[英]How to set WebSSOProfileConsumerImpl in your Spring Configuration file
I am facing issue of specifying WebSSOProfileConsumerImpl to my Spring Configuration file. 我面临在我的Spring配置文件中指定WebSSOProfileConsumerImpl的问题。 I am trying to modify responseSkew in this bean but after adding configuration for WebSSOProfileConsumerImpl I am getting MetadataManager issue 我正在尝试在此bean中修改responseSkew,但是在为WebSSOProfileConsumerImpl添加配置后,我遇到了MetadataManager问题
APPLICATION FAILED TO START 申请开始失败
Description: 描述:
Parameter 0 of method setMetadata in org.springframework.security.saml.websso.AbstractProfileBase required a bean of type 'org.springframework.security.saml.metadata.MetadataManager' that could not be found. org.springframework.security.saml.websso.AbstractProfileBase中的setMetadata方法的参数0需要一个类型为'org.springframework.security.saml.metadata.MetadataManager'的bean。
Action: 行动:
Consider defining a bean of type 'org.springframework.security.saml.metadata.MetadataManager' 考虑定义类型为“ org.springframework.security.saml.metadata.MetadataManager”的bean
Can anyone help me in resolving this issue? 谁能帮助我解决这个问题?
I have already gone through the link : http://docs.spring.io/spring-security-saml/docs/current/reference/html/configuration-advanced.html but it does not specify how to set this in configuration. 我已经浏览了以下链接: http : //docs.spring.io/spring-security-saml/docs/current/reference/html/configuration-advanced.html,但是它没有指定如何在配置中进行设置。
My Code 我的密码
import static org.springframework.security.extensions.saml2.config.SAMLConfigurer.saml;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.saml.websso.WebSSOProfileConsumer;
import org.springframework.security.saml.websso.WebSSOProfileConsumerImpl;
@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Value("${security.saml2.metadata-url}")
String metadataUrl;
@Value("${server.ssl.key-alias}")
String keyAlias;
@Value("${server.ssl.key-store-password}")
String password;
@Value("${server.port}")
String port;
@Value("${server.ssl.key-store}")
String keyStoreFilePath;
@Value("${security.saml2.responseSkew}")
int responseSkew = 0;
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/saml*").permitAll()
.anyRequest().authenticated()
.and()
.apply(saml())
.serviceProvider()
.keyStore()
.storeFilePath(this.keyStoreFilePath)
.password(this.password)
.keyname(this.keyAlias)
.keyPassword(this.password)
.and()
.protocol("https")
.hostname(String.format("%s:%s", "localhost", this.port))
.basePath("/")
.and()
.identityProvider()
.metadataFilePath(this.metadataUrl).and();
/* Map<? extends Object, Object> sharedObjects = new Map<? extends Object>, Object>(http.getSharedObjects());
sharedObjects.put(WebSSOProfileConsumer.class, webSSOprofileConsumerImpl());*/
}
@Bean
@Qualifier("webSSOprofileConsumer")
public WebSSOProfileConsumer webSSOprofileConsumerImpl() {
WebSSOProfileConsumerImpl consumerImpl = new WebSSOProfileConsumerImpl();
consumerImpl.setResponseSkew(this.responseSkew);
return consumerImpl;
}
}
If you do not need the WebSSOProfileConsumer to be accessible as a bean to the rest of the application, you can create it inside the configure method like this: 如果不需要将WebSSOProfileConsumer作为Bean来访问应用程序的其余部分,则可以在configure方法内创建它,如下所示:
@Override
protected void configure(final HttpSecurity http) throws Exception {
WebSSOProfileConsumerImpl consumerImpl = new WebSSOProfileConsumerImpl();
consumerImpl.setResponseSkew(this.responseSkew);
http
.authorizeRequests()
.antMatchers("/saml*").permitAll()
.anyRequest().authenticated()
.and()
.apply(saml())
.serviceProvider()
.ssoProfileConsumer(consumerImpl) // <-- added here
.keyStore()
// Your method continues as before
I do not remember the exact reason regular wiring fails in your case, but the gist of it is that configure sets up a builder object rather than regular beans. 我不记得您的情况下常规接线失败的确切原因,但是要点是configure设置了一个构建器对象而不是常规bean。 Normally the ServiceProviderBuilder provides the MetadataManager needed by your WebSSOProfileConsumer during its build step, but if you autowire the profile consumer you won't get the MetadataManager provided for you since your autowired object is assumed to be complete already. 通常,ServiceProviderBuilder在其构建步骤中会提供WebSSOProfileConsumer所需的MetadataManager,但是如果自动装配配置文件使用者,则不会为您提供MetadataManager,因为假定您的自动装配对象已经完成。
(I learned this when looking for a way to configure the max authentication age, since the two hour default in spring-security-saml in some cases is lower than the defaults used by identity providers. This effectively locks your users out of your application until the identity provider's max authentication age has passed.) (我在寻找一种配置最大身份验证年龄的方法时学到了这一点,因为在某些情况下spring-security-saml中的两个小时默认值低于身份提供商使用的默认值。这有效地将用户锁定在应用程序之外,直到身份提供商的最大身份验证年龄已过。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.