1. 技术文章
  2. Spring Saml not working with latest Spring Security 4.0.0.RELEASE

Spring Saml not working with latest Spring Security 4.0.0.RELEASE

和自甴很熟 提交于 2019-12-02 00:04:23

问题


I upgraded Spring Security from 3.2.5.RELEASE to 4.0.0.RELEASE

and I'm getting the following error 

javax.servlet.ServletException: Filter execution threw an exception
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:255)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.granite.messaging.webapp.AMFMessageFilter.doFilter(AMFMessageFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:613)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659)
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:744)
Caused by: java.lang.NoSuchMethodError: org.springframework.security.saml.SAMLProcessingFilter.getFilterProcessesUrl()Ljava/lang/String;
at org.springframework.security.saml.metadata.MetadataGenerator.getSAMLWebSSOProcessingFilterPath(MetadataGenerator.java:533)
at org.springframework.security.saml.metadata.MetadataGenerator.buildSPSSODescriptor(MetadataGenerator.java:288)
at org.springframework.security.saml.metadata.MetadataGenerator.generateMetadata(MetadataGenerator.java:189)
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.processMetadataInitialization(MetadataGeneratorFilter.java:127)
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:86)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
... 21 more

when I look at the source code of SAMLProcessingFilter it calls the method getFilterProcessesUrl() which used to be defined in its parent class AbstractAuthenticationProcessingFilter (deprecated) and now it has been removed!

is there a way around this, or I have to wait for spring SAML to upgrade to work with spring-security-4.0.0.RELEASE


回答1:


You are right it appears that Spring Security SAML is not compatible with Spring Security 4. I logged SES-161 to have it addressed.

UPDATE: As pointed out in the comments. The fix is now released. Updating to Spring Security SAML 1.0.1.RELEASE should allow you to work with Spring Security 4. For example, if you use Maven ensure you have the following in your pom:

<dependency>
  <groupId>org.springframework.security.extensions</groupId>
  <artifactId>spring-security-saml2-core</artifactId>
  <version>1.0.1.RELEASE</version>
</dependency>

UPDATE (see newer update above): I have pushed a fix into master. I'm trying to get in contact with the project lead to see if he is alright doing a release. For now the best workaround are to download the project and build it yourself or use the 1.0.1.BUILD-SNAPSHOT builds (i.e. spring-security-saml2-core)




回答2:


<!-- Apache SAML -->
    <dependency>
      <groupId>org.springframework.security.extensions</groupId>
      <artifactId>spring-security-saml2-core</artifactId>
      <version>1.0.1.RELEASE</version>
      <scope>compile</scope>
    </dependency>


来源:https://stackoverflow.com/questions/29688479/spring-saml-not-working-with-latest-spring-security-4-0-0-release

标签
spring-security
spring-saml
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!