SAMLException: CONTEXT=исключение, встретившееся с метаданнымиGeneratorFilter, EXCEPTION=message.encoder.MessageEncoding ⇐ JAVA

[Anonymous]

В настоящее время мы используем org.owasp.esapi:esapi:2.4.0.0 и пытаемся обновить его до последней неуязвимой версии org.owasp.esapi:esapi:2.5.3.1.
Мы получаем сообщение об ошибке входа в систему единого входа с указанным ниже исключением:

Код: Выделить всё

[2024-04-26 08:59:25.889 UTC] [MSG] [ERROR] [https-jsse-nio-443-exec-15::saml:samlEntryPoint] [LmMetadataGeneratorFilter.doFilter:161] SAMLException, CONTEXT=exception met with metadataGeneratorFilter, EXCEPTION=org.opensaml.ws.message.encoder.MessageEncodingException: Error creating output document
javax.servlet.ServletException: org.opensaml.ws.message.encoder.MessageEncodingException:  Error creating output document
at org.springframework.security.saml.SAMLEntryPoint.commence(SAMLEntryPoint.java:163)
at org.springframework.security.saml.SAMLEntryPoint.doFilter(SAMLEntryPoint.java:106)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:185)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:117)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at com.santaba.server.saml.LmMetadataGeneratorFilter.doFilter(LmMetadataGeneratorFilter.java:159)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.opensaml.ws.message.encoder.MessageEncodingException:  Error creating output document
at org.opensaml.saml2.binding.encoding.HTTPPostEncoder.postEncode(HTTPPostEncoder.java:140)
at org.opensaml.saml2.binding.encoding.HTTPPostEncoder.doEncode(HTTPPostEncoder.java:112)
at org.opensaml.ws.message.encoder.BaseMessageEncoder.encode(BaseMessageEncoder.java:52)
at org.springframework.security.saml.processor.SAMLProcessorImpl.sendMessage(SAMLProcessorImpl.java:224)
at org.springframework.security.saml.processor.SAMLProcessorImpl.sendMessage(SAMLProcessorImpl.java:192)
at org.springframework.security.saml.websso.AbstractProfileBase.sendMessage(AbstractProfileBase.java:148)
at org.springframework.security.saml.websso.WebSSOProfileImpl.sendAuthenticationRequest(WebSSOProfileImpl.java:107)
at org.springframework.security.saml.SAMLEntryPoint.initializeSSO(SAMLEntryPoint.java:225)
at org.springframework.security.saml.SAMLEntryPoint.commence(SAMLEntryPoint.java:152)
... 43 more
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
at org.owasp.esapi.ESAPI.encoder(ESAPI.java:101)
at org.opensaml.saml2.binding.encoding.HTTPPostEncoder.populateVelocityContext(HTTPPostEncoder.java:155)
at org.opensaml.saml2.binding.encoding.HTTPPostEncoder.postEncode(HTTPPostEncoder.java:128)
... 51 more
Caused by: java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
... 54 more
Caused by: java.lang.NullPointerException
at org.owasp.esapi.reference.DefaultEncoder.(DefaultEncoder.java:118)
at org.owasp.esapi.reference.DefaultEncoder.(DefaultEncoder.java:109)
at org.owasp.esapi.reference.DefaultEncoder.getInstance(DefaultEncoder.java:68)
...  59 more

Apr 26, 2024 8:59:25 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [default] in context with path [/santaba] threw exception [org.opensaml.ws.message.encoder.MessageEncodingException:  E r r o r   c r e a t i n g   o u t p u t   d o c u m e n t ]   w i t h   r o o t   c a u s e < b r   / > j a v a . l a n g . N u l l P o i n t e r E x c e p t i o n < b r   / >         a t   o r g . o w a s p . e s a p i . r e f e r e n c e . D e f a u l t E n c o d e r . & l t ; i n i t & g t ; ( D e f a u l t E n c o d e r . j a v a : 1 1 8 ) < b r   / >         a t   o r g . o w a s p . e s a p i . r e f e r e n c e . D e f a u l t E n c o d e r . & l t ; i n i t & g t ; ( D e f a u l t E n c o d e r . j a v a : 1 0 9 ) < b r   / >         a t   o r g . o w a s p . e s a p i . r e f e r e n c e . D e f a u l t E n c o d e r . g e t I n s t a n c e ( D e f a u l t E n c o d e r . j a v a : 6 8 ) < b r   / >         a t   j a v a . b a s e / j d k . i n t e r n a l . r e f l e c t . N a t i v e M e t h o d A c c e s s o r I m p l . i n v o k e 0 ( N a t i v e   M e t h o d ) < b r   / >         a t   j a v a . b a s e / j d k . i n t e r n a l . r e f l e c t . N a t i v e M e t h o d A c c e s s o r I m p l . i n v o k e ( N a t i v e M e t h o d A c c e s s o r I m p l . j a v a : 6 2 ) < b r   / >         a t   j a v a . b a s e / j d k . i n t e r n a l . r e f l e c t . D e l e g a t i n g M e t h o d A c c e s s o r I m p l . i n v o k e ( D e l e g a t i n g M e t h o d A c c e s s o r I m p l . j a v a : 4 3 ) < b r   / >         a t   j a v a . b a s e / j a v a . l a n g . r e f l e c t . M e t h o d . i n v o k e ( M e t h o d . j a v a : 5 6 6 ) < b r   / >         a t   o r g . o w a s p . e s a p i . u t i l . O b j F a c t o r y . m a k e ( O b j F a c t o r y . j a v a : 8 6 ) < b r   / >         a t   o r g . o w a s p . e s a p i . E S A P I . e n c o d e r ( E S A P I . j a v a : 1 0 1 ) < b r   / >         a t   o r g . o p e n s a m l . s a m l 2 . b i n d i n g . e n c o d i n g . H T T P P o s t E n c o d e r . p o p u l a t e V e l o c i t y C o n t e x t ( H T T P P o s t E n c o d e r . j a v a : 1 5 5 ) < b r   / >         a t   o r g . o p e n s a m l . s a m l 2 . b i n d i n g . e n c o d i n g . H T T P P o s t E n c o d e r . p o s t E n c o d e ( H T T P P o s t E n c o d e r . j a v a : 1 2 8 ) < b r   / >         a t   o r g . o p e n s a m l . s a m l 2 . b i n d i n g . e n c o d i n g . H T T P P o s t E n c o d e r . d o E n c o d e ( H T T P P o s t E n c o d e r . j a v a : 1 1 2 ) < b r   / >         a t   o r g . o p e n s a m l . w s . m e s s a g e . e n c o d e r . B a s e M e s s a g e E n c o d e r . e n c o d e ( B a s e M e s s a g e E n c o d e r . j a v a : 5 2 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . s a m l . p r o c e s s o r . S A M L P r o c e s s o r I m p l . s e n d M e s s a g e ( S A M L P r o c e s s o r I m p l . j a v a : 2 2 4 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . s a m l . p r o c e s s o r . S A M L P r o c e s s o r I m p l . s e n d M e s s a g e ( S A M L P r o c e s s o r I m p l . j a v a : 1 9 2 ) < b r   / >         a t   o r g . s p r i n g f r a m e w o r k . s e c u r i t y . s a ml.websso.AbstractProfileBase.sendMessage(AbstractProfileBase.java:148)
at org.springframework.security.saml.websso.WebSSOProfileImpl.sendAuthenticationRequest(WebSSOProfileImpl.java:107)
at org.springframework.security.saml.SAMLEntryPoint.initializeSSO(SAMLEntryPoint.java:225)
at org.springframework.security.saml.SAMLEntryPoint.commence(SAMLEntryPoint.java:152)
at org.springframework.security.saml.SAMLEntryPoint.doFilter(SAMLEntryPoint.java:106)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:185)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:117)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at com.santaba.server.saml.LmMetadataGeneratorFilter.doFilter(LmMetadataGeneratorFilter.java:159)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:829)

Мы не вызываем методы ESAPI напрямую в нашем коде, они вызываются через org.opensaml.
Мы используем opensaml 2.6.6
Фрагмент кода Opensaml 2.6.6

Подробнее здесь: https://stackoverflow.com/questions/784 ... ception-me