如何解决 org.springframework.web.util.NestedServletException：请求处理失败；使用 SAML

Question

我正在开发一个通过IDP 进行身份验证的应用程序，该应用程序位于ADFS 服务器中。
因此它具有一些功能，可以通过访问元数据 URL（如下所示）从程序级别导入 IDP 元数据，并根据服务提供方进行更新。

我在尝试处理来自 ADFS 服务器 URL 的 SAML 元数据时遇到请求处理异常。

我发现的一些解决方案说这是wildfly8 的问题，Wildfly 7+ 和JBoss 7+ 很好，但我仍然遇到同样的问题。

服务器：JBoss EAP 7.1.4 GA
Idp 服务器：ADFS 服务器从 url
https://adfs-server/FederationMetadata/2007-06/FederationMetadata.xml

访问元数据

Idpsaml格式可以在这里找到

https://www.samltool.com/idp_metadata.php

adfs-server(假域名)

当试图读取元数据时，由于下面的代码片段因为 credentialResolver 未加载并且它为 null

 private void initHttpMetadata(String url) throws MetadataProviderException
 {
  httpMetadataProvider = new HTTPMetadataProvider(new Timer(true), new HttpClient(), url);
  httpMetadataProvider.setRequireValidMetadata(true);
  httpMetadataProvider.setParserPool(new BasicParserPool());
  httpMetadataProvider.initialize();
  if (httpMetadataProvider != null)
  {
  entityDescriptor = httpMetadataProvider.getEntityDescriptor(entityId);
  if (entityDescriptor != null)
  {
    ssoDescriptor = 
entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
  }
  credentialResolver  = 
 credentialResolverFactory.getInstance(httpMetadataProvider);
}}

例外：

ERROR [se.myApp.platform.auth.metadata.in.AbstractMetadataReader] (default 
task-48) [] There is no single sign out services to update in metadata url, Please contact idp system administrator
ERROR [se.myApp.platform.auth.metadata.in.AbstractMetadataReader] (default task-48) [] There is no single sign on services to update in metadata url, Please contact idp system administrator
ERROR [io.undertow.request] (default task-48) [] UT005023: Exception handling request to /ssoadmin/metadata/search: org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.NullPointerException
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:982) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) [jboss-servlet-api_3.1_spec-1.0.0.Final-redhat-1.jar:1.0.0.Final-redhat-1]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final-redhat-1.jar:1.0.0.Final-redhat-1]
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:65) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1501)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1501)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1501)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1501)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:330) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [rt.jar:1.8.0_181]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [rt.jar:1.8.0_181]
at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_181]
 Caused by: java.lang.NullPointerException
at se.myApp.platform.auth.metadata.in.AbstractMetadataReader.getCertificate(AbstractMetadataReader.java:329) [classes:]
at se.myApp.platform.auth.metadata.in.MetadataReader.getCertificate(MetadataReader.java:40) [classes:]
at se.myApp.platform.auth.metadata.in.MetadataReader.readMetadata(MetadataReader.java:91) [classes:]
at se.myApp.platform.auth.metadata.war.controller.MetadataInController.searchMetadata(MetadataInController.java:97) [classes:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_181]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_181]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_181]
at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_181]
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221) [spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136) [spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:114) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:963) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:897) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
... 46 more

我尝试了以下选项：

org.springframework.web.util.NestedServletException: Request processing failed

org.springframework.web.util.NestedServletException: Handler processing failed

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.NullPointerException in REST with Spring

感谢您对此的建议。谢谢

Answer 1

问题是它试图通过 ssl 连接和读取元数据，在 ADFS 端 SSL 证书和服务提供端 (SP) ssl 证书不受信任，因为不在适当的层次结构中。

因此，两台服务器应该使用正确的 SSL 证书相互信任。在这种情况下，我们需要检查添加到 ADFS 服务器中的证书（您可以在 ADFS 管理控制台-> 证书路径中找到证书）。它基于证书的类型可能是解密证书或令牌签名证书。

例如：

如果服务提供商端证书低于证书路径：

 DigiCert-->root A--> companyRoot--> Machine certificate

如果 ADFS 证书路径：

1. 必须遵循正确的路径，例如：

   DigiCert-->RootA-->*.adfs.com

2. 自签名证书不适用于 ADFS。

这就是问题所在，一旦更正了证书，它工作正常，感谢大家的努力，并希望这个答案也能对其他人进行澄清。