我正在尝试将SAML身份验证过程集成到基于JSF的应用程序中。基本上,我会关注这个出色的示例项目(https://github.com/vdenotaris/spring-boot-security-saml-sample)。
为了使Spring SAML适应JSF,我以以下方式对web.xml文件进行了一些更改:
<listener>
<listener-class>org.apache.webbeans.servlet.WebBeansConfigurationListener</listener-class>
</listener>
[ ... ]
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
[ ... ]
<listener>
<listener-class>com.sun.faces.config.ConfigureListener</listener-class>
</listener>
<!-- Enable Spring Filter: Spring Security works on the concept of Filters -->
<!-- Declare the Spring filter -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<!-- Defines urls pattern on which the filter is applied -->
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<!-- mandatory to allow the managed bean to forward the request to the filter-->
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
我可以成功登录我的IDP,因为我还看到在日志中创建了一个用户,角色为ROLE_USER,如下所示:
SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@45988295: Authentication: org.springframework.security.providers.ExpiringUsernameAuthenticationToken@45988295: Principal: org.springframework.security.core.userdetails.User@475365ab: Username: id_7d4e53c6262ae1c8b824dbc1c1e573d2e9e8d159; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.core.userdetails.User@475365ab: Username: id_7d4e53c6262ae1c8b824dbc1c1e573d2e9e8d159; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Granted Authorities: ROLE_USER' stored to HttpSession: 'org.apache.catalina.session.StandardSessionFacade@6db3bdf2
但是当重定向到登录页面的时刻到来时,我在日志中看到了类似的东西:
SecurityContextHolder now cleared, as request processing completed
我还注意到了日志中的这一行(也许这暗示我对Spring Security做错了吗?)
Requested session IDRequested session ID ED1A0CF82BDFF1EB103ECC9DCF82BED3 is invalid
最后,当我要重定向到成功页面时,我可以清楚地看到SecurityContextHolder已被清除,因此基本上,当它到达目标页面时, SecurityContext中不再存储经过身份验证的用户,这是因为我带着HTTP Status 403 – Forbidden到达目标页面。
以下是显示情况的日志的简要摘要:
[ ... Processing the endpoint "/saml/login" ... ]
2020-08-26 09:42:29,625 [http-nio-8091-exec-9] DEBUG org.springframework.security.web.FilterChainProxy - /saml/login?idp=https%3A//idptest.spid.gov.it at position 3 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2020-08-26 09:42:29,626 [http-nio-8091-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2020-08-26 09:42:29,626 [http-nio-8091-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@534fe335. A new one will be created.
[ ... ]
2020-08-26 09:42:29,770 [http-nio-8091-exec-9] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
[ ... Processing the endpoint "/saml/SSO" ... ]
2020-08-26 09:42:36,124 [http-nio-8091-exec-3] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
2020-08-26 09:42:36,124 [http-nio-8091-exec-3] DEBUG org.springframework.security.web.FilterChainProxy - /saml/SSO at position 4 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
[ ... ]
2020-08-26 09:42:36,124 [http-nio-8091-exec-3] DEBUG org.springframework.security.web.FilterChainProxy - /saml/SSO at position 1 of 1 in additional filter chain; firing Filter: 'SAMLProcessingFilter'
2020-08-26 09:42:36,124 [http-nio-8091-exec-3] DEBUG org.springframework.security.saml.SAMLProcessingFilter - Request is to process authentication
2020-08-26 09:42:36,223 [http-nio-8091-exec-3] DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using it.ifin.rasdm.web.config.CustomSAMLAuthenticationProvider
2020-08-26 09:42:36,475 [http-nio-8091-exec-3] DEBUG org.springframework.security.saml.SAMLProcessingFilter - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.providers.ExpiringUsernameAuthenticationToken@25c6bb32: Principal: org.springframework.security.core.userdetails.User@e71c8265: Username: id_e0bbf9e5b7abe0f472324cdb06e7ffb6dd52233f; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.core.userdetails.User@e71c8265: Username: id_e0bbf9e5b7abe0f472324cdb06e7ffb6dd52233f; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Granted Authorities: ROLE_USER
2020-08-26 09:42:36,475 [http-nio-8091-exec-3] DEBUG org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler - Using default Url: /dashboard.xhtml
2020-08-26 09:42:36,475 [http-nio-8091-exec-3] DEBUG org.springframework.security.web.DefaultRedirectStrategy - Redirecting to '/DM-WEB/dashboard.xhtml'
2020-08-26 09:42:36,475 [http-nio-8091-exec-3] DEBUG org.springframework.security.web.header.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@6c11f040
2020-08-26 09:42:36,475 [http-nio-8091-exec-3] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession being created as SecurityContext is non-default
2020-08-26 09:42:36,475 [http-nio-8091-exec-3] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@25c6bb32: Authentication: org.springframework.security.providers.ExpiringUsernameAuthenticationToken@25c6bb32: Principal: org.springframework.security.core.userdetails.User@e71c8265: Username: id_e0bbf9e5b7abe0f472324cdb06e7ffb6dd52233f; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.core.userdetails.User@e71c8265: Username: id_e0bbf9e5b7abe0f472324cdb06e7ffb6dd52233f; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Granted Authorities: ROLE_USER' stored to HttpSession: 'org.apache.catalina.session.StandardSessionFacade@78325633
2020-08-26 09:42:36,475 [http-nio-8091-exec-3] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2020-08-26 09:42:36,480 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /dashboard.xhtml at position 1 of 12 in additional filter chain; firing Filter: 'MetadataGeneratorFilter'
2020-08-26 09:42:36,480 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /dashboard.xhtml at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2020-08-26 09:42:36,480 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /dashboard.xhtml at position 3 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2020-08-26 09:42:36,480 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No HttpSession currently exists
2020-08-26 09:42:36,480 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
2020-08-26 09:42:36,480 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /dashboard.xhtml at position 4 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2020-08-26 09:42:36,480 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /dashboard.xhtml at position 5 of 12 in additional filter chain; firing Filter: 'FilterChainProxy'
[ ... Here I am being redirected to the "dashboard.xhtml" page after successful login ...]
2020-08-26 09:42:36,480 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /dashboard.xhtml has no matching filters
2020-08-26 09:42:36,480 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /dashboard.xhtml at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2020-08-26 09:42:36,480 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - saved request doesn't match
2020-08-26 09:42:36,480 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /dashboard.xhtml at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2020-08-26 09:42:36,480 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /dashboard.xhtml at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2020-08-26 09:42:36,480 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@4b018743: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2020-08-26 09:42:36,480 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /dashboard.xhtml at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2020-08-26 09:42:36,480 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.session.SessionManagementFilter - Requested session ID 71C954116A9C4A6B942532E25469295B is invalid.
2020-08-26 09:42:36,481 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /dashboard.xhtml at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2020-08-26 09:42:36,481 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.FilterChainProxy - /dashboard.xhtml at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2020-08-26 09:42:36,481 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/dashboard.xhtml'; against '/javax.faces.resource/**'
2020-08-26 09:42:36,481 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/dashboard.xhtml'; against '/'
2020-08-26 09:42:36,481 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/dashboard.xhtml'; against '/saml/**'
2020-08-26 09:42:36,481 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/dashboard.xhtml'; against '/css/**'
2020-08-26 09:42:36,481 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/dashboard.xhtml'; against '/img/**'
2020-08-26 09:42:36,481 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/dashboard.xhtml'; against '/js/**'
2020-08-26 09:42:36,481 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/dashboard.xhtml'; against '/login.xhtml'
2020-08-26 09:42:36,481 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /dashboard.xhtml; Attributes: [authenticated]
2020-08-26 09:42:36,481 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@4b018743: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2020-08-26 09:42:36,481 [http-nio-8091-exec-8] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@32cb62eb, returned: -1
2020-08-26 09:42:36,481 [http-nio-8091-exec-8] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:158) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:209) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:209) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.8.RELEASE.jar:5.2.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.8.RELEASE.jar:5.2.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87) [spring-security-saml2-core-1.0.10.RELEASE.jar:1.0.10.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) [spring-web-5.2.8.RELEASE.jar:5.2.8.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) [spring-web-5.2.8.RELEASE.jar:5.2.8.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:9.0.24]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:9.0.24]
at it.ifin.common.utils.web.servlet.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:70) [utils-0.6.9.1.jar:0.6.9.1]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:9.0.24]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:9.0.24]
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126) [catalina.jar:9.0.24]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:9.0.24]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:9.0.24]
at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) [log4j-web-2.12.1.jar:2.12.1]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:9.0.24]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:9.0.24]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) [catalina.jar:9.0.24]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [catalina.jar:9.0.24]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:526) [catalina.jar:9.0.24]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [catalina.jar:9.0.24]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [catalina.jar:9.0.24]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) [catalina.jar:9.0.24]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [catalina.jar:9.0.24]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [catalina.jar:9.0.24]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) [tomcat-coyote.jar:9.0.24]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-coyote.jar:9.0.24]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860) [tomcat-coyote.jar:9.0.24]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587) [tomcat-coyote.jar:9.0.24]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-coyote.jar:9.0.24]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:9.0.24]
at java.lang.Thread.run(Thread.java:834) [?:?]
我当前的问题似乎与此(Spring Saml FilterChainProxy clearing context - null Authentication)类似,但是我已经尝试了其解决方案,但没有成功。
有任何提示(我也没有使用Spring Boot)吗?
答案 0 :(得分:0)
结果证明在使用Spring Boot和嵌入式Tomcat时它可以正常工作,但是当我想删除Spring Boot并使用外部Tomcat时,由于外部Tomcat的context.xml中的cookie设置,这让我头疼。文件。
设置错误
最初,我在前面提到的文件中为sameSite Cookies配置设置了此设置:
<CookieProcessor sameSiteCookies="Strict"/>
通过这种方式,我能够通过Spring SAML登录,但是在到达Web应用程序中的relayState时,它无法在Authentication中找到SecurityContextHolder对象。 / p>
正确的设置
我通过以下方式设置了sameSiteCookies:
<CookieProcessor sameSiteCookies="Lax"/>
现在我可以在没有Spring Boot的情况下使用Spring SAML正确登录和注销了。