本文介绍了在CXF中使用本地定义的AttributeBean的SAML2断言的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我一直在与Apache CXF和WSS4J一起实施SecurityTokenService.

I’ve been working with Apache CXF and WSS4J to implement a SecurityTokenService.

使用实现"org.apache.cxf.sts.claims.ClaimsHandler"的"CustomClaimsHandler",我可以创建一个包含此类属性的SAML令牌:

Using a "CustomClaimsHandler" implementing "org.apache.cxf.sts.claims.ClaimsHandler" I can create a SAML token containing this kind of attributes :

<saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
               <saml2:AttributeValue xsi:type="xs:string">admin</saml2:AttributeValue>
</saml2:Attribute>

问题是我现在正在尝试创建带有一些XML内容的属性.例如:

The thing is I am now trying to create an attribute with some XML content. For exemple :

<saml2:Attribute Name="http://my/xml/content">
               <saml2:AttributeValue xsi:type="???">
        <somthing>
<somthingElse>text</somthingElse>
        </somthing>
</saml2:AttributeValue>
</saml2:Attribute>

我在此链接上得到了回应: SAML2 xml结构化属性值

Following a response I got on this link : SAML2 xml structured attribute values

我在CXF STS项目中的opensaml-core v3.0.0中添加了一个依赖项,以获取"org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport"类,如响应中的示例所示.在调用XMLObjectProviderRegistrySupport.getBuilderFactory()之前,我似乎必须初始化opensaml的配置.

I added a dependency to opensaml-core v3.0.0 in my CXF STS project to obtain the "org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport" class as shown in the exemple from the response. Before calling the XMLObjectProviderRegistrySupport.getBuilderFactory() I seemed to have to initialize the configuration of opensaml.

我通过调用"org.opensaml.core.config.InitializationService.initialize();"来管理初始化

I managed the initialization calling "org.opensaml.core.config.InitializationService.initialize();"

对于使用XSAny类型创建AttributeBean来说,一切似乎都很好.

All seems good for the creation of the AttributeBean with an XSAny type.

问题是WSS4J尝试处理SAMLCallback时:

The problem is when WSS4J tries to Handle the SAMLCallback :

Caused by: java.lang.ClassCastException: org.opensaml.core.xml.schema.impl.XSAnyBuilder cannot be cast to org.opensaml.xml.XMLObjectBuilder at org.opensaml.xml.XMLConfigurator.initializeObjectProviders(XMLConfigurator.java:236) at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:182) at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:166) at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:143) at org.apache.wss4j.common.saml.OpenSAMLBootstrap.initializeXMLTooling(OpenSAMLBootstrap.java:105) at org.apache.wss4j.common.saml.OpenSAMLBootstrap.bootstrap(OpenSAMLBootstrap.java:86) at org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine(OpenSAMLUtil.java:61) at org.apache.wss4j.common.saml.SamlAssertionWrapper.(SamlAssertionWrapper.java:204) at org.apache.cxf.sts.token.provider.SAMLTokenProvider.createSamlToken(SAMLTokenProvider.java:303) at org.apache.cxf.sts.token.provider.SAMLTokenProvider.createToken(SAMLTokenProvider.java:122) ... 45 more

Caused by: java.lang.ClassCastException: org.opensaml.core.xml.schema.impl.XSAnyBuilder cannot be cast to org.opensaml.xml.XMLObjectBuilder at org.opensaml.xml.XMLConfigurator.initializeObjectProviders(XMLConfigurator.java:236) at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:182) at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:166) at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:143) at org.apache.wss4j.common.saml.OpenSAMLBootstrap.initializeXMLTooling(OpenSAMLBootstrap.java:105) at org.apache.wss4j.common.saml.OpenSAMLBootstrap.bootstrap(OpenSAMLBootstrap.java:86) at org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine(OpenSAMLUtil.java:61) at org.apache.wss4j.common.saml.SamlAssertionWrapper.(SamlAssertionWrapper.java:204) at org.apache.cxf.sts.token.provider.SAMLTokenProvider.createSamlToken(SAMLTokenProvider.java:303) at org.apache.cxf.sts.token.provider.SAMLTokenProvider.createToken(SAMLTokenProvider.java:122) ... 45 more

也许我有版本问题:

我是否必须使我的opensaml的STS配置了解我的opensaml-core v3.0.0类?还是我必须使用其他版本的CXF才能获得更新版本的WSS4J?

Either I’d have to make my STS’s configuration of opensaml aware of my opensaml-core v3.0.0 classes ? Or I’d have to use a different version of CXF to get a newer version of WSS4J ?

我的CXF版本是3.0.1,并且对2.0.1版中的WSS4J-ws-security-common具有依赖关系;对opensaml 2.6.1版具有依赖性.

My version of CXF is 3.0.1 and has a dependency on WSS4J-ws-security-common in version 2.0.1 witch has a dependency on opensaml version 2.6.1

有人有线索吗?问候

推荐答案

您不能将OpenSAML 3与CXF 3.0.x或WSS4J 2.0.x一起使用.如果确实需要使用OpenSAML 3,则需要使用CXF主SNAPSHOT代码(3.1.0-SNAPSHOT),该代码当前正在与OpenSAML 3一起使用.

You can't use OpenSAML 3 with CXF 3.0.x or WSS4J 2.0.x. If you really need to use OpenSAML 3, then you will need to work with the CXF master SNAPSHOT code (3.1.0-SNAPSHOT), which is currently working with OpenSAML 3.

Colm.

这篇关于在CXF中使用本地定义的AttributeBean的SAML2断言的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-12 08:57