带有过滤器链的弹簧配置

Question

我使用来自 https://github.com/spring-projects/spring-security-saml/tree/master/sample 的 saml 使用 spring 安全性

现在我有自己的带有控制器的 JSP 页面，当我将它添加到项目中时，它显示 404。当尝试访问 http://localhost:2/SAMPLE/pop

我的 JSP 在WEB-INF-jsp-pop.jsp

@Controller
public class ComCont {
@RequestMapping(value="/pop",method=RequestMethod.GET)
public String showHomePage(Map<Object, Object> model) {
    System.out.println("gotach");
    return "pop";
}

@RequestMapping(value="/hello",method=RequestMethod.GET)
public String showHomePage1(Map<Object, Object> model) {
    System.out.println("gotach");
    return "hello";
}

}

我的 servlet 上下文是

 <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <property name="prefix" value="/WEB-INF/jsp/"/>
    <property name="suffix" value=".jsp"/>
</bean>

securityContext.xml

<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
              http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">

    <!-- Enable auto-wiring -->
    <context:annotation-config/>

    <!-- Scan for auto-wiring classes in spring saml packages -->
    <context:component-scan base-package="org.springframework.security.saml"/>

    <!-- Unsecured pages -->
    <security:http security="none" pattern="/favicon.ico"/>
    <security:http security="none" pattern="/images/**"/>
    <security:http security="none" pattern="/css/**"/>
    <security:http security="none" pattern="/logout.jsp"/>

    <!-- Security for the administration UI -->
    <security:http pattern="/saml/web/**" use-expressions="false">
        <security:access-denied-handler error-page="/saml/web/metadata/login"/>
        <security:form-login login-processing-url="/saml/web/login" login-page="/saml/web/metadata/login" default-target-url="/saml/web/metadata"/>
        <security:intercept-url pattern="/saml/web/metadata/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <security:intercept-url pattern="/saml/web/**" access="ROLE_ADMIN"/>
        <security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
    </security:http>

    <!-- Secured pages with SAML as entry point -->
    <security:http entry-point-ref="samlEntryPoint" use-expressions="false">
       <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>

        <security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
        <security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter"/>
    </security:http>

    <!-- Filters for processing of SAML messages -->
    <bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
        <security:filter-chain-map request-matcher="ant">
            <security:filter-chain pattern="/saml/login/**" filters="samlEntryPoint"/>
            <security:filter-chain pattern="/saml/logout/**" filters="samlLogoutFilter"/>
            <security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter"/>
            <security:filter-chain pattern="/saml/SSO/**" filters="samlWebSSOProcessingFilter"/>
            <security:filter-chain pattern="/saml/SSOHoK/**" filters="samlWebSSOHoKProcessingFilter"/>
            <security:filter-chain pattern="/saml/SingleLogout/**" filters="samlLogoutProcessingFilter"/>
            <security:filter-chain pattern="/saml/discovery/**" filters="samlIDPDiscovery"/>
        </security:filter-chain-map>
    </bean>

    <!-- Handler deciding where to redirect user after successful login -->
    <bean id="successRedirectHandler"
          class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
        <property name="defaultTargetUrl" value="/"/>
    </bean>
    <!--
    Use the following for interpreting RelayState coming from unsolicited response as redirect URL:
    <bean id="successRedirectHandler" class="org.springframework.security.saml.SAMLRelayStateSuccessHandler">
       <property name="defaultTargetUrl" value="/" />
    </bean>
    -->

    <!-- Handler deciding where to redirect user after failed login -->
    <bean id="failureRedirectHandler"
          class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
        <property name="useForward" value="true"/>
        <property name="defaultFailureUrl" value="/error.jsp"/>
    </bean>

    <!-- Handler for successful logout -->
    <bean id="successLogoutHandler" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
        <property name="defaultTargetUrl" value="/logout.jsp"/>
    </bean>

    <security:authentication-manager alias="authenticationManager">
        <!-- Register authentication manager for SAML provider -->
        <security:authentication-provider ref="samlAuthenticationProvider"/>
        <!-- Register authentication manager for administration UI -->
        <security:authentication-provider>
            <security:user-service id="adminInterfaceService">
                <security:user name="admin" password="admin" authorities="ROLE_ADMIN"/>
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>

    <!-- Logger for SAML messages and events -->
    <bean id="samlLogger" class="org.springframework.security.saml.log.SAMLDefaultLogger"/>

    <!-- Central storage of cryptographic keys -->
    <bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
        <constructor-arg value="classpath:security/samlKeystore.jks"/>
        <constructor-arg type="java.lang.String" value="nalle123"/>
        <constructor-arg>
            <map>
                <entry key="apollo" value="nalle123"/>
            </map>
        </constructor-arg>
        <constructor-arg type="java.lang.String" value="apollo"/>
    </bean>

    <!-- Entry point to initialize authentication, default values taken from properties file -->
    <bean id="samlEntryPoint" class="org.springframework.security.saml.SAMLEntryPoint">
        <property name="defaultProfileOptions">
            <bean class="org.springframework.security.saml.websso.WebSSOProfileOptions">
                <property name="includeScoping" value="false"/>
            </bean>
        </property>
    </bean>

    <!-- IDP Discovery Service -->
    <bean id="samlIDPDiscovery" class="org.springframework.security.saml.SAMLDiscovery">
        <property name="idpSelectionPath" value="/WEB-INF/security/idpSelection.jsp"/>
    </bean>

    <!-- Filter automatically generates default SP metadata -->
    <bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
        <constructor-arg>
            <bean class="org.springframework.security.saml.metadata.MetadataGenerator">
                <property name="extendedMetadata">
                    <bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
                        <property name="idpDiscoveryEnabled" value="true"/>
                    </bean>
                </property>
            </bean>
        </constructor-arg>
    </bean>

    <!-- The filter is waiting for connections on URL suffixed with filterSuffix and presents SP metadata there -->
    <bean id="metadataDisplayFilter" class="org.springframework.security.saml.metadata.MetadataDisplayFilter"/>

    <!-- Configure HTTP Client to accept certificates from the keystore for HTTPS verification -->
    <!--
    <bean class="org.springframework.security.saml.trust.httpclient.TLSProtocolConfigurer">
        <property name="sslHostnameVerification" value="default"/>
    </bean>
    -->

    <!-- IDP Metadata configuration - paths to metadata of IDPs in circle of trust is here -->
    <bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
        <constructor-arg>
            <list>
                <!-- Example of classpath metadata with Extended Metadata -->
                <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
                    <constructor-arg>
                        <bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
                            <constructor-arg>
                                <bean class="java.util.Timer"/>
                            </constructor-arg>
                            <constructor-arg>
                                <bean class="org.opensaml.util.resource.ClasspathResource">
                                    <constructor-arg value="/metadata/idp.xml"/>
                                </bean>
                            </constructor-arg>
                            <property name="parserPool" ref="parserPool"/>
                        </bean>
                    </constructor-arg>
                    <constructor-arg>
                        <bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
                        </bean>
                    </constructor-arg>
                </bean>
                <!-- Example of HTTP metadata without Extended Metadata -->
                <bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider">
                    <!-- URL containing the metadata -->
                    <constructor-arg>
                        <value type="java.lang.String">http://localhost:12/idp-meta.xml</value>
                    </constructor-arg>
                    <!-- Timeout for metadata loading in ms -->
                    <constructor-arg>
                        <value type="int">15000</value>
                    </constructor-arg>
                    <property name="parserPool" ref="parserPool"/>
                </bean>
                <!-- Example of file system metadata without Extended Metadata -->
                <!--
                <bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
                    <constructor-arg>
                        <value type="java.io.File">/usr/local/metadata/idp.xml</value>
                    </constructor-arg>
                    <property name="parserPool" ref="parserPool"/>
                </bean>
                -->
            </list>
        </constructor-arg>
        <!-- OPTIONAL used when one of the metadata files contains information about this service provider -->
        <!-- <property name="hostedSPName" value=""/> -->
        <!-- OPTIONAL property: can tell the system which IDP should be used for authenticating user by default. -->
        <!-- <property name="defaultIDP" value="http://localhost:8080/opensso"/> -->
    </bean>

    <!-- SAML Authentication Provider responsible for validating of received SAML messages -->
    <bean id="samlAuthenticationProvider" class="org.springframework.security.saml.SAMLAuthenticationProvider">
        <!-- OPTIONAL property: can be used to store/load user data after login -->
        <!--
        <property name="userDetails" ref="bean" />
        -->
    </bean>

    <!-- Provider of default SAML Context -->
    <bean id="contextProvider" class="org.springframework.security.saml.context.SAMLContextProviderImpl"/>

    <!-- Processing filter for WebSSO profile messages -->
    <bean id="samlWebSSOProcessingFilter" class="org.springframework.security.saml.SAMLProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationSuccessHandler" ref="successRedirectHandler"/>
        <property name="authenticationFailureHandler" ref="failureRedirectHandler"/>
    </bean>

    <!-- Processing filter for WebSSO Holder-of-Key profile -->
    <bean id="samlWebSSOHoKProcessingFilter" class="org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationSuccessHandler" ref="successRedirectHandler"/>
        <property name="authenticationFailureHandler" ref="failureRedirectHandler"/>
    </bean>

    <!-- Logout handler terminating local session -->
    <bean id="logoutHandler"
          class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
        <property name="invalidateHttpSession" value="false"/>
    </bean>

    <!-- Override default logout processing filter with the one processing SAML messages -->
    <bean id="samlLogoutFilter" class="org.springframework.security.saml.SAMLLogoutFilter">
        <constructor-arg index="0" ref="successLogoutHandler"/>
        <constructor-arg index="1" ref="logoutHandler"/>
        <constructor-arg index="2" ref="logoutHandler"/>
    </bean>

    <!-- Filter processing incoming logout messages -->
    <!-- First argument determines URL user will be redirected to after successful global logout -->
    <bean id="samlLogoutProcessingFilter" class="org.springframework.security.saml.SAMLLogoutProcessingFilter">
        <constructor-arg index="0" ref="successLogoutHandler"/>
        <constructor-arg index="1" ref="logoutHandler"/>
    </bean>

    <!-- Class loading incoming SAML messages from httpRequest stream -->
    <bean id="processor" class="org.springframework.security.saml.processor.SAMLProcessorImpl">
        <constructor-arg>
            <list>
                <ref bean="redirectBinding"/>
                <ref bean="postBinding"/>
                <ref bean="artifactBinding"/>
                <ref bean="soapBinding"/>
                <ref bean="paosBinding"/>
            </list>
        </constructor-arg>
    </bean>

    <!-- SAML 2.0 WebSSO Assertion Consumer -->
    <bean id="webSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerImpl"/>

    <!-- SAML 2.0 Holder-of-Key WebSSO Assertion Consumer -->
    <bean id="hokWebSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl"/>

    <!-- SAML 2.0 Web SSO profile -->
    <bean id="webSSOprofile" class="org.springframework.security.saml.websso.WebSSOProfileImpl"/>

    <!-- SAML 2.0 Holder-of-Key Web SSO profile -->
    <bean id="hokWebSSOProfile" class="org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl"/>

    <!-- SAML 2.0 ECP profile -->
    <bean id="ecpprofile" class="org.springframework.security.saml.websso.WebSSOProfileECPImpl"/>

    <!-- SAML 2.0 Logout Profile -->
    <bean id="logoutprofile" class="org.springframework.security.saml.websso.SingleLogoutProfileImpl"/>

    <!-- Bindings, encoders and decoders used for creating and parsing messages -->
    <bean id="postBinding" class="org.springframework.security.saml.processor.HTTPPostBinding">
        <constructor-arg ref="parserPool"/>
        <constructor-arg ref="velocityEngine"/>
    </bean>

    <bean id="redirectBinding" class="org.springframework.security.saml.processor.HTTPRedirectDeflateBinding">
        <constructor-arg ref="parserPool"/>
    </bean>

    <bean id="artifactBinding" class="org.springframework.security.saml.processor.HTTPArtifactBinding">
        <constructor-arg ref="parserPool"/>
        <constructor-arg ref="velocityEngine"/>
        <constructor-arg>
            <bean class="org.springframework.security.saml.websso.ArtifactResolutionProfileImpl">
                <constructor-arg>
                    <bean class="org.apache.commons.httpclient.HttpClient">
                        <constructor-arg>
                            <bean class="org.apache.commons.httpclient.MultiThreadedHttpConnectionManager"/>
                        </constructor-arg>
                    </bean>
                </constructor-arg>
                <property name="processor">
                    <bean class="org.springframework.security.saml.processor.SAMLProcessorImpl">
                        <constructor-arg ref="soapBinding"/>
                    </bean>
                </property>
            </bean>
        </constructor-arg>
    </bean>

    <bean id="soapBinding" class="org.springframework.security.saml.processor.HTTPSOAP11Binding">
        <constructor-arg ref="parserPool"/>
    </bean>

    <bean id="paosBinding" class="org.springframework.security.saml.processor.HTTPPAOS11Binding">
        <constructor-arg ref="parserPool"/>
    </bean>

    <!-- Initialization of OpenSAML library-->
    <bean class="org.springframework.security.saml.SAMLBootstrap"/>

    <!-- Initialization of the velocity engine -->
    <bean id="velocityEngine" class="org.springframework.security.saml.util.VelocityFactory" factory-method="getEngine"/>

    <!-- XML parser pool needed for OpenSAML parsing -->
    <bean id="parserPool" class="org.opensaml.xml.parse.StaticBasicParserPool" init-method="initialize">
        <property name="builderFeatures">
            <map>
                <entry key="http://apache.org/xml/features/dom/defer-node-expansion" value="false"/>
            </map>
        </property>
    </bean>

    <bean id="parserPoolHolder" class="org.springframework.security.saml.parser.ParserPoolHolder"/>

</beans>

web.xml

<servlet>
    <servlet-name>saml</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>saml</servlet-name>
    <url-pattern>/saml/web/*</url-pattern>
</servlet-mapping>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

我在这里缺少什么？我是 Spring MVC 的新手。我知道一些基础知识。

Answer 1

网址格式语法：

http://localhost:2/{Your project_name}/{url-pattern}/{jsp name}

尝试点击这个网址，

http://localhost:2/SAMPLE/saml/web/pop

否则，将您的dispatcher-servlet Servlet 映射更改为这样，

<servlet-mapping>
    <servlet-name>saml</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

现在试试这个网址，http://localhost:2/SAMPLE/pop

把你的Controller RequestMapping改成这样，

@Controller
public class ComCont {

   @RequestMapping(value="/pop",method=RequestMethod.GET)
   public String showHomePage(Map<Object, Object> model) {
      System.out.println("gotach");
      return "pop";
   }
}

Answer 2

根据您为web.xml 和securityContext.xml 提供的内容，它们看起来很好，所以看起来不像过滤器链问题。 此外，您得到 404，这意味着 URL 存在问题，如果您得到 5xx，则可能是由于过滤器链等服务器问题。如果是因为安全或访问问题，则为 403。以下是分辨率的详细信息：

假设您确实拥有（必须拥有）saml-servlet.xml，请使用以下内容而不是您提供的内容：

<bean id="viewResolver" class="org.springframework.web.servlet.view.UrlBasedViewResolver">
    <property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
    <property name="prefix" value="/WEB-INF/jsp/" />
    <property name="suffix" value=".jsp" />
</bean>

基于以上，您可以理解（我认为您已经在做）您需要在/WEB-INF/jsp/ 中拥有您的 JSP

我不确定您要从控制器代码中实现什么，但如果您尝试从您提到的 URL 呈现您的 pop.jsp，请在控制器中使用以下代码：

@RequestMapping(value="/pop",method=RequestMethod.GET)
public ModelAndView showHomePage(ModelMap model, HttpServletRequest request) {
    System.out.println("I am in pop .. Lets rock ..");
    return new ModelAndView("pop", "pop", "I am coming from controller");
}

ModelAndView 构造函数的三个参数

1. JSP 的名称，这种情况下 Spring 会将其解析为 pop.jsp 并且应该位于 /WEB-INF/jsp/ 下
2. 要传递给 JSP 页面的对象的名称，在这种情况下，对象的名称是“pop”，因此您可以在 JSP 中使用${pop}，您将看到“我来自控制器”呈现。这只是一个字符串，但您可以传递一个 POJO，该 POJO 可以在您的 JSP 中使用 JSON 表示法进行访问。
3. 实际对象，本例中为字符串。

现在，来到你的 URL - http://localhost:2/SAMPLE/pop，我很确定你知道这一点，但我觉得有责任报道这一点，所以 - 你的 WAR 文件名应该是 SAMPLE.war，因为那是你的网络上下文。如果不是，那么您必须使用相同的名称，例如springapp.war，您的 URL 将是 http://localhost:2/springapp。这是您的 URL 的基本部分。

现在您使用的是http://localhost:2/SAMPLE/pop，这绝对是不正确的，因为您的DispatcherServlet 配置为/saml/web/* 的URL 映射。所以，你所有的网络请求都应该有http://localhost:2/SAMPLE/saml/web/的URL。无论DispatcherServlet 映射是什么，都应该在您的 URL 上下文路径之后 - http://localhost:2/SAMPLE

现在，如果您想点击/pop 控制器，那么您已经在DispatcherServlet 映射之后开始构建您的网址，因此您的网址将变为http://localhost:2/SAMPLE/saml/web/pop。
如果您使用上述 URL 并按照我的建议进行代码修改，那么我肯定会显示您的“pop.jsp”。

请注意，您的控制器方法只接受 GET 请求 - RequestMethod.GET，因此您必须从浏览器中点击 URL。如果您从 JSP 发送 Ajax POST 请求，那么控制器映射应该有 RequestMethod.POST。
另外，请注意使用准确的 URL，同时注意斜线/