[SPRING] HttpSession이 SPRING_SECURITY_CONTEXT에 대해 null 개체를 반환했습니다.
SPRINGHttpSession이 SPRING_SECURITY_CONTEXT에 대해 null 개체를 반환했습니다.
Shibboleth를 IDP로 사용하여 샘플 웹 애플리케이션에 Spring Saml 라이브러리를 통합하려고합니다. 로그인 페이지를로드하고 로그인하고 인덱스 페이지를 표시 할 수 있습니다.
문제는 다른 링크를 클릭하면 웹 페이지가 로그인 페이지로 리디렉션되고 IDP가 나를 인식하고 요청한 페이지로 리디렉션된다는 것입니다 (네트워크가 빠르면이를보기가 매우 어렵습니다). 그것은 스프링 보안을 위해 로그인하지 않은 것과 같습니다.
로그를 확인한 결과,
이것은 web.xml입니다.
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/root-context.xml
/WEB-INF/spring/security/securityContext.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Custom error pages -->
<error-page>
<error-code>400</error-code>
<location>/errors/missing-en.html</location>
</error-page>
<error-page>
<error-code>401</error-code>
<location>/errors/restricted-en.html</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/errors/restricted-en.html</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/errors/missing-en.html</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/errors/missing-en.html</location>
</error-page>
<error-page>
<error-code>503</error-code>
<location>/errors/missing-en.html</location>
</error-page>
및 securityContext
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<!-- Enable autowiring -->
<context:annotation-config />
<context:component-scan base-package="org.springframework.security.saml" />
<security:http pattern="/logout.jsp" security="none" />
<security:http pattern="/login.jsp" security="none" />
<security:http pattern="/index.html" security="none" />
<security:http entry-point-ref="samlEntryPoint">
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
<security:custom-filter before="FIRST" ref="metadataGeneratorFilter" />
<security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter" />
</security:http>
<bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain pattern="/saml/login/**" filters="samlEntryPoint" />
<security:filter-chain pattern="/saml/logout/**" filters="samlLogoutFilter" />
<security:filter-chain pattern="/saml/SSO/**" filters="samlWebSSOProcessingFilter" />
<security:filter-chain pattern="/saml/SSOHoK/**" filters="samlWebSSOHoKProcessingFilter" />
<security:filter-chain pattern="/saml/SingleLogout/**" filters="samlLogoutProcessingFilter" />
</security:filter-chain-map>
</bean>
<!-- Handler deciding where to redirect user after successful login -->
<bean id="successRedirectHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/" />
</bean>
<!-- Use the following for interpreting RelayState coming from unsolicited response as redirect URL: <bean id="successRedirectHandler" class="org.springframework.security.saml.SAMLRelayStateSuccessHandler">
<property name="defaultTargetUrl" value="/" /> </bean> -->
<!-- Handler for successful logout -->
<bean id="successLogoutHandler" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
<property name="defaultTargetUrl" value="/logout.jsp" />
</bean>
<!-- Register authentication manager with SAML provider -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="samlAuthenticationProvider" />
</security:authentication-manager>
<!-- Logger for SAML messages and events -->
<bean id="samlLogger" class="org.springframework.security.saml.log.SAMLDefaultLogger" />
<!-- Central storage of cryptographic keys -->
<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
<constructor-arg value="/WEB-INF/spring/security/myKeystore.jks" />
<constructor-arg type="java.lang.String" value="betfair" />
<constructor-arg>
<map>
<entry key="tomcat" value="betfair" />
</map>
</constructor-arg>
<constructor-arg type="java.lang.String" value="tomcat" />
</bean>
<!-- Entry point to initialize authentication, default values taken from properties file -->
<bean id="samlEntryPoint" class="org.springframework.security.saml.SAMLEntryPoint">
<property name="defaultProfileOptions">
<bean class="org.springframework.security.saml.websso.WebSSOProfileOptions">
<property name="includeScoping" value="false" />
</bean>
</property>
</bean>
<!-- IDP Discovery Service -->
<bean id="samlIDPDiscovery" class="org.springframework.security.saml.SAMLDiscovery">
<property name="idpSelectionPath" value="/WEB-INF/security/idpSelection.jsp" />
</bean>
<!-- Filter automatically generates default SP metadata -->
<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.MetadataGenerator" />
</constructor-arg>
</bean>
<!-- The filter is waiting for connections on URL suffixed with filterSuffix and presents SP metadata there -->
<bean id="metadataDisplayFilter" class="org.springframework.security.saml.metadata.MetadataDisplayFilter" />
<!-- IDP Metadata configuration - paths to metadata of IDPs in circle of trust is here -->
<!-- Do no forget to call iniitalize method on providers -->
<bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
<constructor-arg>
<list>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
<constructor-arg>
<value type="java.io.File">/WEB-INF/spring/security/shibboleth.xml</value>
</constructor-arg>
<property name="parserPool" ref="parserPool" />
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
</bean>
</constructor-arg>
</bean>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
<constructor-arg>
<value type="java.io.File">/WEB-INF/spring/security/localhost_sp.xml</value>
</constructor-arg>
<property name="parserPool" ref="parserPool" />
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="local" value="true" />
<property name="alias" value="localhost" />
<property name="securityProfile" value="metaiop" />
<property name="sslSecurityProfile" value="pkix" />
<property name="signingKey" value="tomcat" />
<property name="encryptionKey" value="tomcat" />
<property name="tlsKey" value="tomcat" />
<property name="requireArtifactResolveSigned" value="false" />
<property name="requireLogoutRequestSigned" value="false" />
<property name="requireLogoutResponseSigned" value="false" />
</bean>
</constructor-arg>
</bean>
</list>
</constructor-arg>
<!-- OPTIONAL used when one of the metadata files contains information about this service provider -->
<property name="hostedSPName" value="localhost"/>
<!-- OPTIONAL property: can tell the system which IDP should be used for authenticating user by default. -->
<!-- <property name="defaultIDP" value="http://localhost:8080/opensso"/> -->
</bean>
<!-- SAML Authentication Provider responsible for validating of received SAML messages -->
<bean id="samlAuthenticationProvider" class="org.springframework.security.saml.SAMLAuthenticationProvider">
<!-- OPTIONAL property: can be used to store/load user data after login -->
<!-- <property name="userDetails" ref="bean" /> -->
</bean>
<!-- Provider of default SAML Context -->
<bean id="contextProvider" class="org.springframework.security.saml.context.SAMLContextProviderImpl" />
<!-- Processing filter for WebSSO profile messages -->
<bean id="samlWebSSOProcessingFilter" class="org.springframework.security.saml.SAMLProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationSuccessHandler" ref="successRedirectHandler" />
</bean>
<!-- Processing filter for WebSSO Holder-of-Key profile -->
<bean id="samlWebSSOHoKProcessingFilter" class="org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationSuccessHandler" ref="successRedirectHandler" />
</bean>
<!-- Logout handler terminating local session -->
<bean id="logoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
<property name="invalidateHttpSession" value="false" />
</bean>
<!-- Override default logout processing filter with the one processing SAML messages -->
<bean id="samlLogoutFilter" class="org.springframework.security.saml.SAMLLogoutFilter">
<constructor-arg ref="successLogoutHandler" />
<constructor-arg ref="logoutHandler" />
<constructor-arg ref="logoutHandler" />
</bean>
<!-- Filter processing incoming logout messages -->
<!-- First argument determines URL user will be redirected to after successful global logout -->
<bean id="samlLogoutProcessingFilter" class="org.springframework.security.saml.SAMLLogoutProcessingFilter">
<constructor-arg ref="successLogoutHandler" />
<constructor-arg ref="logoutHandler" />
</bean>
<!-- Class loading incoming SAML messages from httpRequest stream -->
<bean id="processor" class="org.springframework.security.saml.processor.SAMLProcessorImpl">
<constructor-arg>
<list>
<ref bean="redirectBinding" />
<ref bean="postBinding" />
<ref bean="artifactBinding" />
<ref bean="soapBinding" />
<ref bean="paosBinding" />
</list>
</constructor-arg>
</bean>
<!-- SAML 2.0 WebSSO Assertion Consumer -->
<bean id="webSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerImpl" />
<!-- SAML 2.0 Holder-of-Key WebSSO Assertion Consumer -->
<bean id="hokWebSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl" />
<!-- SAML 2.0 Web SSO profile -->
<bean id="webSSOprofile" class="org.springframework.security.saml.websso.WebSSOProfileImpl" />
<!-- SAML 2.0 Holder-of-Key Web SSO profile -->
<bean id="hokWebSSOProfile" class="org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl" />
<!-- SAML 2.0 ECP profile -->
<bean id="ecpprofile" class="org.springframework.security.saml.websso.WebSSOProfileECPImpl" />
<!-- SAML 2.0 Logout Profile -->
<bean id="logoutprofile" class="org.springframework.security.saml.websso.SingleLogoutProfileImpl" />
<!-- Bindings, encoders and decoders used for creating and parsing messages -->
<bean id="postBinding" class="org.springframework.security.saml.processor.HTTPPostBinding">
<constructor-arg ref="parserPool" />
<constructor-arg ref="velocityEngine" />
</bean>
<bean id="redirectBinding" class="org.springframework.security.saml.processor.HTTPRedirectDeflateBinding">
<constructor-arg ref="parserPool" />
</bean>
<bean id="artifactBinding" class="org.springframework.security.saml.processor.HTTPArtifactBinding">
<constructor-arg ref="parserPool" />
<constructor-arg ref="velocityEngine" />
<constructor-arg>
<bean class="org.springframework.security.saml.websso.ArtifactResolutionProfileImpl">
<constructor-arg>
<bean class="org.apache.commons.httpclient.HttpClient" />
</constructor-arg>
<property name="processor">
<bean id="soapProcessor" class="org.springframework.security.saml.processor.SAMLProcessorImpl">
<constructor-arg ref="soapBinding" />
</bean>
</property>
</bean>
</constructor-arg>
</bean>
<bean id="soapBinding" class="org.springframework.security.saml.processor.HTTPSOAP11Binding">
<constructor-arg ref="parserPool" />
</bean>
<bean id="paosBinding" class="org.springframework.security.saml.processor.HTTPPAOS11Binding">
<constructor-arg ref="parserPool" />
</bean>
<!-- Initialization of OpenSAML library -->
<bean class="org.springframework.security.saml.SAMLBootstrap" />
<!-- Initialization of the velocity engine -->
<bean id="velocityEngine" class="org.springframework.security.saml.util.VelocityFactory" factory-method="getEngine" />
<!-- XML parser pool needed for OpenSAML parsing -->
<bean id="parserPool" class="org.opensaml.xml.parse.BasicParserPool" scope="singleton" />
어떤 생각?
감사 에마
해결법
-
==============================
1.나는 같은 문제를 경험했다. 디버깅 후 SecurityContext가 지우기 전에 지워진 것을 알게되었습니다. 인터넷 검색 결과 나는 https://jira.springsource.org/browse/SEC-2027을 발견했다. 스프링 보안 버전 3.1.2로 옮겨 가자.
나는 같은 문제를 경험했다. 디버깅 후 SecurityContext가 지우기 전에 지워진 것을 알게되었습니다. 인터넷 검색 결과 나는 https://jira.springsource.org/browse/SEC-2027을 발견했다. 스프링 보안 버전 3.1.2로 옮겨 가자.
누군가가 도움이되기를 바랍니다.
-
==============================
2.Spring을 사용하는 방법에 대해 특별히 신경 쓰지 않거나, 먼저 작동하는 것을 시도하고 나중에 Spring으로 옮길 수 있다면, 여기 좋은 자습서가 있습니다. 나는 이것을 시도했다, 그것은 작동한다 :
Spring을 사용하는 방법에 대해 특별히 신경 쓰지 않거나, 먼저 작동하는 것을 시도하고 나중에 Spring으로 옮길 수 있다면, 여기 좋은 자습서가 있습니다. 나는 이것을 시도했다, 그것은 작동한다 :
http://fczaja.blogspot.com/2012/06/idp-initiated-sso-and-identity.html
블로그 필자 필립 (Filip)은 매우 민감합니다. 필 요한 경우 그에 대한 설명을 얻을 수 있습니다.
from https://stackoverflow.com/questions/12677104/httpsession-returned-null-object-for-spring-security-context by cc-by-sa and MIT license
'SPRING' 카테고리의 다른 글
| [SPRING] 컨트롤러에서 작동하지만 다른 클래스에서는 작동하지 않는 Spring @ Autowired messageSource? (0) | 2019.04.08 |
|---|---|
| [SPRING] Spring Data Mongodb - 다른 유형의 콜렉션을위한 저장소 (0) | 2019.04.08 |
| [SPRING] Spring Rest Service - 로그인을 시도 할 때 잘못된 CSRF 토큰 (0) | 2019.04.08 |
| [SPRING] Spring MVC : @ResponseStatus (이유 = '')를 Tomcat의 @ResponseBody 예외 핸들러에서 사용하기 (0) | 2019.04.08 |
| [SPRING] 스프링 보안 로그 아웃 처리 (0) | 2019.04.08 |