Weblogic 12c上的Spring SAML
[英]Spring SAML on Weblogic 12c
问题描述
I'm currently working on an application that is making use of the Spring SAML ( http://projects.spring.io/spring-security-saml/ ) project as part of our authentication. 
我目前正在开发一个使用Spring SAML( http://projects.spring.io/spring-security-saml/ )项目作为我们身份验证的一部分的应用程序。 I know it is still in RC but so is the application we are working on. 我知道它仍然在RC中,但我们正在开发的应用程序也是如此。 We have the library integrated and fully functioning when deployed to Tomcat7 but are running into issues when deploying to Weblogic 12c (12.0.1.2). 我们在部署到Tomcat7时集成了库并且功能完备,但在部署到Weblogic 12c(12.0.1.2)时遇到了问题。 On Weblogic without throwing any errors the assertion values will be decrpyted as empty no errors. 在没有抛出任何错误的Weblogic上,断言值将被清空为空,没有错误。
The problem seems to be in the Xerces libraries. 问题似乎出现在Xerces库中。 Spring SAML (due to OpenSAML) requires 2.10.0 as far as I am able to tell but Weblogic provides 2.8.0 of the Xerces library.I have attempted to update Xerces library version by including the proper xercesImpl and xml-apis jars in the projects WEB-INF/lib folder. Spring SAML(由于OpenSAML)需要2.10.0,据我所知,但Weblogic提供了2.8.0的Xerces库。我试图通过在xercesImpl和xml-apis中包含适当的xercesImpl和xml-apis来更新Xerces库版本。项目WEB-INF / lib文件夹。 This fixes the decrpyting issue with Spring SAML but breaks Weblogics ability to parse JSP pages. 这解决了Spring SAML的decrpyting问题,但破坏了Weblogics解析JSP页面的能力。 I have included part of the stack trace for the non-upgraded and upgraded Xerces exceptions below. 我已经为下面的非升级和升级的Xerces异常包含了部分堆栈跟踪。 If anyone has any idea of how to properly fix this issue so that Spring SAML can function of Weblogic while not breaking the default functionality I would greatly appreciate it. 如果有人知道如何正确解决这个问题,以便Spring SAML可以在不破坏默认功能的情况下运行Weblogic,我将非常感激。
This is the stack trace before updating Xerces 这是更新Xerces之前的堆栈跟踪
2014-07-31 10:43:37,675 [[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.apache.xml.security.algorithms.JCEMapper - Request for U
RI http://www.w3.org/2001/04/xmlenc#aes256-cbc
2014-07-31 10:43:37,675 [[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.apache.xml.security.encryption.XMLCipher - JCE Algorithm
= AES/CBC/ISO10126Padding
<Jul 31, 2014 10:43:37 AM EDT> <Error> <HTTP> <BEA-101020> <[ServletContext@1538876008[app:intranet module:intranet.war path:null spec-version:3.0]] Servlet failed with an
Exception
java.lang.NumberFormatException: For input string: ""
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
at java.lang.Integer.parseInt(Integer.java:504)
at java.lang.Integer.valueOf(Integer.java:582)
at org.opensaml.common.SAMLVersion.valueOf(SAMLVersion.java:89)
at org.opensaml.saml2.core.impl.AssertionUnmarshaller.processAttribute(AssertionUnmarshaller.java:71)
at org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshallAttribute(AbstractXMLObjectUnmarshaller.java:254)
at org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObjectUnmarshaller.java:113)
at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:479)
at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:403)
at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141)
at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69)
at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:190)
at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:82)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:84)
This is the stack trace after updating Xerces to 2.10.0. 这是将Xerces更新为2.10.0后的堆栈跟踪。
weblogic.servlet.jsp.CompilationException: Failed to compile JSP /WEB- INF/jsp/errors/500.jsp
500.jsp:1:1: The validator class: "org.apache.taglibs.standard.tlv.JstlCoreTLV" has failed with the following exception: "java.lang.ClassCastException: weblogic.xml.jaxp.Re
gistrySAXParserFactory cannot be cast to javax.xml.parsers.SAXParserFactory".
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
^-------------------------------------------------------------^
500.jsp:2:5: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@ taglib prefix="int" uri="intranet"%>
^----^
500.jsp:2:5: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@ taglib prefix="int" uri="intranet"%>
^----^
500.jsp:6:3: This tag can only appear as a subelement of a standard or custom action. Exceptions are: jsp:body, jsp:attribute, jsp:expression, jsp:scriptlet, and jsp:declaration.
<jsp:attribute name="minifiedJs">
^-----------^
500.jsp:8:3: This tag can only appear as a subelement of a standard or custom action. Exceptions are: jsp:body, jsp:attribute, jsp:expression, jsp:scriptlet, and jsp:declaration.
<jsp:attribute name="nonMinifiedJs">
^-----------^
500.jsp:11:3: This tag can only appear as a subelement of a standard or custom action. Exceptions are: jsp:body, jsp:attribute, jsp:expression, jsp:scriptlet, and jsp:declaration.
<jsp:body>
^------^
at weblogic.servlet.jsp.JavelinxJSPStub.reportCompilationErrorIfNeccessary(JavelinxJSPStub.java:243)
at weblogic.servlet.jsp.JavelinxJSPStub.compilePage0(JavelinxJSPStub.java:179)
at weblogic.servlet.jsp.JavelinxJSPStub.access$000(JavelinxJSPStub.java:50)
at weblogic.servlet.jsp.JavelinxJSPStub$1.run(JavelinxJSPStub.java:108)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.servlet.jsp.JavelinxJSPStub.compilePage(JavelinxJSPStub.java:105)
at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:247)
at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:200)
at weblogic.servlet.internal.ServletStubImpl.getServlet(ServletStubImpl.java:403)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:295)
at weblogic.servlet.internal.ServletStubImpl.onAddToMapException(ServletStubImpl.java:478)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:367)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
...
3 个解决方案
解决方案1
2 2014-07-31 20:27:26
For anyone who comes upon this later. 对于后来遇到此事的人。 I ended up solving the issue by updating to xercesImpl version 2.9.0. 我最终通过更新到xercesImpl版本2.9.0解决了这个问题。 This seems to be a sweet spot version for this issue, even though it is less than what OpenSAML requests it fixes the issue while not causing any other issues with Weblogic (as far as I've currently encountered). 这似乎是这个问题的最佳版本,尽管它比OpenSAML要求它解决问题的要少,而不会引起Weblogic的任何其他问题(据我目前遇到)。 Xerces 2.10.0 required an updated version of xml-apis to function and that was causing the issues with Weblogic (2.9.0 seems to work with version of xml-apis included in Weblogic). Xerces 2.10.0需要xml-apis的更新版本才能运行,这导致了Weblogic的问题(2.9.0似乎与Weblogic中包含的xml-apis版本一起使用)。
解决方案2
1 已采纳 2014-08-02 10:48:45
The following approach allows bundling of custom Xerces and Xalan libraries in Weblogic: 以下方法允许在Weblogic中捆绑自定义Xerces和Xalan库:
- Create ear archive
spring-security-saml2-sample.ear创建ear archive spring-security-saml2-sample.ear - Include Spring SAML file
spring-security-saml2-sample.warinside the ear, the war should contain own version of Xerces and Xalan.在spring-security-saml2-sample.war内部包含Spring SAML文件spring-security-saml2-sample.war,战争中应该包含自己版本的Xerces和Xalan。 Create file
META-INF/application.xmlinside the ear with the following content:使用以下内容在耳内创建文件META-INF/application.xml:<application xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd" version="5"> <module> <web> <web-uri>spring-security-saml2-sample.war</web-uri> <context-root>spring-security-saml2-sample</context-root> </web> </module> </application>Create file
META-INF/weblogic-application.xmlwith the following content:使用以下内容创建文件META-INF/weblogic-application.xml:<weblogic-application xmlns="http://www.bea.com/ns/weblogic/90" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90 http://www.oracle.com/technology/weblogic/920/weblogic-application.xsd"> <xml> <parser-factory> <saxparser-factory> org.apache.xerces.jaxp.SAXParserFactoryImpl </saxparser-factory> <document-builder-factory> org.apache.xerces.jaxp.DocumentBuilderFactoryImpl </document-builder-factory> <transformer-factory> org.apache.xalan.processor.TransformerFactoryImpl </transformer-factory> </parser-factory> </xml> <prefer-application-packages> <package-name>org.opensaml.*</package-name> <package-name>org.apache.xerces.*</package-name> <package-name>org.apache.xalan.*</package-name> </prefer-application-packages> </weblogic-application>Deploy the archive
部署存档
解决方案3
0 2014-07-31 15:30:15
Have you played with prefer-web-inf-classes for a war file or prefer-application-packages for an ear file? 您是否曾使用prefer-web-inf-classes作为war文件或者prefer-application-packages作为ear文件? One of them will likely resolve the problem: 其中一个可能会解决问题:
In weblogic-application.xml: 在weblogic-application.xml中:
<wls:prefer-application-packages>
<wls:package-name>org.apache.xerces.xni.parser.*</wls:package-name>
<wls:package-name>org.apache.xerces.parsers.*</wls:package-name>
<wls:package-name>org.apache.xalan.*</wls:package-name>
</wls:prefer-application-packages>
In weblogic.xml: 在weblogic.xml中:
<wls:container-descriptor>
<wls:prefer-web-inf-classes>true</prefer-web-inf-classes>
</wls:container-descriptor>
See these Oracle docs here 请在此处查看这些Oracle文档
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.