一尘不染

Tomcat上的Spring Security SAML元数据URL

tomcat

我正在开发基于Java的Web应用程序,并在Tomcat服务器上使用Spring Security
SAML实现SSO。该应用程序将扮演服务提供商角色(SP)。检索此SP的元数据的默认Spring URL为:

https://www.server.com:8080/context/saml/metadata

这工作得很好,可以按预期返回元数据XML文件。但是,将 DefaultServlet Servlet映射添加到web.xml
时遇到问题。甚至只是一些基本的东西:

<servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>*.gif</url-pattern>
</servlet-mapping>

如果web.xml中存在一个或多个默认servlet映射,则上述URL返回404。有人知道是什么原因引起的,并且有可能的解决方法?

更新 :我已经从上面将确切的servlet映射放入了Spring Security
SAML示例应用程序中,并且它还阻止了元数据URL的工作。如果我将其注释掉或将其删除,它将按预期工作。以下是该web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" 
xmlns="http://java.sun.com/xml/ns/j2ee" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

<display-name>Spring Security SAML</display-name>
<description>Sample application demonstrating Spring security SAML integration.</description>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/securityContext.xml
    </param-value>
</context-param>

<servlet>
    <servlet-name>saml</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>saml</servlet-name>
    <url-pattern>/saml/web/*</url-pattern>
</servlet-mapping>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<!-- This servlet mapping prevents the /saml/metadata URL from working. -->
 <servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>*.gif</url-pattern>
</servlet-mapping>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
</welcome-file-list>

<error-page>
    <exception-type>java.lang.Exception</exception-type>
    <location>/error.jsp</location>
</error-page>


</web-app>

阅读 278

收藏
2020-06-16

共1个答案

一尘不染

我尝试Spring SAML 1.0.0.RELEASE通过执行以下步骤来重现您的问题:

  • 下载的Spring SAML源
  • 换成sample/src/main/webapp/WEB-INF/web.xml你的web.xml
  • 使用启动了示例应用程序 gradlew build tomcatRun

但我无法重现您的问题,一切都会按预期进行。该问题可能特定于某些Tomcat版本,请尝试按照我的步骤重现该问题,并最终尝试更改您的Tomcat版本。

更新:

正如您提到的,当直接部署到Tomcat时,我能够复制它。该defaultservlet的似乎跳过在定义的过滤器执行/*。以下配置将为您工作:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
         xmlns="http://java.sun.com/xml/ns/j2ee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

    <display-name>Spring Security SAML</display-name>
    <description>Sample application demonstrating Spring security SAML integration.</description>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/securityContext.xml
        </param-value>
    </context-param>

    <servlet>
        <servlet-name>saml</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>saml</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>jsp</servlet-name>
        <url-pattern>/WEB-INF/*</url-pattern>
    </servlet-mapping>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>/images/*</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>/css/*</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>*.gif</url-pattern>
    </servlet-mapping>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>

    <error-page>
        <exception-type>java.lang.Exception</exception-type>
        <location>/error.jsp</location>
    </error-page>


</web-app>

确保更改文件org.springframework.security.saml.web.MetadataController并替换@RequestMapping("/metadata")@RequestMapping("/saml/web/metadata")

2020-06-16