I have a spring-security-saml2 based SP webapp that uses Shibboleth 2 IdP.
Web SSO is successful. I am now working on a custom index.jsp and finding that within the index.jsp I am getting a null SecurityContext as evident by a println in index.jsp that print "INFO: XXX authentication: null" at the end of the listing below. An earlier debug log "SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed" indicates why he SecurityContext is null.
The following thread seems related:
http://forum.springsource.org/showth...ight=index.jsp
However, the bug it references, SEC-2027, seems to be fixed in spring-security 3.1.2. I am using 3.1.4.RELEASE.
What am I doing wrong to get the SecurityContextHolder to be cleared too early and before index.jsp has been processed? Thanks for your help.
Relevant parts of my index.jsp are below...
Web SSO is successful. I am now working on a custom index.jsp and finding that within the index.jsp I am getting a null SecurityContext as evident by a println in index.jsp that print "INFO: XXX authentication: null" at the end of the listing below. An earlier debug log "SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed" indicates why he SecurityContext is null.
The following thread seems related:
http://forum.springsource.org/showth...ight=index.jsp
However, the bug it references, SEC-2027, seems to be fixed in spring-security 3.1.2. I am using 3.1.4.RELEASE.
What am I doing wrong to get the SecurityContextHolder to be cleared too early and before index.jsp has been processed? Thanks for your help.
Code:
INFO: 10:51:09,892 DEBUG WebSSOProfileConsumerImpl:559 - Verifying received AuthnContext org.opensaml.saml2.core.impl.AuthnContextImpl@3b74be74 against requested null
INFO: 10:51:09,898 INFO SAMLDefaultLogger:94 - AuthNResponse;SUCCESS;127.0.0.1
INFO: 10:51:09,900 DEBUG SAMLProcessingFilter:317 - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.providers.ExpiringUsernameAuthenticationToken@1e9961c6: Principal: org.springframework.security.core.userdetails.User@e1bdedc7: Username: Developer1; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: urn:test:Role:TestSubmittingOrg1Developer; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.core.userdetails.User@e1bdedc7: Username: Developer1; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: urn:test:Role:TestSubmittingOrg1Developer; Granted Authorities: urn:test:Role:TestSubmittingOrg1Developer
INFO: 10:51:09,901 DEBUG SavedRequestAwareAuthenticationSuccessHandler:107 - Using default Url: /index.jsp
INFO: 10:51:09,902 DEBUG DefaultRedirectStrategy:36 - Redirecting to '/omar-server/index.jsp'
INFO: 10:51:09,903 DEBUG HttpSessionSecurityContextRepository:292 - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@1e9961c6: Authentication: org.springframework.security.providers.ExpiringUsernameAuthenticationToken@1e9961c6: Principal: org.springframework.security.core.userdetails.User@e1bdedc7: Username: Developer1; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: urn:test:Role:TestSubmittingOrg1Developer; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.core.userdetails.User@e1bdedc7: Username: Developer1; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: urn:test:Role:TestSubmittingOrg1Developer; Granted Authorities: urn:test:Role:TestSubmittingOrg1Developer'
INFO: 10:51:09,904 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
INFO: 10:51:09,944 DEBUG AntPathRequestMatcher:116 - Checking match of request : '/index.jsp'; against '/saml/web/**'
INFO: 10:51:09,945 DEBUG AntPathRequestMatcher:116 - Checking match of request : '/index.jsp'; against '/logout.jsp'
INFO: 10:51:09,946 DEBUG AntPathRequestMatcher:116 - Checking match of request : '/index.jsp'; against '/login.jsp'
INFO: 10:51:09,947 DEBUG AntPathRequestMatcher:116 - Checking match of request : '/index.jsp'; against '/index.jsp'
INFO: 10:51:09,948 DEBUG FilterChainProxy:180 - /index.jsp has an empty filter list
INFO: XXX authentication: nullCode:
...
<div id="content">
<h1>My Application</h1>
<%
SAMLCredential credential = null;
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
System.out.println("XXX authentication: " + authentication);
if (authentication != null) {
System.out.println("XXX authentication.isAuthenticated: " + authentication.isAuthenticated());
Object o = authentication.getCredentials();
System.out.println("XXX authentication.getCredentials(): " + o );
if (o != null) {
if (o instanceof SAMLCredential) {
System.out.println("XXX Got SAMLCredential");
credential = (SAMLCredential)o;
} else {
System.out.println("XXX Got credential of type " + o.getClass());
}
} else {
System.out.println("XXX Got null credential");
}
}
pageContext.setAttribute("credential", credential);
%>
...