Weblogic 12c 上的 Spring SAML

StackOverflow https://stackoverflow.com//questions/25061918

我目前正在开发一个使用 Spring SAML 的应用程序(http://projects.spring.io/spring-security-saml/)项目作为我们身份验证的一部分。我知道它仍处于 RC 阶段,但我们正在开发的应用程序也是如此。当部署到 Tomcat7 时,我们已经集成了该库并且功能齐全,但在部署到 Weblogic 12c (12.0.1.2) 时遇到了问题。在 Weblogic 上,如果不抛出任何错误,断言值将被解密为空,没有错误。

问题似乎出在 Xerces 库中。据我所知,Spring SAML(由于 OpenSAML)需要 2.10.0,但 Weblogic 提供了 2.8.0 的 Xerces 库。我尝试通过在项目 WEB-INF/lib 文件夹。这修复了 Spring SAML 的解密问题,但破坏了 Weblogics 解析 JSP 页面的能力。我在下面包含了未升级和升级的 Xerces 异常的部分堆栈跟踪。如果有人知道如何正确解决此问题,以便 Spring SAML 可以在不破坏默认功能的情况下运行 Weblogic,我将不胜感激。

这是更新 Xerces 之前的堆栈跟踪

2014-07-31 10:43:37,675 [[ACTIVE] ExecuteThread: '2' for queue:     'weblogic.kernel.Default (self-tuning)'] DEBUG org.apache.xml.security.algorithms.JCEMapper   - Request for U
RI http://www.w3.org/2001/04/xmlenc#aes256-cbc
2014-07-31 10:43:37,675 [[ACTIVE] ExecuteThread: '2' for queue:    'weblogic.kernel.Default (self-tuning)'] DEBUG org.apache.xml.security.encryption.XMLCipher    - JCE Algorithm
 = AES/CBC/ISO10126Padding
<Jul 31, 2014 10:43:37 AM EDT> <Error> <HTTP> <BEA-101020>     <[ServletContext@1538876008[app:intranet module:intranet.war path:null spec-version:3.0]]    Servlet failed with an
Exception
java.lang.NumberFormatException: For input string: ""
    at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
    at java.lang.Integer.parseInt(Integer.java:504)
    at java.lang.Integer.valueOf(Integer.java:582)
    at org.opensaml.common.SAMLVersion.valueOf(SAMLVersion.java:89)
    at org.opensaml.saml2.core.impl.AssertionUnmarshaller.processAttribute(AssertionUnmarshaller.java:71)
    at org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshallAttribute(AbstractXMLObjectUnmarshaller.java:254)
    at org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObjectUnmarshaller.java:113)
    at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:479)
    at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:403)
    at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141)
    at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69)
    at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:190)
    at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:82)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
    at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:84)

这是将 Xerces 更新到 2.10.0 后的堆栈跟踪。

weblogic.servlet.jsp.CompilationException: Failed to compile JSP /WEB-  INF/jsp/errors/500.jsp
500.jsp:1:1: The validator class: "org.apache.taglibs.standard.tlv.JstlCoreTLV" has       failed with the following exception: "java.lang.ClassCastException: weblogic.xml.jaxp.Re
gistrySAXParserFactory cannot be cast to javax.xml.parsers.SAXParserFactory".
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
^-------------------------------------------------------------^
500.jsp:2:5: No tag library could be found with this URI. Possible causes could be that     the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@ taglib prefix="int" uri="intranet"%>
^----^
 500.jsp:2:5: No tag library could be found with this URI. Possible causes could be   that the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@ taglib prefix="int" uri="intranet"%>
^----^
500.jsp:6:3: This tag can only appear as a subelement of a standard or custom action.    Exceptions are: jsp:body, jsp:attribute, jsp:expression, jsp:scriptlet, and jsp:declaration.
    <jsp:attribute name="minifiedJs">
     ^-----------^
 500.jsp:8:3: This tag can only appear as a subelement of a standard or custom action.   Exceptions are: jsp:body, jsp:attribute, jsp:expression, jsp:scriptlet, and jsp:declaration.
    <jsp:attribute name="nonMinifiedJs">
     ^-----------^
  500.jsp:11:3: This tag can only appear as a subelement of a standard or custom action. Exceptions are: jsp:body, jsp:attribute, jsp:expression, jsp:scriptlet, and jsp:declaration.
    <jsp:body>
     ^------^

    at weblogic.servlet.jsp.JavelinxJSPStub.reportCompilationErrorIfNeccessary(JavelinxJSPStub.java:243)
    at weblogic.servlet.jsp.JavelinxJSPStub.compilePage0(JavelinxJSPStub.java:179)
    at weblogic.servlet.jsp.JavelinxJSPStub.access$000(JavelinxJSPStub.java:50)
    at weblogic.servlet.jsp.JavelinxJSPStub$1.run(JavelinxJSPStub.java:108)
    at java.security.AccessController.doPrivileged(Native Method)
    at weblogic.servlet.jsp.JavelinxJSPStub.compilePage(JavelinxJSPStub.java:105)
    at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:247)
    at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:200)
    at weblogic.servlet.internal.ServletStubImpl.getServlet(ServletStubImpl.java:403)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:295)
    at weblogic.servlet.internal.ServletStubImpl.onAddToMapException(ServletStubImpl.java:478)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:367)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
    ...
有帮助吗?

解决方案

以下方法允许在 Weblogic 中捆绑自定义 Xerces 和 Xalan 库:

  1. 创建耳朵档案 spring-security-saml2-sample.ear
  2. 包含 Spring SAML 文件 spring-security-saml2-sample.war 在耳朵里,战争应该包含自己版本的 Xerces 和 Xalan。

  3. 创建文件 META-INF/application.xml 耳朵里面有以下内容:

    <application xmlns="http://java.sun.com/xml/ns/javaee"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd" version="5">
  <module>
    <web>
      <web-uri>spring-security-saml2-sample.war</web-uri>
      <context-root>spring-security-saml2-sample</context-root>
    </web>
  </module>
</application>

  4. 创建文件 META-INF/weblogic-application.xml 包含以下内容:

    <weblogic-application xmlns="http://www.bea.com/ns/weblogic/90"
                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                      xsi:schemaLocation="http://www.bea.com/ns/weblogic/90 http://www.oracle.com/technology/weblogic/920/weblogic-application.xsd">
    <xml>
        <parser-factory>
            <saxparser-factory>
                org.apache.xerces.jaxp.SAXParserFactoryImpl
            </saxparser-factory>
            <document-builder-factory>
                org.apache.xerces.jaxp.DocumentBuilderFactoryImpl
            </document-builder-factory>
            <transformer-factory>
                org.apache.xalan.processor.TransformerFactoryImpl
            </transformer-factory>
        </parser-factory>
    </xml>
    <prefer-application-packages>
        <package-name>org.opensaml.*</package-name>
        <package-name>org.apache.xerces.*</package-name>
        <package-name>org.apache.xalan.*</package-name>
    </prefer-application-packages>                       
</weblogic-application>

  5. 部署存档

其他提示

对于稍后会出现的任何人来说,

我最终通过更新Xercesimpl版本2.9.0来解决问题。这似乎是这个问题的甜蜜点版本,即使它少于OpenSAML请求它解决问题的情况,同时不会导致WebLogic(据我当前遇到)。Xerces 2.10.0需要更新版本的XML-API到函数,并导致WebLogic的问题(2.9.0似乎与Webrogic中包含的XML-API版本合作)。

你玩过吗 prefer-web-inf-classes 对于战争文件或 prefer-application-packages 一个耳朵文件?其中之一可能会解决该问题:

在 weblogic-application.xml 中:

<wls:prefer-application-packages>
    <wls:package-name>org.apache.xerces.xni.parser.*</wls:package-name>
    <wls:package-name>org.apache.xerces.parsers.*</wls:package-name>
    <wls:package-name>org.apache.xalan.*</wls:package-name>
</wls:prefer-application-packages>

在 weblogic.xml 中:

<wls:container-descriptor>
    <wls:prefer-web-inf-classes>true</prefer-web-inf-classes>
</wls:container-descriptor>

看看这些 Oracle 文档在这里

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top