Wildfly上的Spring Security:执行过滤器链时出错 [英] Spring Security on Wildfly: error while executing the filter chain
问题描述
我正在尝试集成 Spring Security SAML扩展 和 Spring Boot .
I'm trying to integrate Spring Security SAML Extension with Spring Boot.
关于此事,我确实开发了完整的示例应用程序.其源代码可在GitHub上获得:
About the matter, I did develop a complete sample application. Its source code is available on GitHub:
通过将其作为Spring Boot应用程序运行(针对SDK内置的Application Server运行),WebApp可以正常工作.
By running it as Spring Boot application (running against the SDK built-in Application Server), the WebApp works fine.
不幸的是,相同的AuthN进程在 Undertow/WildFly 上根本不起作用.
Unfortunately, the same AuthN process doesn't work at all on Undertow/WildFly.
根据日志,IdP实际上执行 AuthN 过程:正确执行了我的自定义UserDetails实现的指令.尽管有执行流程,Spring仍未设置并保留当前用户的特权.
According to the logs, the IdP actually performs the AuthN process: the instructions of my custom UserDetails implementation are correctly executed. Despite the execution flow, Spring doesn't set up and persist the privileges for the current user.
@Component
public class SAMLUserDetailsServiceImpl implements SAMLUserDetailsService {
// Logger
private static final Logger LOG = LoggerFactory.getLogger(SAMLUserDetailsServiceImpl.class);
@Override
public Object loadUserBySAML(SAMLCredential credential)
throws UsernameNotFoundException, SSOUserAccountNotExistsException {
String userID = credential.getNameID().getValue();
if (userID.compareTo("jdoe@samplemail.com") != 0) { // We're simulating the data access.
LOG.warn("SSO User Account not found into the system");
throw new SSOUserAccountNotExistsException("SSO User Account not found into the system", userID);
}
LOG.info(userID + " is logged in");
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
GrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
authorities.add(authority);
ExtUser userDetails = new ExtUser(userID, "password", true, true, true,
true, authorities, "John", "Doe");
return userDetails;
}
}
在调试时,我发现问题取决于FilterChainProxy类.在运行时,ServletRequest的属性FILTER_APPLIED具有 null 值,因此Spring清除了SecurityContextHolder.
While debugging, I found out the problem relies on the FilterChainProxy class. At runtime, the attribute FILTER_APPLIED of ServletRequest has a null value, thus Spring clears the SecurityContextHolder.
private final static String FILTER_APPLIED = FilterChainProxy.class.getName().concat(".APPLIED");
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
boolean clearContext = request.getAttribute(FILTER_APPLIED) == null;
if (clearContext) {
try {
request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
doFilterInternal(request, response, chain);
} finally {
SecurityContextHolder.clearContext();
request.removeAttribute(FILTER_APPLIED);
}
} else {
doFilterInternal(request, response, chain);
}
}
在 VMware vFabric tc Sever 和 Tomcat 上,一切正常.您有解决此问题的想法吗?
On VMware vFabric tc Sever and Tomcat, everything works totally fine. Do you have any idea about solving this issue?
推荐答案
研究此问题,我发现auth请求中的cookie和引用存在一些混乱.
Investigating the problem I have noticed that there is some mess with cookies and referers in the auth request.
如果您将Web应用程序上下文更改为根上下文",则当前的wildfly身份验证将起作用:
Currently wildfly authentication will work if you change webapplication context to the Root Context:
<server name="default-server" default-host="webapp">
<http-listener name="default" socket-binding="http"/>
<host name="default-host" alias="localhost" default-web-module="sso.war"/>
</server>
重新启动wildfly并清除cookie后,所有功能都应按预期工作
After restarting wildfly and clearing cookies all should work as expected
这篇关于Wildfly上的Spring Security:执行过滤器链时出错的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
