bean class="org.opensaml.util.resource.ClasspathResource">
                  <constructor-arg value="/metadata/idp.metadata.xml" />
                </bean>
              </constructor-arg>
              <property name="parserPool" ref="parserPool" />
            </bean>
          </constructor-arg>
          <constructor-arg>
            <bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
            </bean>
          </constructor-arg>
        </bean>

        <!-- SP Metadata -->
        <!-- static file metadata -->
        <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
          <constructor-arg>
            <bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
              <constructor-arg>
                <value type="java.io.File">classpath:/metadata/sp.metadata.xml</value>
              </constructor-arg>
              <property name="parserPool" ref="parserPool" />
            </bean>
          </constructor-arg>
          <constructor-arg>
            <bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
              <property name="local" value="true" />
              <property name="sslHostnameVerification" value="allowAll" />
            </bean>
          </constructor-arg>
        </bean>
      </list>
    </constructor-arg>

    <!-- my SP_metadata had this as the entity id -->
    <property name="hostedSPName" value="com.samsungsmartcloud.gov" />

    <!-- my idp metadata points to the sso circle idp -->
    <property name="defaultIDP" value="www.stage1.samsung.net" />
  </bean>

我收到以下错误，但访问被拒绝。有什么线索吗？我是否需要添加有关用户的信息？我需要设置正确的路径吗？任何线索都会有很大帮助。

Blockquote

org.springframework.security.access.AccessDeniedException: Access is denied

[2018-12-06 20:28:03,423] [DEBUG] Checking match of request : '/'; against '/saml/**'
[2018-12-06 20:28:03,424] [DEBUG] / at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[2018-12-06 20:28:03,425] [DEBUG] No HttpSession currently exists
[2018-12-06 20:28:03,425] [DEBUG] No SecurityContext was available from the HttpSession: null. A new one will be created.
[2018-12-06 20:28:03,428] [DEBUG] / at position 2 of 10 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
[2018-12-06 20:28:03,436] [DEBUG] / at position 3 of 10 in additional filter chain; firing Filter: 'HeaderWriterFilter'
[2018-12-06 20:28:03,439] [DEBUG] / at position 4 of 10 in additional filter chain; firing Filter: 'CsrfFilter'
[2018-12-06 20:28:03,440] [DEBUG] / at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[2018-12-06 20:28:03,440] [DEBUG] saved request doesn't match
[2018-12-06 20:28:03,440] [DEBUG] / at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[2018-12-06 20:28:03,442] [DEBUG] / at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[2018-12-06 20:28:03,444] [DEBUG] Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@b7901e2e: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'

SAML访问被拒绝的原因可能是什么？

0 个答案: