我面临向我的Spring配置文件指定WebSSOProfileConsumerImpl的问题。我正在尝试修改此bean中的responseSkew,但在为WebSSOProfileConsumerImpl添加配置后,我收到了MetadataManager问题
申请失败
说明
org.springframework.security.saml.websso.AbstractProfileBase中方法setMetadata的参数0需要一个无法找到的类型为'org.springframework.security.saml.metadata.MetadataManager'的bean。
动作:
考虑定义'org.springframework.security.saml.metadata.MetadataManager'类型的bean
有人可以帮我解决这个问题吗?
我已经浏览了这个链接:http://docs.spring.io/spring-security-saml/docs/current/reference/html/configuration-advanced.html但它没有指定如何在配置中设置它。
我的代码
import static org.springframework.security.extensions.saml2.config.SAMLConfigurer.saml;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.saml.websso.WebSSOProfileConsumer;
import org.springframework.security.saml.websso.WebSSOProfileConsumerImpl;
@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Value("${security.saml2.metadata-url}")
String metadataUrl;
@Value("${server.ssl.key-alias}")
String keyAlias;
@Value("${server.ssl.key-store-password}")
String password;
@Value("${server.port}")
String port;
@Value("${server.ssl.key-store}")
String keyStoreFilePath;
@Value("${security.saml2.responseSkew}")
int responseSkew = 0;
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/saml*").permitAll()
.anyRequest().authenticated()
.and()
.apply(saml())
.serviceProvider()
.keyStore()
.storeFilePath(this.keyStoreFilePath)
.password(this.password)
.keyname(this.keyAlias)
.keyPassword(this.password)
.and()
.protocol("https")
.hostname(String.format("%s:%s", "localhost", this.port))
.basePath("/")
.and()
.identityProvider()
.metadataFilePath(this.metadataUrl).and();
/* Map<? extends Object, Object> sharedObjects = new Map<? extends Object>, Object>(http.getSharedObjects());
sharedObjects.put(WebSSOProfileConsumer.class, webSSOprofileConsumerImpl());*/
}
@Bean
@Qualifier("webSSOprofileConsumer")
public WebSSOProfileConsumer webSSOprofileConsumerImpl() {
WebSSOProfileConsumerImpl consumerImpl = new WebSSOProfileConsumerImpl();
consumerImpl.setResponseSkew(this.responseSkew);
return consumerImpl;
}
}
答案 0 :(得分:0)
如果您不需要将WebSSOProfileConsumer作为bean访问应用程序的其余部分,您可以在configure方法中创建它,如下所示:
@Override
protected void configure(final HttpSecurity http) throws Exception {
WebSSOProfileConsumerImpl consumerImpl = new WebSSOProfileConsumerImpl();
consumerImpl.setResponseSkew(this.responseSkew);
http
.authorizeRequests()
.antMatchers("/saml*").permitAll()
.anyRequest().authenticated()
.and()
.apply(saml())
.serviceProvider()
.ssoProfileConsumer(consumerImpl) // <-- added here
.keyStore()
// Your method continues as before
我不记得你的情况下常规接线失败的确切原因,但它的要点是configure设置一个构建器对象而不是常规bean。通常,ServiceProviderBuilder在构建步骤中提供WebSSOProfileConsumer所需的MetadataManager,但如果您自动装配配置文件使用者,则无法为您提供MetadataManager,因为您的自动装配对象已被假定为已完成。
(我在寻找配置最大身份验证时间的方法时学到了这一点,因为在某些情况下,spring-security-saml中的两小时默认值低于身份提供商使用的默认值。这有效地将您的用户锁定在您的申请,直到身份提供者的最大身份验证年龄已过。)