Tomcat 上的 Spring Security SAML 元数据 URL [英] Spring Security SAML Metadata URL on Tomcat

问题描述

我正在开发基于 Java 的 Web 应用程序，在 Tomcat 服务器上使用 Spring Security SAML 实现 SSO.此应用程序将扮演服务提供者角色 (SP).检索此 SP 元数据的默认 Spring URL 是:

I'm working on an java-based web application, implementing SSO using Spring Security SAML on a Tomcat server. This application would play the service provider role (SP). The default Spring URL to retrieve this SP's metadata is:

https://www.server.com:8080/context/saml/metadata

这很好用，按预期返回元数据 XML 文件.但是，当我将 DefaultServlet servlet-mappings 添加到 web.xml 时，我遇到了问题.甚至只是一些基本的东西:

This works just fine, returning the metadata XML file as expected. However, I run into a problem when I add a DefaultServlet servlet-mappings to the web.xml. Even just something as basic as:

<servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>*.gif</url-pattern>
</servlet-mapping>

如果 web.xml 中存在一个或多个默认 servlet 映射，则上述 URL 返回 404.有人知道是什么原因导致这种情况并有可能的解决方案吗?

If one or more default servlet mapping exists in the web.xml, the above URL returns a 404. Anyone know What could cause this and have a possible solution?

更新:我已经在 Spring Security SAML 示例应用程序中放置了上面的确切 servlet 映射，它也阻止了元数据 URL 的工作.如果我将其注释掉或删除它，它会按预期工作.下面是 web.xml:

Update: I've put the exact servlet mapping from above in the Spring Security SAML sample application and it also prevents the metadata URL from working. If I comment it out or remove it, it works as expected. Below is that web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" 
xmlns="http://java.sun.com/xml/ns/j2ee" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

<display-name>Spring Security SAML</display-name>
<description>Sample application demonstrating Spring security SAML integration.</description>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/securityContext.xml
    </param-value>
</context-param>

<servlet>
    <servlet-name>saml</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>saml</servlet-name>
    <url-pattern>/saml/web/*</url-pattern>
</servlet-mapping>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<!-- This servlet mapping prevents the /saml/metadata URL from working. -->
 <servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>*.gif</url-pattern>
</servlet-mapping>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
</welcome-file-list>

<error-page>
    <exception-type>java.lang.Exception</exception-type>
    <location>/error.jsp</location>
</error-page>


</web-app>

推荐答案

我已尝试按照以下步骤使用 Spring SAML 1.0.0.RELEASE 重现您的问题:

I've tried to reproduce your problem with Spring SAML 1.0.0.RELEASE by following these steps:

• 已下载 Spring SAML 源
• 将 sample/src/main/webapp/WEB-INF/web.xml 替换为您的 web.xml
• 使用 gradlew build tomcatRun
启动示例应用程序

• downloaded Spring SAML sources
• replaced sample/src/main/webapp/WEB-INF/web.xml with your web.xml
• started the sample application using gradlew build tomcatRun

但我无法重现您的问题，一切照常进行.该问题可能是某些 Tomcat 版本所特有的，请尝试按照我的步骤重现该问题，并最终尝试更改您的 Tomcat 版本.

But I'm unable to reproduce your issue, everything continues working as it should. The problem is probably specific to some Tomcat version, please try to reproduce it with my steps and eventually try changing your Tomcat version.

更新:

正如您提到的那样，在直接部署到 Tomcat 时，我能够复制它.default servlet 似乎跳过了 /* 中定义的过滤器的执行.以下配置应该适合您:

I was able to get it reproduced when deploying directly to Tomcat as you mention. The default servlet seems to skip execution of filters defined at /*. The following configuration should work for you:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
         xmlns="http://java.sun.com/xml/ns/j2ee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

    <display-name>Spring Security SAML</display-name>
    <description>Sample application demonstrating Spring security SAML integration.</description>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/securityContext.xml
        </param-value>
    </context-param>

    <servlet>
        <servlet-name>saml</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>saml</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>jsp</servlet-name>
        <url-pattern>/WEB-INF/*</url-pattern>
    </servlet-mapping>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>/images/*</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>/css/*</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>*.gif</url-pattern>
    </servlet-mapping>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>

    <error-page>
        <exception-type>java.lang.Exception</exception-type>
        <location>/error.jsp</location>
    </error-page>


</web-app>

确保更改文件 org.springframework.security.saml.web.MetadataController 并将 @RequestMapping("/metadata") 替换为 @RequestMapping("/saml/web/metadata")

Make sure to change file org.springframework.security.saml.web.MetadataController and replace @RequestMapping("/metadata") with @RequestMapping("/saml/web/metadata")

这篇关于Tomcat 上的 Spring Security SAML 元数据 URL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！