It seems to be all right. Authorization is working, and users get the roles. I protected the methods of using annotations (for example #PreAuthorize("hasPermission(#post, 'READ')") ), it works and I get access denied. I created a database in which he described the rights of users to objects. I created a database which contains the user's permission on objects.
My problem is that after the user's authorization, it is not getting permissions, and even if the user has the authority to object, he gets access denied. Also, I noticed that after a user login in the log file of the server should get a string which will write what permission he got, but I have no such line.
Pieces of my files:
web.xml
...
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
/WEB-INF/acl-context.xml
/WEB-INF/mvc-dispatcher-servlet.xml
</param-value>
</context-param>...
mvc-dispatcher-servlet.xml
...
<security:global-method-security pre-post-annotations="enabled">
<security:expression-handler ref="expressionHandler" />
</security:global-method-security>
<context:annotation-config />
<tx:annotation-driven />
<tx:jta-transaction-manager />
<context:component-scan base-package="com.bla-bla.bla.controllers" />
<mvc:annotation-driven />
...
spring-security.xml
...
<security:http auto-config="true" use-expressions="true"
access-denied-page="/auth/denied.html">
<security:intercept-url pattern="/auth/login.html" access="permitAll" />
<security:form-login login-page="/auth/login.html"
authentication-failure-url="/auth/login.html?error=true"
default-target-url="/index.html" />
<security:logout invalidate-session="true"
logout-success-url="/auth/login.html" logout-url="/auth/logout.html" />
</security:http>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="userService">
<security:password-encoder ref="pswEncoder" />
</security:authentication-provider>
</security:authentication-manager>
<bean id="userService"
class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource" ref="jndiJboss" />
<property name="usersByUsernameQuery"
value="SELECT login, pass, enabled FROM accounts WHERE login=?" />
<property name="authoritiesByUsernameQuery"
value="SELECT login, authority FROM accounts WHERE login=?" />
</bean>
<bean
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"
id="pswEncoder" />
...
acl-context.xml
...
<bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler"
p:permissionEvaluator-ref="permissionEvaluator"
p:roleHierarchy-ref="roleHierarchy" />
<bean class="org.springframework.security.acls.AclPermissionEvaluator" id="permissionEvaluator">
<constructor-arg ref="aclService"/>
</bean>
<bean class="org.springframework.security.acls.jdbc.JdbcMutableAclService" id="aclService">
<constructor-arg ref="jndiJboss"/>
<constructor-arg ref="lookupStrategy"/>
<constructor-arg ref="aclCache"/>
</bean>
<bean id="lookupStrategy" class="org.springframework.security.acls.jdbc.BasicLookupStrategy">
<constructor-arg ref="jndiJboss"/>
<constructor-arg ref="aclCache"/>
<constructor-arg ref="aclAuthorizationStrategy"/>
<constructor-arg ref="auditLogger"/>
</bean>
<bean id="jndiJboss" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName" value="java:/JBossDB"/>
</bean>
<bean id="aclCache" class="org.springframework.security.acls.domain.EhCacheBasedAclCache">
<constructor-arg>
<bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
</property>
<property name="cacheName" value="aclCache"/>
</bean>
</constructor-arg>
</bean>
<bean id="aclAuthorizationStrategy" class="org.springframework.security.acls.domain.AclAuthorizationStrategyImpl">
<constructor-arg>
<list>
<bean class="org.springframework.security.core.authority.GrantedAuthorityImpl">
<constructor-arg value="ROLE_ADMIN"/>
</bean>
<bean class="org.springframework.security.core.authority.GrantedAuthorityImpl">
<constructor-arg value="ROLE_ADMIN"/>
</bean>
<bean class="org.springframework.security.core.authority.GrantedAuthorityImpl">
<constructor-arg value="ROLE_ADMIN"/>
</bean>
</list>
</constructor-arg>
</bean>
<bean id="auditLogger" class="org.springframework.security.acls.domain.ConsoleAuditLogger"/>
<bean id="roleHierarchy" class="org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl">
<property name="hierarchy">
<value>
ROLE_ADMIN > ROLE_USER
</value>
</property>
</bean>
...
An example of a protected method of the controller
#Override
#RequestMapping(value = "/post/delete.html", method = RequestMethod.GET)
#Transactional
#PreAuthorize("hasPermission(#post, 'READ')")
public String delete(final Post post) {
//some actions
return "post/view";
}
In what could be the problem?
UPD. My problem was in the wrong filling acl_object_identity
Post the code that uses the ACLs (secured method invocations) and also highlight those classes in the Spring config files. Also, why are you placing the <security:global-method-security /> element in your MVC config file?
Related
ERROR [2015-06-23 10:12:50,826] localhost-startStop-1 org.springframework.web.context.ContextLoader - Context initialization failed
java.lang.NoClassDefFoundError: org/springframework/beans/factory/config/BeanExpressionResolver
at java.lang.Class.getDeclaredConstructors0(Native Method)
at java.lang.Class.privateGetDeclaredConstructors(Unknown Source)
at java.lang.Class.getConstructor0(Unknown Source)
at java.lang.Class.getDeclaredConstructor(Unknown Source)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:78)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:249)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:199)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5016)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5528)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1575)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1565)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.ClassNotFoundException: org.springframework.beans.factory.config.BeanExpressionResolver
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1720)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1571)
... 17 more
This is my applicationcontext.xml file...
ApplicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd">
<bean
class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor" />
<bean id="entityManagerFactory"
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="persistenceUnitName" value="punit"/>
<property name="jpaVendorAdapter">
<bean
class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
<property name="showSql" value="true" />
<property name="generateDdl" value="true" />
<property name="databasePlatform"><ref bean="dialect"/></property>
</bean>
</property>
</bean>
<bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName" value="java:/comp/env/jdbc/iclassifieddb"/>
</bean>
<bean id="dialect" class="org.springframework.jndi.JndiObjectFactoryBean" autowire-candidate="false">
<property name="jndiName" value="java:/comp/env/dialect"/>
</bean>
<bean id="transactionManager"
class="org.springframework.orm.jpa.JpaTransactionManager">
<property name="entityManagerFactory" ref="entityManagerFactory" />
</bean>
<tx:annotation-driven transaction-manager="transactionManager" proxy-target-class="true"/>
<!-- Startup bean -->
<bean id="databaseSetup" class="com.Yasna.iclassified.util.DatabaseSetup">
<property name="mutableAclService" ref="aclService"/>
<property name="configurationDao"><ref bean="configurationItemDAO"/></property>
</bean>
<!-- DAOs -->
<bean id="categoryDAO"
class="com.Yasna.iclassified.category.CategoryDAOJPA">
</bean>
<bean id="configurationItemDAO"
class="com.Yasna.iclassified.configuration.ConfigurationItemDAOJPA">
</bean>
<bean id="dataElementDAO"
class="com.Yasna.iclassified.dataelement.DataElementDAOJPA">
</bean>
<bean id="postingDAO"
class="com.Yasna.iclassified.posting.PostingDAOJPA">
<property name="propertyHelperFactory"><ref bean="propertyHelperFactory"/></property>
<property name="luceneIndexer"><ref bean="luceneIndexer"/></property>
</bean>
<bean id="propertyDAO"
class="com.Yasna.iclassified.property.PropertyDAOJPA">
</bean>
<bean id="imagePropertyDAO"
class="com.Yasna.iclassified.property.ImagePropertyDAOJPA">
<property name="configurationDAO"><ref bean="configurationItemDAO"/></property>
</bean>
<bean id="userDAO"
class="com.Yasna.iclassified.user.UserDAOJPA">
</bean>
<!-- Controllers. Remember to specify the appropriate DAO as the dao parameter -->
<bean id="categoryController" scope="prototype" class="com.Yasna.iclassified.category.CategoryController">
<property name="dao"><ref bean="categoryDAO"/></property>
<property name="postingDAO"><ref bean="postingDAO"/></property>
<property name="securityHelper"><ref bean="securityHelper"/></property>
</bean>
<bean id="configurationController" scope="prototype" class="com.Yasna.iclassified.configuration.ConfigurationController">
<property name="dao"><ref bean="configurationItemDAO"/></property>
</bean>
<bean id="dataelementController" scope="prototype" class="com.Yasna.iclassified.dataelement.DataElementController">
<property name="dao"><ref bean="dataElementDAO"/></property>
<property name="categoryDAO"><ref bean="categoryDAO"/></property>
<property name="securityHelper"><ref bean="securityHelper"/></property>
</bean>
<bean id="postingController" scope="prototype" class="com.Yasna.iclassified.posting.PostingController">
<property name="dao"><ref bean="postingDAO"/></property>
<property name="categoryDAO"><ref bean="categoryDAO"/></property>
<property name="propertyDAO"><ref bean="propertyDAO"/></property>
<property name="dataElementDAO"><ref bean="dataElementDAO"/></property>
<property name="configurationDAO"><ref bean="configurationItemDAO"/></property>
<property name="mutableAclService"><ref bean="aclService"/></property>
<property name="propertyHelperFactory"><ref bean="propertyHelperFactory"/></property>
<property name="securityHelper"><ref bean="securityHelper"/></property>
</bean>
<bean id="postingListController" scope="prototype" class="com.Yasna.iclassified.posting.PostingListController">
<property name="postingDAO"><ref bean="postingDAO"/></property>
<property name="categoryDAO"><ref bean="categoryDAO"/></property>
</bean>
<bean id="userController" scope="prototype" class="com.Yasna.iclassified.user.UserController">
<property name="dao"><ref bean="userDAO"/></property>
<property name="securityHelper"><ref bean="securityHelper"/></property>
<property name="userHelper"><ref bean="userHelper"/></property>
</bean>
<!-- Property Helpers -->
<bean id="propertyHelperFactory" class="com.Yasna.iclassified.property.PropertyHelperFactory">
<property name="helperMap">
<map>
<entry>
<key>
<value>SHORT_TEXT</value>
</key>
<ref bean="textHelper"/>
</entry>
<entry>
<key>
<value>LONG_TEXT</value>
</key>
<ref bean="textHelper"/>
</entry>
<entry>
<key>
<value>IMAGE</value>
</key>
<ref bean="imageHelper"/>
</entry>
<entry>
<key>
<value>CURRENCY</value>
</key>
<ref bean="currencyHelper"/>
</entry>
<entry>
<key>
<value>DEFAULT_CURRENCY</value>
</key>
<ref bean="defaultCurrencyHelper"/>
</entry>
</map>
</property>
</bean>
<bean id="textHelper" class="com.Yasna.iclassified.property.TextPropertyHelper">
<property name="propertyDAO"><ref bean="propertyDAO"/></property>
</bean>
<bean id="imageHelper" class="com.Yasna.iclassified.property.ImagePropertyHelper">
<property name="propertyDAO"><ref bean="imagePropertyDAO"/></property>
</bean>
<bean id="currencyHelper" class="com.Yasna.iclassified.property.CurrencyPropertyHelper">
<property name="propertyDAO"><ref bean="propertyDAO"/></property>
</bean>
<bean id="defaultCurrencyHelper" class="com.Yasna.iclassified.property.DefaultCurrencyPropertyHelper">
<property name="propertyDAO"><ref bean="propertyDAO"/></property>
</bean>
<!-- Miscellaneous actions -->
<bean id="homeController" scope="prototype" class="com.Yasna.iclassified.util.HomeController">
<property name="configurationDAO"><ref bean="configurationItemDAO"/></property>
<property name="userDAO"><ref bean="userDAO"/></property>
<property name="securityHelper"><ref bean="securityHelper"/></property>
<property name="userHelper"><ref bean="userHelper"/></property>
</bean>
<bean id="profileController" scope="prototype" class="com.Yasna.iclassified.user.ProfileController">
<property name="userDAO"><ref bean="userDAO"/></property>
<property name="postingDAO"><ref bean="postingDAO"/></property>
<property name="securityHelper"><ref bean="securityHelper"/></property>
</bean>
<bean id="getFile" class="com.Yasna.iclassified.util.GetFileAction">
<property name="propertyDAO"><ref bean="imagePropertyDAO"/></property>
</bean>
<bean id="postingSearchController" class="com.Yasna.iclassified.posting.PostingSearchController">
<property name="postingDAO"><ref bean="postingDAO"/></property>
<property name="luceneSearcher"><ref bean="luceneSearcher"/></property>
</bean>
<bean id="configurationCacheAction" scope="prototype" class="com.Yasna.iclassified.configuration.ConfigurationCacheAction">
<property name="configurationItemDAO"><ref bean="configurationItemDAO"/></property>
</bean>
<!-- Interceptors -->
<bean id="propertiesInterceptor" scope="prototype" class="com.Yasna.iclassified.struts.PropertiesInterceptor">
<property name="userDAO"><ref bean="userDAO"/></property>
<property name="postingDAO"><ref bean="postingDAO"/></property>
</bean>
<!-- Scheduled Jobs -->
<bean id="expiryJob" class="org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean">
<property name="targetObject" ref="postingDAO" />
<property name="targetMethod" value="expirePostings" />
</bean>
<bean id="expiryTrigger" class="org.springframework.scheduling.quartz.CronTriggerBean">
<property name="jobDetail" ref="expiryJob" />
<!-- run every hour -->
<property name="cronExpression" value="0 0 * * * ?" />
</bean>
<bean id="versionCheck" class="com.Yasna.iclassified.util.VersionChecker">
<property name="configurationDAO" ref="configurationItemDAO"/>
</bean>
<bean id="versionCheckJob" class="org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean">
<property name="targetObject" ref="versionCheck" />
<property name="targetMethod" value="checkVersion" />
</bean>
<bean id="versionTrigger" class="org.springframework.scheduling.quartz.CronTriggerBean">
<property name="jobDetail" ref="versionCheckJob" />
<!-- run every day at midday -->
<property name="cronExpression" value="0 0 12 * * ?" />
</bean>
<!--
<bean id="extraTrigger" class="org.springframework.scheduling.quartz.CronTriggerBean">
<property name="jobDetail" ref="expiryJob" />
<property name="cronExpression" value="0 * * * * ?" />
</bean>
-->
<!-- A list of Triggers to be scheduled and executed by Quartz -->
<bean class="org.springframework.scheduling.quartz.SchedulerFactoryBean">
<property name="triggers">
<list>
<ref bean="expiryTrigger"/>
<ref bean="versionTrigger"/>
<!-- <ref bean="extraTrigger"/> -->
</list>
</property>
</bean>
<!-- Email configuration -->
<bean id="mailProperties" scope="prototype" class="com.Yasna.iclassified.util.MailProperties">
<property name="configurationDAO"><ref bean="configurationItemDAO"/></property>
</bean>
<bean id="mailSender" scope="prototype" class="org.springframework.mail.javamail.JavaMailSenderImpl">
<property name="host">
<bean factory-bean="mailProperties" factory-method="getHost"/>
</property>
<property name="password">
<bean factory-bean="mailProperties" factory-method="getPassword"/>
</property>
<property name="username">
<bean factory-bean="mailProperties" factory-method="getUser"/>
</property>
</bean>
<bean id="emailController" scope="prototype" class="com.Yasna.iclassified.email.EmailController">
<property name="postingDAO"><ref bean="postingDAO"/></property>
<property name="emailHelper"><ref bean="emailHelper"/></property>
</bean>
<bean id="emailHelper" scope="prototype" class="com.Yasna.iclassified.email.EmailHelper">
<property name="mailSender"><ref bean="mailSender"/></property>
<property name="securityHelper"><ref bean="securityHelper"/></property>
<property name="configurationItemDAO"><ref bean="configurationItemDAO"/></property>
</bean>
<!-- Lucene Indexing -->
<bean id="fsDirectory" class="org.springmodules.lucene.index.support.FSDirectoryFactoryBean">
<property name="location" value="lucene"/>
<property name="create">
<value>true</value>
</property>
</bean>
<bean id="indexFactory" class="org.springmodules.lucene.index.support.SimpleIndexFactoryBean">
<property name="directory" ref="fsDirectory"/>
<property name="create">
<value>true</value>
</property>
<property name="analyzer">
<bean class="org.apache.lucene.analysis.SimpleAnalyzer">
</bean>
</property>
</bean>
<bean id="luceneIndexer" class="com.Yasna.iclassified.lucene.LuceneIndexer">
<property name="indexFactory"><ref bean="indexFactory"/></property>
<property name="propertyHelperFactory"><ref bean="propertyHelperFactory"/></property>
</bean>
<bean id="searcherFactory"
class="org.springmodules.lucene.search.factory.SimpleSearcherFactory">
<property name="directory" ref="fsDirectory"/>
</bean>
<bean id="luceneSearcher" class="com.Yasna.iclassified.lucene.LuceneSearcher">
<property name="searcherFactory"><ref bean="searcherFactory"/></property>
<property name="analyzer"><bean class="org.apache.lucene.analysis.SimpleAnalyzer" /></property>
<property name="postingDAO"><ref bean="postingDAO"/></property>
<property name="dataElementDAO"><ref bean="dataElementDAO"/></property>
</bean>
<!-- Miscellaneous Beans -->
<bean id="securityHelper" class="com.Yasna.iclassified.security.SecurityHelper" />
<bean id="userHelper" scope="prototype" class="com.Yasna.iclassified.user.UserHelper">
<property name="emailHelper"><ref bean="emailHelper"/></property>
</bean>
</beans>
This is security for the above context file.
securityApplicationContext.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
<http auto-config='true'>
<intercept-url pattern="/category/Category/create*" access="ROLE_ADMIN" />
<intercept-url pattern="/configuration**" access="ROLE_ADMIN" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<form-login login-page="/common/login.jsp" />
</http>
<authentication-provider user-service-ref='userDAO'>
<password-encoder hash="sha">
<salt-source user-property="username"/>
</password-encoder>
</authentication-provider>
<global-method-security secured-annotations="enabled" jsr250-annotations="enabled" access-decision-manager-ref="accessDecisionManager"/>
<!-- ACL permission masks used by this application -->
<beans:bean id="org.springframework.security.acls.domain.BasePermission.READ"
class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
<beans:property name="staticField" value="org.springframework.security.acls.domain.BasePermission.READ"/>
</beans:bean>
<beans:bean id="org.springframework.security.acls.domain.BasePermission.WRITE"
class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
<beans:property name="staticField" value="org.springframework.security.acls.domain.BasePermission.WRITE"/>
</beans:bean>
<beans:bean id="org.springframework.security.acls.domain.BasePermission.CREATE"
class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
<beans:property name="staticField" value="org.springframework.security.acls.domain.BasePermission.CREATE"/>
</beans:bean>
<beans:bean id="org.springframework.security.acls.domain.BasePermission.DELETE"
class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
<beans:property name="staticField" value="org.springframework.security.acls.domain.BasePermission.DELETE"/>
</beans:bean>
<beans:bean id="org.springframework.security.acls.domain.BasePermission.ADMINISTRATION"
class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
<beans:property name="staticField" value="org.springframework.security.acls.domain.BasePermission.ADMINISTRATION"/>
</beans:bean>
<!-- An access decision voter that reads ROLE_* configuration settings -->
<beans:bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"/>
<!-- An access decision voter that reads ACL_POSTING_WRITE configuration settings -->
<beans:bean id="aclPostingWriteVoter" class="com.Yasna.iclassified.security.GenericsAclEntryVoter">
<beans:constructor-arg ref="aclService"/>
<beans:constructor-arg value="ACL_POSTING_WRITE"/>
<beans:constructor-arg>
<beans:list>
<beans:ref local="org.springframework.security.acls.domain.BasePermission.WRITE"/>
</beans:list>
</beans:constructor-arg>
<beans:property name="processDomainObjectClass" value="com.Yasna.iclassified.posting.Posting"/>
</beans:bean>
<!-- An access decision voter that reads ACL_POSTING_DELETE configuration settings -->
<beans:bean id="aclPostingDeleteVoter" class="com.Yasna.iclassified.security.GenericsAclEntryVoter">
<beans:constructor-arg ref="aclService"/>
<beans:constructor-arg value="ACL_POSTING_DELETE"/>
<beans:constructor-arg>
<beans:list>
<beans:ref local="org.springframework.security.acls.domain.BasePermission.DELETE"/>
</beans:list>
</beans:constructor-arg>
<beans:property name="processDomainObjectClass" value="com.Yasna.iclassified.posting.Posting"/>
</beans:bean>
<!-- An access decision voter that determines if there is an existing authentication -->
<beans:bean id="authenticatedVoter" class="org.springframework.security.vote.AuthenticatedVoter"/>
<!-- An access decision voter that reads JSR 250 annotations -->
<beans:bean id="jsr250Voter" class="org.springframework.security.annotation.Jsr250Voter"/>
<beans:bean id="accessDecisionManager"
class="org.springframework.security.vote.AffirmativeBased">
<beans:property name="decisionVoters">
<beans:list>
<beans:ref bean="roleVoter"/>
<beans:ref bean="jsr250Voter"/>
<beans:ref bean="authenticatedVoter"/>
<beans:ref bean="aclPostingWriteVoter"/>
<beans:ref bean="aclPostingDeleteVoter"/>
</beans:list>
</beans:property>
</beans:bean>
<!-- ========= ACCESS CONTROL LIST LOOKUP MANAGER DEFINITIONS ========= -->
<beans:bean id="aclCache" class="org.springframework.security.acls.jdbc.EhCacheBasedAclCache">
<beans:constructor-arg>
<beans:bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<beans:property name="cacheManager">
<beans:bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
</beans:property>
<beans:property name="cacheName" value="aclCache"/>
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="lookupStrategy" class="org.springframework.security.acls.jdbc.BasicLookupStrategy">
<beans:constructor-arg ref="dataSource"/>
<beans:constructor-arg ref="aclCache"/>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.acls.domain.AclAuthorizationStrategyImpl">
<beans:constructor-arg>
<beans:list>
<beans:bean class="org.springframework.security.GrantedAuthorityImpl">
<beans:constructor-arg value="ROLE_ADMINISTRATOR"/>
</beans:bean>
<beans:bean class="org.springframework.security.GrantedAuthorityImpl">
<beans:constructor-arg value="ROLE_ADMINISTRATOR"/>
</beans:bean>
<beans:bean class="org.springframework.security.GrantedAuthorityImpl">
<beans:constructor-arg value="ROLE_ADMINISTRATOR"/>
</beans:bean>
</beans:list>
</beans:constructor-arg>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.acls.domain.ConsoleAuditLogger"/>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="aclService" class="org.springframework.security.acls.jdbc.JdbcMutableAclService">
<beans:constructor-arg ref="dataSource"/>
<beans:constructor-arg ref="lookupStrategy"/>
<beans:constructor-arg ref="aclCache"/>
</beans:bean>
</beans:beans>
This is the web.xml contains the filter mappings...
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="iClassified" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>iClassified</display-name>
<!-- Include this if you are using Hibernate -->
<filter>
<filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
<filter-class>
org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter- class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.FilterDispatcher
</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<resource-ref>
<description>
iClassified data source.
</description>
<res-ref-name>
jdbc/iclassifieddb
</res-ref-name>
<res-type>
javax.sql.DataSource
</res-type>
<res-auth>
Container
</res-auth>
</resource-ref>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/*Context.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
</web-app>
This is what i have as code and the above is what i got as error..
Please help and Thanks in advance...
I am using Spring Security 3.2.7 and I got this warning in my spring configuration
Multiple annotations found at this line:
- Method 'setProviders' is marked deprecated
security-config.xml:
<security:http auto-config="true">
<security:intercept-url pattern="/**" />
<security:form-login login-page="/login**"
default-target-url="/dashboard**"
authentication-failure-url="/login.xhtml?failed=true"/>
<security:logout logout-url="/logout" logout-success-url="/login.xhtml"/>
</security:http>
<bean id="userDao" class="com.tds.erp.dao.impl.UserDaoImpl"
autowire="default" />
<bean id="userDetailsService" class="com.tds.erp.services.impl.UserDetailServiceImpl">
<property name="userDao" ref="userDao"></property>
</bean>
<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService" ></property>
</bean>
<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
</list>
</property>
</bean>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userDetailsService">
<!-- <security:password-encoder hash="bcrypt"/> -->
</security:authentication-provider>
</security:authentication-manager>
</beans>
Try with the following for the authentication manager
<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<constructor-arg ref="daoAuthenticationProvider"/>
</bean>
For some reason I can't get my object to save via hibernate unless I explicitly flush().
I am using Spring MVC
Part of the DAO that does the save
public final T saveOrUpdate(final T instance) {
context.currentSession().saveOrUpdate(instance);
context.currentSession().flush(); //TODO should not have to do this
return instance;
}
part of the web.xml file that allows queries from the view via AJAX
<filter>
<filter-name>Open Session In View Filter</filter-name>
<filter-class>org.springframework.orm.hibernate4.support.OpenSessionInViewFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Open Session In View Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
part of the spring configuration for transaction management
<context:property-placeholder location="classpath:environment.properties" />
<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close">
<property name="driverClass" value="${hibernate.connection.driver_class}" />
<property name="jdbcUrl" value="${hibernate.connection.url}" />
<property name="user" value="${hibernate.connection.username}" />
<property name="password" value="${hibernate.connection.password}" />
<property name="initialPoolSize" value="5" />
<property name="minPoolSize" value="5" />
<property name="maxPoolSize" value="25" />
<property name="acquireIncrement" value="5" />
<property name="maxIdleTime" value="1800" />
<property name="numHelperThreads" value="5" />
</bean>
<bean id="sessionFactory" class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="entityInterceptor">
<bean class="org.mycompany.persistence.AuditTrailInterceptor"/>
</property>
<property name="hibernateProperties">
<props>
<!-- Hibernate Tweak to enhance performance -->
<prop key="hibernate.order_inserts">true</prop>
<!-- Hibernate Tweak to enhance performance -->
<prop key="hibernate.order_updates">true</prop>
<prop key="hibernate.dialect">${hibernate.dialect}</prop>
<prop key="hibernate.transaction.factory_class">org.hibernate.transaction.JDBCTransactionFactory</prop>
<prop key="hibernate.show_sql">true</prop>
</props>
</property>
<property name="configLocation" value="classpath:hibernate.cfg.xml" />
<!-- Enable mapping of annotated hibernate classes -->
<property name="packagesToScan" value="org.mycompany" />
</bean>
<bean id="transactionManager" class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory" />
</bean>
<tx:annotation-driven transaction-manager="transactionManager"/>
An example service method
#Service
#Transactional
class MyServiceImpl implements MyService {
...
#Override
public final void save(final MyObject obj) {
myObjectDao.save(obj);
}
Turns out is was a configuration issue between my root-context.xml and servlet-context.xml, I had to do the following:
I had to put the following in root-context.xml:
<!-- Load everything except #Controllers -->
<context:component-scan base-package="my.package">
<context:exclude-filter expression="org.springframework.stereotype.Controller" type="annotation"/>
</context:component-scan>
and in servlet-context.xml:
<!-- Search this package for annotated Spring Beans -->
<!-- Load #Controllers only -->
<context:component-scan base-package="my.package" use-default-filters="false">
<context:include-filter expression="org.springframework.stereotype.Controller" type="annotation"/>
</context:component-scan>
note that use-default-filters="false" is important and is what I had a lot of trouble with originally, it appears that the servlet was overwriting the beans from root-context.xml
I am implementing the control of concurrent session by Spring Security.
But when I login in the system by a Chrome with a User and after on the FireFox with the same User, does not display the error message. Also I get no exception in my console.
my web.xml :
<!-- ... -->
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>
<!-- .... -->
my security.xml :
<-- .... -->
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/**" access="isAuthenticated()" />
<security:form-login login-page="/login" default-target-url="/home"
authentication-failure-url="/login?logout=true"
authentication-success-handler-ref="authenticationSuccessHandler"
authentication-failure-handler-ref="authenticationFailureHandler"/>
<security:logout logout-url="/j_spring_security_logout" invalidate-session="true" success-handler-ref="logoutHandler"/>
<security:custom-filter ref="concurrencyFilter" position="CONCURRENT_SESSION_FILTER"/>
<security:session-management session-authentication-strategy-ref="concurrentSessionManager" session-authentication-error-url="/login?msg=SessionError"/>
</security:http>
<bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="sessionAuthenticationStrategy" ref="concurrentSessionManager"/>
</bean>
<!-- Authentication Manager -->
<security:authentication-manager alias="authenticationManager">
<!-- Custom Authentication provider -->
<security:authentication-provider ref="hemisphereAuthenticationProvider"/>
</security:authentication-manager>
<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
<bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry"/>
<property name="expiredUrl" value="/login?msg=SessionError" />
</bean>
<bean id="concurrentSessionManager" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<property name="maximumSessions" value="1"/>
<property name="exceptionIfMaximumExceeded" value="true" />
<constructor-arg name="sessionRegistry" ref="sessionRegistry" />
</bean>
<bean id="hemisphereAuthenticationProvider" class="security.HemisphereAuthenticationProvider">
<property name="userDetailsService" ref="userDetailService"/>
</bean>
<bean id="authenticationSuccessHandler" class="security.HemisphereAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/home" />
<property name="alwaysUseDefaultTargetUrl" value="no" />
</bean>
<bean id="authenticationFailureHandler" class="security.HemisphereAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login" />
</bean>
<bean id="logoutHandler" class="security.HemisphereLogoutHandler"/>
what am I doing wrong?
Thanks for your attention!
I'm trying to integrate the Spring Saml library in a sample webapplication, using Shibboleth as IDP.
I'm able to load the login page, to login and to show the index page.
The problem is that when I click on other links the webapp redirect me to the login page, then the IDP recognizes me and redirects to the requested page (if the network is fast it's very difficult to see this). It's like I'm not logged in for Spring security.
I checked the log and I found this:
org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade#fde8fb. A new one will be created.
This is the web.xml
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/root-context.xml
/WEB-INF/spring/security/securityContext.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Custom error pages -->
<error-page>
<error-code>400</error-code>
<location>/errors/missing-en.html</location>
</error-page>
<error-page>
<error-code>401</error-code>
<location>/errors/restricted-en.html</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/errors/restricted-en.html</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/errors/missing-en.html</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/errors/missing-en.html</location>
</error-page>
<error-page>
<error-code>503</error-code>
<location>/errors/missing-en.html</location>
</error-page>
and the securityContext
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<!-- Enable autowiring -->
<context:annotation-config />
<context:component-scan base-package="org.springframework.security.saml" />
<security:http pattern="/logout.jsp" security="none" />
<security:http pattern="/login.jsp" security="none" />
<security:http pattern="/index.html" security="none" />
<security:http entry-point-ref="samlEntryPoint">
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
<security:custom-filter before="FIRST" ref="metadataGeneratorFilter" />
<security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter" />
</security:http>
<bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain pattern="/saml/login/**" filters="samlEntryPoint" />
<security:filter-chain pattern="/saml/logout/**" filters="samlLogoutFilter" />
<security:filter-chain pattern="/saml/SSO/**" filters="samlWebSSOProcessingFilter" />
<security:filter-chain pattern="/saml/SSOHoK/**" filters="samlWebSSOHoKProcessingFilter" />
<security:filter-chain pattern="/saml/SingleLogout/**" filters="samlLogoutProcessingFilter" />
</security:filter-chain-map>
</bean>
<!-- Handler deciding where to redirect user after successful login -->
<bean id="successRedirectHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/" />
</bean>
<!-- Use the following for interpreting RelayState coming from unsolicited response as redirect URL: <bean id="successRedirectHandler" class="org.springframework.security.saml.SAMLRelayStateSuccessHandler">
<property name="defaultTargetUrl" value="/" /> </bean> -->
<!-- Handler for successful logout -->
<bean id="successLogoutHandler" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
<property name="defaultTargetUrl" value="/logout.jsp" />
</bean>
<!-- Register authentication manager with SAML provider -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="samlAuthenticationProvider" />
</security:authentication-manager>
<!-- Logger for SAML messages and events -->
<bean id="samlLogger" class="org.springframework.security.saml.log.SAMLDefaultLogger" />
<!-- Central storage of cryptographic keys -->
<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
<constructor-arg value="/WEB-INF/spring/security/myKeystore.jks" />
<constructor-arg type="java.lang.String" value="betfair" />
<constructor-arg>
<map>
<entry key="tomcat" value="betfair" />
</map>
</constructor-arg>
<constructor-arg type="java.lang.String" value="tomcat" />
</bean>
<!-- Entry point to initialize authentication, default values taken from properties file -->
<bean id="samlEntryPoint" class="org.springframework.security.saml.SAMLEntryPoint">
<property name="defaultProfileOptions">
<bean class="org.springframework.security.saml.websso.WebSSOProfileOptions">
<property name="includeScoping" value="false" />
</bean>
</property>
</bean>
<!-- IDP Discovery Service -->
<bean id="samlIDPDiscovery" class="org.springframework.security.saml.SAMLDiscovery">
<property name="idpSelectionPath" value="/WEB-INF/security/idpSelection.jsp" />
</bean>
<!-- Filter automatically generates default SP metadata -->
<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.MetadataGenerator" />
</constructor-arg>
</bean>
<!-- The filter is waiting for connections on URL suffixed with filterSuffix and presents SP metadata there -->
<bean id="metadataDisplayFilter" class="org.springframework.security.saml.metadata.MetadataDisplayFilter" />
<!-- IDP Metadata configuration - paths to metadata of IDPs in circle of trust is here -->
<!-- Do no forget to call iniitalize method on providers -->
<bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
<constructor-arg>
<list>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
<constructor-arg>
<value type="java.io.File">/WEB-INF/spring/security/shibboleth.xml</value>
</constructor-arg>
<property name="parserPool" ref="parserPool" />
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
</bean>
</constructor-arg>
</bean>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
<constructor-arg>
<value type="java.io.File">/WEB-INF/spring/security/localhost_sp.xml</value>
</constructor-arg>
<property name="parserPool" ref="parserPool" />
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="local" value="true" />
<property name="alias" value="localhost" />
<property name="securityProfile" value="metaiop" />
<property name="sslSecurityProfile" value="pkix" />
<property name="signingKey" value="tomcat" />
<property name="encryptionKey" value="tomcat" />
<property name="tlsKey" value="tomcat" />
<property name="requireArtifactResolveSigned" value="false" />
<property name="requireLogoutRequestSigned" value="false" />
<property name="requireLogoutResponseSigned" value="false" />
</bean>
</constructor-arg>
</bean>
</list>
</constructor-arg>
<!-- OPTIONAL used when one of the metadata files contains information about this service provider -->
<property name="hostedSPName" value="localhost"/>
<!-- OPTIONAL property: can tell the system which IDP should be used for authenticating user by default. -->
<!-- <property name="defaultIDP" value="http://localhost:8080/opensso"/> -->
</bean>
<!-- SAML Authentication Provider responsible for validating of received SAML messages -->
<bean id="samlAuthenticationProvider" class="org.springframework.security.saml.SAMLAuthenticationProvider">
<!-- OPTIONAL property: can be used to store/load user data after login -->
<!-- <property name="userDetails" ref="bean" /> -->
</bean>
<!-- Provider of default SAML Context -->
<bean id="contextProvider" class="org.springframework.security.saml.context.SAMLContextProviderImpl" />
<!-- Processing filter for WebSSO profile messages -->
<bean id="samlWebSSOProcessingFilter" class="org.springframework.security.saml.SAMLProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationSuccessHandler" ref="successRedirectHandler" />
</bean>
<!-- Processing filter for WebSSO Holder-of-Key profile -->
<bean id="samlWebSSOHoKProcessingFilter" class="org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationSuccessHandler" ref="successRedirectHandler" />
</bean>
<!-- Logout handler terminating local session -->
<bean id="logoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
<property name="invalidateHttpSession" value="false" />
</bean>
<!-- Override default logout processing filter with the one processing SAML messages -->
<bean id="samlLogoutFilter" class="org.springframework.security.saml.SAMLLogoutFilter">
<constructor-arg ref="successLogoutHandler" />
<constructor-arg ref="logoutHandler" />
<constructor-arg ref="logoutHandler" />
</bean>
<!-- Filter processing incoming logout messages -->
<!-- First argument determines URL user will be redirected to after successful global logout -->
<bean id="samlLogoutProcessingFilter" class="org.springframework.security.saml.SAMLLogoutProcessingFilter">
<constructor-arg ref="successLogoutHandler" />
<constructor-arg ref="logoutHandler" />
</bean>
<!-- Class loading incoming SAML messages from httpRequest stream -->
<bean id="processor" class="org.springframework.security.saml.processor.SAMLProcessorImpl">
<constructor-arg>
<list>
<ref bean="redirectBinding" />
<ref bean="postBinding" />
<ref bean="artifactBinding" />
<ref bean="soapBinding" />
<ref bean="paosBinding" />
</list>
</constructor-arg>
</bean>
<!-- SAML 2.0 WebSSO Assertion Consumer -->
<bean id="webSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerImpl" />
<!-- SAML 2.0 Holder-of-Key WebSSO Assertion Consumer -->
<bean id="hokWebSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl" />
<!-- SAML 2.0 Web SSO profile -->
<bean id="webSSOprofile" class="org.springframework.security.saml.websso.WebSSOProfileImpl" />
<!-- SAML 2.0 Holder-of-Key Web SSO profile -->
<bean id="hokWebSSOProfile" class="org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl" />
<!-- SAML 2.0 ECP profile -->
<bean id="ecpprofile" class="org.springframework.security.saml.websso.WebSSOProfileECPImpl" />
<!-- SAML 2.0 Logout Profile -->
<bean id="logoutprofile" class="org.springframework.security.saml.websso.SingleLogoutProfileImpl" />
<!-- Bindings, encoders and decoders used for creating and parsing messages -->
<bean id="postBinding" class="org.springframework.security.saml.processor.HTTPPostBinding">
<constructor-arg ref="parserPool" />
<constructor-arg ref="velocityEngine" />
</bean>
<bean id="redirectBinding" class="org.springframework.security.saml.processor.HTTPRedirectDeflateBinding">
<constructor-arg ref="parserPool" />
</bean>
<bean id="artifactBinding" class="org.springframework.security.saml.processor.HTTPArtifactBinding">
<constructor-arg ref="parserPool" />
<constructor-arg ref="velocityEngine" />
<constructor-arg>
<bean class="org.springframework.security.saml.websso.ArtifactResolutionProfileImpl">
<constructor-arg>
<bean class="org.apache.commons.httpclient.HttpClient" />
</constructor-arg>
<property name="processor">
<bean id="soapProcessor" class="org.springframework.security.saml.processor.SAMLProcessorImpl">
<constructor-arg ref="soapBinding" />
</bean>
</property>
</bean>
</constructor-arg>
</bean>
<bean id="soapBinding" class="org.springframework.security.saml.processor.HTTPSOAP11Binding">
<constructor-arg ref="parserPool" />
</bean>
<bean id="paosBinding" class="org.springframework.security.saml.processor.HTTPPAOS11Binding">
<constructor-arg ref="parserPool" />
</bean>
<!-- Initialization of OpenSAML library -->
<bean class="org.springframework.security.saml.SAMLBootstrap" />
<!-- Initialization of the velocity engine -->
<bean id="velocityEngine" class="org.springframework.security.saml.util.VelocityFactory" factory-method="getEngine" />
<!-- XML parser pool needed for OpenSAML parsing -->
<bean id="parserPool" class="org.opensaml.xml.parse.BasicParserPool" scope="singleton" />
Any idea?
Thanks
emanuele
I've experienced the same problem. After debugging realized that SecurityContext is cleared before it's persisted. After googling I found this: https://jira.springsource.org/browse/SEC-2027
Moving to spring security version 3.1.2 solved it for me.
I hope it will help someone.
If you are not particular about using Spring, or you can try something that works first and move to Spring later, here is a good tutorial. I have tried this, it works:
http://fczaja.blogspot.com/2012/06/idp-initiated-sso-and-identity.html
The blog author Filip is very responsive, you can get clarifications from him if necessary.