我已经使用kristophjunge / test-saml-idp docker(https://hub.docker.com/r/kristophjunge/test-saml-idp/)为现有代码实现了saml2.0 Security和spring security。 Bean初始化面临问题。我们已经解决了版本错误和其他错误。但是卡在bean初始化中。请提出建议。
pom.xml
<properties>
<!-- <spring.social>1.1.0.M4</spring.social> -->
<spring.version>4.0.0.M3</spring.version>
<spring-security.version>4.0.0.RELEASE</spring-security.version>
<aspectj.version>1.7.2</aspectj.version>
<apache-tiles.version>2.1.4</apache-tiles.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.6</maven.compiler.source>
<maven.compiler.target>1.6</maven.compiler.target>
</properties>
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
//@Order(1000)
public class SecurityConfig {
@Configuration
@Order(1)
public static class NoSecurityWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.antMatchers("/dashboard").permitAll()
.antMatchers("/**").permitAll();
}
}
@Configuration
public static class SamlWebSecurityConfig extends WebSecurityConfigurerAdapter {
private String keystoreLocation = "classpath:/saml/samlKeystore01.jks";
private String keystorePassword = "secret";
private String keystoreDefaultKey = "sp";
private String keystoreDefaultKeyPassword = "secret";
private String spEntityId = "http://localhost";
private String spEntityBaseURL = "http://localhost:8090";
private String idpMetadataUrl = "http://localhost:8080/simplesaml/saml2/idp/metadata.php";
private String logoutSuccessRedirectUrl = "http://localhost:8090/welcome";
private String loginSuccessRedirectUrl = "http://localhost:8090/welcome";
private static final int RESPONSE_SKEW = 14460;
private SAMLUserDetailsServiceImpl samlUserDetailsServiceImpl;
@Override
protected void configure(HttpSecurity http) throws Exception {
System.out.println(1);
http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class);
http.addFilterAfter(samlFilter(), BasicAuthenticationFilter.class);
http.csrf().disable();
http.exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
http.authorizeRequests().antMatchers("/**").hasAuthority(Authorizations.USER_AUTHORITY);
}
@Bean
@Order(1)
public MetadataGeneratorFilter metadataGeneratorFilter() throws MetadataProviderException {
System.out.println(2);
return new MetadataGeneratorFilter(metadataGenerator());
}
@Bean
public MetadataGenerator metadataGenerator() {
System.out.println(3);
MetadataGenerator metadataGenerator = new MetadataGenerator();
metadataGenerator.setEntityId(spEntityId);
metadataGenerator.setEntityBaseURL(spEntityBaseURL);
metadataGenerator.setRequestSigned(true);
return metadataGenerator;
}
private FilterChainProxy samlFilter() throws Exception {
System.out.println(4);
List<SecurityFilterChain> chains = new ArrayList<>();
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"), samlEntryPoint()));
//chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/forms/saml/login/**"), samlEntryPoint()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"), samlLogoutFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"), metadataDisplayFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"), samlWebSSOProcessingFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"), samlWebSSOHoKProcessingFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"), samlLogoutProcessingFilter()));
return new FilterChainProxy(chains);
}
@Bean
public SAMLEntryPoint samlEntryPoint() {
System.out.println(5);
SAMLEntryPoint samlEntryPoint = new SAMLEntryPoint();
WebSSOProfileOptions webSSOProfileOptions = new WebSSOProfileOptions();
webSSOProfileOptions.setIncludeScoping(false);
samlEntryPoint.setDefaultProfileOptions(webSSOProfileOptions);
return samlEntryPoint;
}
@Bean
public SAMLLogoutFilter samlLogoutFilter() {
System.out.println(6);
LogoutHandler[] logoutHandlers = {logoutHandler()};
return new SAMLLogoutFilter(successLogoutHandler(), logoutHandlers, logoutHandlers);
}
private SimpleUrlLogoutSuccessHandler successLogoutHandler() {
System.out.println(7);
SimpleUrlLogoutSuccessHandler successLogoutHandler = new SimpleUrlLogoutSuccessHandler();
successLogoutHandler.setDefaultTargetUrl(logoutSuccessRedirectUrl);
return successLogoutHandler;
}
private SecurityContextLogoutHandler logoutHandler() {
System.out.println(8);
SecurityContextLogoutHandler logoutHandler = new SecurityContextLogoutHandler();
logoutHandler.setInvalidateHttpSession(false);
return logoutHandler;
}
@Bean
public MetadataDisplayFilter metadataDisplayFilter() {
System.out.println(9);
return new MetadataDisplayFilter();
}
@Bean
public SAMLProcessingFilter samlWebSSOProcessingFilter() throws Exception {
System.out.println(10);
SAMLProcessingFilter samlProcessingFilter = new SAMLProcessingFilter();
samlProcessingFilter.setAuthenticationManager(authenticationManagerBean());
samlProcessingFilter.setAuthenticationSuccessHandler(successRedirectHandler());
return samlProcessingFilter;
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
System.out.println(11);
return super.authenticationManagerBean();
}
private AuthenticationSuccessHandler successRedirectHandler() {
System.out.println(12);
SimpleUrlAuthenticationSuccessHandler successRedirectHandler = new SimpleUrlAuthenticationSuccessHandler();
successRedirectHandler.setDefaultTargetUrl(loginSuccessRedirectUrl);
return successRedirectHandler;
}
@Bean
public SAMLWebSSOHoKProcessingFilter samlWebSSOHoKProcessingFilter() throws Exception {
System.out.println(13);
SAMLWebSSOHoKProcessingFilter samlWebSSOHoKProcessingFilter = new SAMLWebSSOHoKProcessingFilter();
samlWebSSOHoKProcessingFilter.setAuthenticationManager(authenticationManagerBean());
samlWebSSOHoKProcessingFilter.setAuthenticationSuccessHandler(successRedirectHandler());
return samlWebSSOHoKProcessingFilter;
}
@Bean
public SAMLLogoutProcessingFilter samlLogoutProcessingFilter() {
System.out.println(14);
return new SAMLLogoutProcessingFilter(successLogoutHandler(), logoutHandler());
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
System.out.println(15);
auth.authenticationProvider(samlAuthenticationProvider());
}
@Bean
public SAMLAuthenticationProvider samlAuthenticationProvider() {
System.out.println(16);
SAMLAuthenticationProvider samlAuthenticationProvider = new SAMLAuthenticationProvider();
samlAuthenticationProvider.setUserDetails(samlUserDetailsServiceImpl);
samlAuthenticationProvider.setForcePrincipalAsString(false);
return samlAuthenticationProvider;
}
@Bean
public SAMLLogger samlLogger() {
System.out.println(17);
SAMLDefaultLogger samlDefaultLogger = new SAMLDefaultLogger();
samlDefaultLogger.setLogMessages(true);
samlDefaultLogger.setLogErrors(true);
return samlDefaultLogger;
}
@Bean
public KeyManager keyManager() {
System.out.println(18);
DefaultResourceLoader loader = new DefaultResourceLoader();
Resource keystoreResource = loader.getResource(keystoreLocation);
Map<String, String> passwords = new HashMap<>();
passwords.put(keystoreDefaultKey, keystoreDefaultKeyPassword);
return new JKSKeyManager(keystoreResource, keystorePassword, passwords, keystoreDefaultKey);
}
@Bean
@Qualifier("metadata")
@DependsOn("socketFactoryInitialization")
public MetadataManager metadata() throws MetadataProviderException, ResourceException {
System.out.println(19);
List<MetadataProvider> metadataProviders = new ArrayList<>();
metadataProviders.add(metadataProvider());
return new CachingMetadataManager(metadataProviders);
}
private MetadataProvider metadataProvider() throws MetadataProviderException, ResourceException {
System.out.println(20+"---"+idpMetadataUrl);
if (idpMetadataUrl == null || idpMetadataUrl.isEmpty()) {
System.out.println(21);
throw new MetadataProviderException("configuration property 'saml.idpMetadataUrl' has no value");
}
AbstractMetadataProvider metadataProvider;
if (idpMetadataUrl.startsWith("http:")) {
System.out.println(44);
// e.g. http://localhost:8081/simplesaml/saml2/idp/metadata.php
metadataProvider = new HTTPMetadataProvider(new Timer(true), httpClient(), idpMetadataUrl);
} else {
System.out.println(22);
// e.g. classpath:/folder/metadata.xml or file:/folder/metadata.xml
metadataProvider = new ResourceBackedMetadataProvider(new Timer(true), getMetadataResource(idpMetadataUrl));
}
metadataProvider.setParserPool(parserPool());
return metadataProvider;
}
private static org.opensaml.util.resource.Resource getMetadataResource(String url) throws ResourceException {
System.out.println(23);
if (url.startsWith("classpath:")) {
System.out.println(24);
String classpath = url.substring("classpath:".length());
return new ClasspathResource(classpath.startsWith("/") ? classpath : "/" + classpath);
} else if (url.startsWith("file:")) {
System.out.println(25);
String filepath = url.substring("file:".length());
return new FilesystemResource(filepath);
}
throw new ResourceException("configuration property 'saml.idpMetadataUrl' has invalid value: " + url);
}
@Bean
public org.apache.commons.httpclient.HttpClient httpClient() {
System.out.println(26);
return new HttpClient(new MultiThreadedHttpConnectionManager());
}
@Bean
public SAMLContextProviderImpl contextProvider() {
System.out.println(27);
SAMLContextProviderImpl samlContextProviderImpl = new SAMLContextProviderImpl();
samlContextProviderImpl.setStorageFactory(new EmptyStorageFactory());
return new SAMLContextProviderImpl();
}
@Bean
public SAMLProcessor processor() {
System.out.println(28);
List<SAMLBinding> bindings = new ArrayList<>();
bindings.add(new HTTPRedirectDeflateBinding(parserPool()));
bindings.add(new HTTPPostBinding(parserPool(), velocityEngine()));
bindings.add(new HTTPArtifactBinding(parserPool(), velocityEngine(), artifactResolutionProfile()));
bindings.add(soapBinding());
bindings.add(new HTTPPAOS11Binding(parserPool()));
return new SAMLProcessorImpl(bindings);
}
@Bean
public VelocityEngine velocityEngine() {
System.out.println(29);
return VelocityFactory.getEngine();
}
private ArtifactResolutionProfile artifactResolutionProfile() {
System.out.println(30);
ArtifactResolutionProfileImpl artifactResolutionProfile = new ArtifactResolutionProfileImpl(httpClient());
artifactResolutionProfile.setProcessor(new SAMLProcessorImpl(soapBinding()));
return artifactResolutionProfile;
}
@Bean
public HTTPSOAP11Binding soapBinding() {
System.out.println(31);
return new HTTPSOAP11Binding(parserPool());
}
@Bean
public WebSSOProfileConsumer webSSOprofileConsumer() {
System.out.println(32);
WebSSOProfileConsumerImpl webSSOprofileConsumer = new WebSSOProfileConsumerImpl();
webSSOprofileConsumer.setResponseSkew(RESPONSE_SKEW);
return webSSOprofileConsumer;
}
@Bean
public WebSSOProfileConsumerHoKImpl hokWebSSOprofileConsumer() {
System.out.println(33);
return new WebSSOProfileConsumerHoKImpl();
}
@Bean
public WebSSOProfileImpl webSSOprofile() {
System.out.println(34);
return new WebSSOProfileImpl();
}
@Bean
public WebSSOProfileConsumerHoKImpl hokWebSSOProfile() {
System.out.println(35);
return new WebSSOProfileConsumerHoKImpl();
}
@Bean
public WebSSOProfileECPImpl ecpprofile() {
System.out.println(36);
return new WebSSOProfileECPImpl();
}
@Bean
public SingleLogoutProfile logoutprofile() {
System.out.println(37);
SingleLogoutProfileImpl logoutProfile = new SingleLogoutProfileImpl();
logoutProfile.setResponseSkew(RESPONSE_SKEW);
return logoutProfile;
}
@Bean
public static SAMLBootstrap samlBootstrap() {
System.out.println(38);
return new SAMLBootstrap();
}
@Bean
public StaticBasicParserPool parserPool() {
System.out.println(39);
return new StaticBasicParserPool();
}
@Bean
public ParserPoolHolder parserPoolHolder() {
System.out.println(40);
return new ParserPoolHolder();
}
@Bean
public TLSProtocolConfigurer tlsProtocolConfigurer() {
System.out.println(41);
return new TLSProtocolConfigurer();
}
@Bean
public MethodInvokingFactoryBean socketFactoryInitialization() {
System.out.println(42);
MethodInvokingFactoryBean methodInvokingFactoryBean = new MethodInvokingFactoryBean();
methodInvokingFactoryBean.setTargetClass(Protocol.class);
methodInvokingFactoryBean.setTargetMethod("registerProtocol");
Object[] args = {
"https",
socketFactoryProtocol()
};
methodInvokingFactoryBean.setArguments(args);
return methodInvokingFactoryBean;
}
@Bean
public Protocol socketFactoryProtocol() {
System.out.println(43);
return new Protocol("https", socketFactory(), 443);
}
@Bean
public ProtocolSocketFactory socketFactory() {
System.out.println(44);
return new TLSProtocolSocketFactory(keyManager(), null, "default");
}
}
}
2019年3月13日下午2:48:28 org.apache.catalina.core.StandardContext listenerStart 严重:将上下文初始化事件发送到类org.springframework.web.context.ContextLoaderListener的侦听器实例的异常 org.springframework.beans.factory.BeanCreationException:创建名称为'metadataGenerator'的bean时出错:自动连接的依赖项注入失败;嵌套的异常是org.springframework.beans.factory.BeanCreationException:无法自动装配方法:public void org.springframework.security.saml.metadata.MetadataGenerator.setSamlWebSSOHoKFilter(org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter);嵌套的异常是org.springframework.beans.factory.BeanCreationException:创建在类路径资源[com / tennant / configuration / SecurityConfig $ SamlWebSecurityConfig.class]中定义的名称为'samlWebSSOHoKProcessingFilter'的bean时出错。嵌套的异常是org.springframework.beans.factory.BeanDefinitionStoreException:工厂方法[公共org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter com.tennant.configuration.SecurityConfig $ SamlWebSecurityConfig.samlWebSSOHoKProcessingFilter()引发java.lang.Exception]抛出异常;嵌套的异常为java.lang.IllegalArgumentException:委托构造器不能为null 在org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:292)上 在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1139) 在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537) 在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:475)处 在org.springframework.beans.factory.support.AbstractBeanFactory $ 1.getObject(AbstractBeanFactory.java:299) 在org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228) 在org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:295) 在org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:195) 在org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:665) 在org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:760) 在org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482) 在org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:389) 在org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:294) 在org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106) 在org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5099) 在org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5615) 在org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) 在org.apache.catalina.core.ContainerBase $ StartChild.call(ContainerBase.java:1571) 在org.apache.catalina.core.ContainerBase $ StartChild.call(ContainerBase.java:1561) 在java.util.concurrent.FutureTask.run(未知来源) 在java.util.concurrent.ThreadPoolExecutor.runWorker(未知来源) 在java.util.concurrent.ThreadPoolExecutor $ Worker.run(未知来源) 在java.lang.Thread.run(未知来源) 引起原因:org.springframework.beans.factory.BeanCreationException:无法自动装配方法:public void org.springframework.security.saml.metadata.MetadataGenerator.setSamlWebSSOHoKFilter(org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter);嵌套的异常是org.springframework.beans.factory.BeanCreationException:创建在类路径资源[com / tennant / configuration / SecurityConfig $ SamlWebSecurityConfig.class]中定义的名称为'samlWebSSOHoKProcessingFilter'的bean时出错。嵌套的异常是org.springframework.beans.factory.BeanDefinitionStoreException:工厂方法[公共org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter com.tennant.configuration.SecurityConfig $ SamlWebSecurityConfig.samlWebSSOHoKProcessingFilter()引发java.lang.Exception]抛出异常;嵌套的异常为java.lang.IllegalArgumentException:委托构造器不能为null 在org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor $ AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:593)处 在org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87) 在org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:289)处 ...另外22个 由以下原因引起:org.springframework.beans.factory.BeanCreationException:在类路径资源[com / tennant / configuration / SecurityConfig $ SamlWebSecurityConfig.class]中创建名称为“ samlWebSSOHoKProcessingFilter”的bean时出错。嵌套的异常是org.springframework.beans.factory.BeanDefinitionStoreException:工厂方法[公共org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter com.tennant.configuration.SecurityConfig $ SamlWebSecurityConfig.samlWebSSOHoKProcessingFilter()引发java.lang.Exception]抛出异常;嵌套的异常为java.lang.IllegalArgumentException:委托构造器不能为null 在org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:584) 在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1048)上 在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:943) 在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504) 在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:475)处 在org.springframework.beans.factory.support.AbstractBeanFactory $ 1.getObject(AbstractBeanFactory.java:299) 在org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228) 在org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:295) 在org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:195) 在org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:973)处 在org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:916) 在org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:820) 在org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor $ AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:549)处 ...另外24个 由以下原因引起:org.springframework.beans.factory.BeanDefinitionStoreException:工厂方法[public org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter com.tennant.configuration.SecurityConfig $ SamlWebSecurityConfig.samlWebSSOHoKProcessingFilter()引发java.lang.Exception]引发了异常;嵌套的异常为java.lang.IllegalArgumentException:委托构造器不能为null 在org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:188) 在org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:573)上 ...另外36个 造成原因:java.lang.IllegalArgumentException:委托构造器不能为null 在org.springframework.util.Assert.notNull(Assert.java:112) 在org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter $ AuthenticationManagerDelegator处(WebSecurityConfigurerAdapter.java:432) 在org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.authenticationManagerBean(WebSecurityConfigurerAdapter.java:220)处 在com.tennant.configuration.SecurityConfig $ SamlWebSecurityConfig.authenticationManagerBean(SecurityConfig.java:234)处 在com.tennant.configuration.SecurityConfig $ SamlWebSecurityConfig.samlWebSSOHoKProcessingFilter(SecurityConfig.java:248) 在sun.reflect.NativeMethodAccessorImpl.invoke0(本机方法)处 在sun.reflect.NativeMethodAccessorImpl.invoke(未知来源) 在sun.reflect.DelegatingMethodAccessorImpl.invoke(未知来源) 在java.lang.reflect.Method.invoke(未知来源) 在org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:166)