Spring Saml 不适用于最新的 Spring Security 4.0.0.RELEASE

kay*_*ubi 3 spring-security spring-saml

我将 Spring Security 从 3.2.5.RELEASE 升级到 4.0.0.RELEASE

我收到以下错误

javax.servlet.ServletException: Filter execution threw an exception
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:255)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.granite.messaging.webapp.AMFMessageFilter.doFilter(AMFMessageFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:613)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659)
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:744)
Caused by: java.lang.NoSuchMethodError: org.springframework.security.saml.SAMLProcessingFilter.getFilterProcessesUrl()Ljava/lang/String;
at org.springframework.security.saml.metadata.MetadataGenerator.getSAMLWebSSOProcessingFilterPath(MetadataGenerator.java:533)
at org.springframework.security.saml.metadata.MetadataGenerator.buildSPSSODescriptor(MetadataGenerator.java:288)
at org.springframework.security.saml.metadata.MetadataGenerator.generateMetadata(MetadataGenerator.java:189)
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.processMetadataInitialization(MetadataGeneratorFilter.java:127)
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:86)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
... 21 more
Run Code Online (Sandbox Code Playgroud)

当我查看SAMLProcessingFilter它的源代码时,它调用了getFilterProcessesUrl()过去在其父类中定义的方法AbstractAuthenticationProcessingFilter(不推荐使用),现在它已被删除!

有没有办法解决这个问题,或者我必须等待 spring SAML 升级才能使用 spring-security-4.0.0.RELEASE

Rob*_*nch 5

您说得对,似乎 Spring Security SAML 与 Spring Security 4 不兼容。我记录了SES-161以解决它。

更新:正如评论中所指出的。该修复程序现已发布。更新到 Spring Security SAML 1.0.1.RELEASE 应该允许您使用 Spring Security 4。例如,如果您使用 Maven,请确保您的 pom 中有以下内容:

<dependency>
  <groupId>org.springframework.security.extensions</groupId>
  <artifactId>spring-security-saml2-core</artifactId>
  <version>1.0.1.RELEASE</version>
</dependency>
Run Code Online (Sandbox Code Playgroud)

更新(请参阅上面的更新):我已将修复程序推送到 master。我正在尝试与项目负责人取得联系,看看他是否可以进行发布。目前最好的解决方法是下载项目并自己构建它或使用 1.0.1.BUILD-SNAPSHOT 构建(即spring-security-saml2-core

  • 支持 Spring Security 4 的 Spring SAML 版本 1.0.1 现在可在 http://projects.spring.io/spring-security-saml/ 获得 (2认同)