3

我目前正在开发一个使用 Spring SAML ( http://projects.spring.io/spring-security-saml/ ) 项目作为我们身份验证的一部分的应用程序。我知道它仍在 RC 中,但我们正在开发的应用程序也是如此。当部署到 Tomcat7 时,我们已经集成了库并且功能齐全,但在部署到 Weblogic 12c (12.0.1.2) 时遇到了问题。在没有抛出任何错误的 Weblogic 上,断言值将被解密为空无错误。

问题似乎出在 Xerces 库中。据我所知,Spring SAML(由于 OpenSAML)需要 2.10.0,但 Weblogic 提供了 2.8.0 的 Xerces 库。我试图通过在项目 WEB-INF/lib 文件夹。这修复了 Spring SAML 的解密问题,但破坏了 Weblogics 解析 JSP 页面的能力。我在下面包含了未升级和升级的 Xerces 异常的部分堆栈跟踪。如果有人知道如何正确解决此问题,以便 Spring SAML 可以在不破坏默认功能的情况下运行 Weblogic,我将不胜感激。

这是更新 Xerces 之前的堆栈跟踪

2014-07-31 10:43:37,675 [[ACTIVE] ExecuteThread: '2' for queue:     'weblogic.kernel.Default (self-tuning)'] DEBUG org.apache.xml.security.algorithms.JCEMapper   - Request for U
RI http://www.w3.org/2001/04/xmlenc#aes256-cbc
2014-07-31 10:43:37,675 [[ACTIVE] ExecuteThread: '2' for queue:    'weblogic.kernel.Default (self-tuning)'] DEBUG org.apache.xml.security.encryption.XMLCipher    - JCE Algorithm
 = AES/CBC/ISO10126Padding
<Jul 31, 2014 10:43:37 AM EDT> <Error> <HTTP> <BEA-101020>     <[ServletContext@1538876008[app:intranet module:intranet.war path:null spec-version:3.0]]    Servlet failed with an
Exception
java.lang.NumberFormatException: For input string: ""
    at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
    at java.lang.Integer.parseInt(Integer.java:504)
    at java.lang.Integer.valueOf(Integer.java:582)
    at org.opensaml.common.SAMLVersion.valueOf(SAMLVersion.java:89)
    at org.opensaml.saml2.core.impl.AssertionUnmarshaller.processAttribute(AssertionUnmarshaller.java:71)
    at org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshallAttribute(AbstractXMLObjectUnmarshaller.java:254)
    at org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObjectUnmarshaller.java:113)
    at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:479)
    at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:403)
    at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141)
    at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69)
    at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:190)
    at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:82)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
    at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:84)

这是将 Xerces 更新到 2.10.0 后的堆栈跟踪。

weblogic.servlet.jsp.CompilationException: Failed to compile JSP /WEB-  INF/jsp/errors/500.jsp
500.jsp:1:1: The validator class: "org.apache.taglibs.standard.tlv.JstlCoreTLV" has       failed with the following exception: "java.lang.ClassCastException: weblogic.xml.jaxp.Re
gistrySAXParserFactory cannot be cast to javax.xml.parsers.SAXParserFactory".
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
^-------------------------------------------------------------^
500.jsp:2:5: No tag library could be found with this URI. Possible causes could be that     the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@ taglib prefix="int" uri="intranet"%>
^----^
 500.jsp:2:5: No tag library could be found with this URI. Possible causes could be   that the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@ taglib prefix="int" uri="intranet"%>
^----^
500.jsp:6:3: This tag can only appear as a subelement of a standard or custom action.    Exceptions are: jsp:body, jsp:attribute, jsp:expression, jsp:scriptlet, and jsp:declaration.
    <jsp:attribute name="minifiedJs">
     ^-----------^
 500.jsp:8:3: This tag can only appear as a subelement of a standard or custom action.   Exceptions are: jsp:body, jsp:attribute, jsp:expression, jsp:scriptlet, and jsp:declaration.
    <jsp:attribute name="nonMinifiedJs">
     ^-----------^
  500.jsp:11:3: This tag can only appear as a subelement of a standard or custom action. Exceptions are: jsp:body, jsp:attribute, jsp:expression, jsp:scriptlet, and jsp:declaration.
    <jsp:body>
     ^------^

    at weblogic.servlet.jsp.JavelinxJSPStub.reportCompilationErrorIfNeccessary(JavelinxJSPStub.java:243)
    at weblogic.servlet.jsp.JavelinxJSPStub.compilePage0(JavelinxJSPStub.java:179)
    at weblogic.servlet.jsp.JavelinxJSPStub.access$000(JavelinxJSPStub.java:50)
    at weblogic.servlet.jsp.JavelinxJSPStub$1.run(JavelinxJSPStub.java:108)
    at java.security.AccessController.doPrivileged(Native Method)
    at weblogic.servlet.jsp.JavelinxJSPStub.compilePage(JavelinxJSPStub.java:105)
    at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:247)
    at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:200)
    at weblogic.servlet.internal.ServletStubImpl.getServlet(ServletStubImpl.java:403)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:295)
    at weblogic.servlet.internal.ServletStubImpl.onAddToMapException(ServletStubImpl.java:478)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:367)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
    ...
4

3 回答 3

2

对于以后遇到此问题的任何人。我最终通过更新到 xercesImpl 版本 2.9.0 解决了这个问题。这似乎是这个问题的最佳版本,即使它比 OpenSAML 要求的要少,它修复了这个问题,同时不会导致 Weblogic 的任何其他问题(就我目前遇到的而言)。Xerces 2.10.0 需要更新版本的 xml-apis 才能运行,这导致了 Weblogic 的问题(2.9.0 似乎与 Weblogic 中包含的 xml-apis 版本一起工作)。

于 2014-07-31T20:27:26.590 回答
1

以下方法允许在 Weblogic 中捆绑自定义 Xerces 和 Xalan 库:

  1. 创建耳朵档案spring-security-saml2-sample.ear
  2. 将Spring SAML 文件包含spring-security-saml2-sample.war在耳内,war 应该包含自己的 Xerces 和 Xalan 版本。

  3. META-INF/application.xml在耳朵内创建文件,内容如下:

    <application xmlns="http://java.sun.com/xml/ns/javaee"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd" version="5">
  <module>
    <web>
      <web-uri>spring-security-saml2-sample.war</web-uri>
      <context-root>spring-security-saml2-sample</context-root>
    </web>
  </module>
</application>

  4. 创建META-INF/weblogic-application.xml具有以下内容的文件:

    <weblogic-application xmlns="http://www.bea.com/ns/weblogic/90"
                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                      xsi:schemaLocation="http://www.bea.com/ns/weblogic/90 http://www.oracle.com/technology/weblogic/920/weblogic-application.xsd">
    <xml>
        <parser-factory>
            <saxparser-factory>
                org.apache.xerces.jaxp.SAXParserFactoryImpl
            </saxparser-factory>
            <document-builder-factory>
                org.apache.xerces.jaxp.DocumentBuilderFactoryImpl
            </document-builder-factory>
            <transformer-factory>
                org.apache.xalan.processor.TransformerFactoryImpl
            </transformer-factory>
        </parser-factory>
    </xml>
    <prefer-application-packages>
        <package-name>org.opensaml.*</package-name>
        <package-name>org.apache.xerces.*</package-name>
        <package-name>org.apache.xalan.*</package-name>
    </prefer-application-packages>                       
</weblogic-application>

  5. 部署存档

于 2014-08-02T10:48:45.493 回答
0

你玩过prefer-web-inf-classeswar文件还是prefer-application-packagesear文件?其中之一可能会解决问题:

在 weblogic-application.xml 中:

<wls:prefer-application-packages>
    <wls:package-name>org.apache.xerces.xni.parser.*</wls:package-name>
    <wls:package-name>org.apache.xerces.parsers.*</wls:package-name>
    <wls:package-name>org.apache.xalan.*</wls:package-name>
</wls:prefer-application-packages>

在 weblogic.xml 中:

<wls:container-descriptor>
    <wls:prefer-web-inf-classes>true</prefer-web-inf-classes>
</wls:container-descriptor>

在此处查看这些Oracle 文档

于 2014-07-31T15:30:15.310 回答