首页 文章

Wildfly上的Spring Security:执行过滤器链时出错

提问于
浏览
190

我正在尝试将 Spring Security SAML ExtensionSpring Boot 集成 .

关于此事,我确实开发了一个完整的示例应用程序 . 它的源代码可以在GitHub上找到:

  • spring-boot-saml-integration on GitHub

通过将其作为Spring Boot应用程序运行(针对SDK内置的Application Server运行),WebApp可以正常工作 .

不幸的是,相同的AuthN过程在 Undertow/WildFly 上根本不起作用 .

根据日志,IdP实际执行 AuthN 过程:我的自定义 UserDetails 实现的指令被正确执行 . 尽管有执行流程,但Spring并未设置并保留当前用户的权限 .

@Component
public class SAMLUserDetailsServiceImpl implements SAMLUserDetailsService {

    // Logger
    private static final Logger LOG = LoggerFactory.getLogger(SAMLUserDetailsServiceImpl.class);

    @Override
    public Object loadUserBySAML(SAMLCredential credential)
            throws UsernameNotFoundException, SSOUserAccountNotExistsException {
        String userID = credential.getNameID().getValue();
        if (userID.compareTo("jdoe@samplemail.com") != 0) {     // We're simulating the data access.
            LOG.warn("SSO User Account not found into the system");
            throw new SSOUserAccountNotExistsException("SSO User Account not found into the system", userID);
        }
        LOG.info(userID + " is logged in");
        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
        GrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
        authorities.add(authority);
        ExtUser userDetails = new ExtUser(userID, "password", true, true, true,
                true, authorities, "John", "Doe");
        return userDetails;
    }
}

在调试时,我发现问题依赖于 FilterChainProxy 类 . 在运行时, ServletRequest 的属性 FILTER_APPLIED 具有空值,因此Spring清除 SecurityContextHolder .

private final static String FILTER_APPLIED = FilterChainProxy.class.getName().concat(".APPLIED");

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {
    boolean clearContext = request.getAttribute(FILTER_APPLIED) == null;
    if (clearContext) {
        try {
            request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
            doFilterInternal(request, response, chain);
        } finally {
            SecurityContextHolder.clearContext();
            request.removeAttribute(FILTER_APPLIED);
        }
    } else {
        doFilterInternal(request, response, chain);
    }
}

VMware vFabric tc SeverTomcat ,一切都很好 . 你对解决这个问题有什么想法吗?

spring spring-security wildfly spring-saml undertow

1 回答

  • 7

    调查问题我注意到在auth请求中有一些关于cookie和引用的混乱 .

    目前,如果将Web应用程序上下文更改为根上下文,则wildfly身份验证将起作用:

    <server name="default-server" default-host="webapp">
     <http-listener name="default" socket-binding="http"/>
     <host name="default-host" alias="localhost" default-web-module="sso.war"/>
 </server>

    重新启动wildfly并清除cookie后,所有应该按预期工作

    回复于

相关问题