update

update

update
a7033d7f · MaxKey单点登录官方 · a087487a · a7033d7f · a7033d7f · a7033d7f
24 changed file
--- a/maxkey-core/src/main/java/org/maxkey/crypto/keystore/KeyStoreLoader.java
+++ b/maxkey-core/src/main/java/org/maxkey/crypto/keystore/KeyStoreLoader.java
@@ -9,7 +9,6 @@ import java.util.Enumeration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
-import org.springframework.beans.factory.annotation.Required;
 import org.springframework.util.ResourceUtils;
@@ -45,7 +44,6 @@ public class KeyStoreLoader implements InitializingBean{
 	/**
 	 * @param keystoreFile the keystoreFile to set
 	 */
-	@Required
 	public void setKeystoreFile(String keystoreFile) {
 		this.keystoreFile = keystoreFile;
 	}
@@ -55,7 +53,6 @@ public class KeyStoreLoader implements InitializingBean{
 	/**
 	 * @param keystorePassword the keystorePassword to set
 	 */
-	@Required
 	public void setKeystorePassword(String keystorePassword) {
 		this.keystorePassword = keystorePassword;
 	}

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml/common/EndpointGenerator.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml/common/EndpointGenerator.java
@@ -5,26 +5,18 @@ package org.maxkey.authz.saml.common;
 import javax.xml.namespace.QName;
 import org.apache.commons.lang.StringUtils;
-import org.opensaml.Configuration;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.common.SAMLObjectBuilder;
 import org.opensaml.saml2.metadata.Endpoint;
-import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.saml2.metadata.impl.AssertionConsumerServiceBuilder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 public class EndpointGenerator {
 	private final static Logger logger = LoggerFactory.getLogger(EndpointGenerator.class);
-	private XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
 	public Endpoint generateEndpoint( String location) {
 		logger.debug("end point location: {}", location);
+		Endpoint samlEndpoint = new AssertionConsumerServiceBuilder().buildObject();
-		QName service=org.opensaml.saml2.metadata.AssertionConsumerService.DEFAULT_ELEMENT_NAME;
-		SAMLObjectBuilder<Endpoint> endpointBuilder = (SAMLObjectBuilder<Endpoint>) builderFactory.getBuilder(service);
-		Endpoint samlEndpoint = endpointBuilder.buildObject();
        samlEndpoint.setLocation(location);
@@ -35,12 +27,11 @@ public class EndpointGenerator {
 		logger.debug("end point service: {}", service);
 		logger.debug("end point location: {}", location);
 		logger.debug("end point responseLocation: {}", responseLocation);
+		Endpoint samlEndpoint;
 		if(null==service){
-			service=org.opensaml.saml2.metadata.AssertionConsumerService.DEFAULT_ELEMENT_NAME;
+			service =  AssertionConsumerService.DEFAULT_ELEMENT_NAME;
 		}
-		SAMLObjectBuilder<Endpoint> endpointBuilder = (SAMLObjectBuilder<Endpoint>) builderFactory.getBuilder(service);
+		samlEndpoint = new AssertionConsumerServiceBuilder().buildObject(service);
-		Endpoint samlEndpoint = endpointBuilder.buildObject();
        samlEndpoint.setLocation(location);

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml/common/TrustResolver.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml/common/TrustResolver.java
@@ -32,8 +32,7 @@ public class TrustResolver {
 		Map<String, String> passwords = new HashMap<String, String>();
 		passwords.put(key, password);
-		keyStoreCredentialResolver = new KeyStoreCredentialResolver(
+		keyStoreCredentialResolver = new KeyStoreCredentialResolver(trustKeyStore, passwords);
-				trustKeyStore, passwords);
 		return keyStoreCredentialResolver;
 	}
@@ -60,13 +59,11 @@ public class TrustResolver {
 		}
 		securityPolicyDelegate.addSecurityPolicy(issueInstantRule);
 		securityPolicyDelegate.addSecurityPolicy(messageReplayRule);
-		staticSecurityPolicyResolver = new StaticSecurityPolicyResolver(
+		staticSecurityPolicyResolver = new StaticSecurityPolicyResolver(securityPolicyDelegate);
-				securityPolicyDelegate);
 	}
 	public void initPolicyRule(){
-		signatureSecurityPolicyRule = new SignatureSecurityPolicyRule(
+		signatureSecurityPolicyRule = new SignatureSecurityPolicyRule(keyStoreCredentialResolver, new SAMLSignatureProfileValidator());
-				keyStoreCredentialResolver, new SAMLSignatureProfileValidator());
 		signatureSecurityPolicyRule.loadTrustEngine();
 	}
@@ -80,8 +77,7 @@ public class TrustResolver {
 		securityPolicyDelegate.addSecurityPolicy(issueInstantRule);
 		securityPolicyDelegate.addSecurityPolicy(messageReplayRule);
-		staticSecurityPolicyResolver = new StaticSecurityPolicyResolver(
+		staticSecurityPolicyResolver = new StaticSecurityPolicyResolver(securityPolicyDelegate);
-				securityPolicyDelegate);
 	}
 	public KeyStoreCredentialResolver getKeyStoreCredentialResolver() {

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/BindingAdapter.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/BindingAdapter.java
-package org.maxkey.authz.saml20;
+package org.maxkey.authz.saml20.binding;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -7,12 +7,9 @@ import javax.servlet.http.HttpServletResponse;
 import org.maxkey.authz.saml.common.AuthnRequestInfo;
 import org.maxkey.domain.apps.AppsSAML20Details;
 import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.common.binding.SAMLMessageContext;
 import org.opensaml.saml2.metadata.Endpoint;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.ws.security.SecurityPolicyResolver;
-import org.opensaml.xml.security.SecurityException;
 import org.opensaml.xml.security.credential.Credential;
 /**
@@ -25,7 +22,6 @@ public interface BindingAdapter {
 	public void sendSAMLMessage(SignableSAMLObject samlMessage, Endpoint endpoint, HttpServletRequest request, HttpServletResponse response) throws MessageEncodingException;
 	public void setSecurityPolicyResolver(SecurityPolicyResolver securityPolicyResolver);
 	public void setExtractBindingAdapter(ExtractBindingAdapter extractBindingAdapter);

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/ExtractBindingAdapter.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/ExtractBindingAdapter.java
-package org.maxkey.authz.saml20;
+package org.maxkey.authz.saml20.binding;
 import java.security.KeyStore;
@@ -21,6 +21,7 @@ import org.opensaml.xml.security.credential.CredentialResolver;
 */
 public interface ExtractBindingAdapter {
+	@SuppressWarnings("rawtypes")
 	public SAMLMessageContext extractSAMLMessageContext(HttpServletRequest request) throws MessageDecodingException, SecurityException;
 	public String extractSAMLMessage(HttpServletRequest request);

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/OpenHTTPPostDecoder.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/OpenHTTPPostDecoder.java
-package org.maxkey.authz.saml20;
+package org.maxkey.authz.saml20.binding.decoder;
 import javax.servlet.http.HttpServletRequest;
 import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder;
 import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
 import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.ws.transport.InTransport;
@@ -14,9 +13,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 public class OpenHTTPPostDecoder extends HTTPPostDecoder {
+	private final Logger log = LoggerFactory.getLogger(OpenHTTPPostDecoder.class);
-	/** Class logger. */
-	private final Logger log = LoggerFactory.getLogger(BaseSAMLMessageDecoder.class);
 	private String receiverEndpoint;
@@ -42,6 +39,7 @@ public class OpenHTTPPostDecoder extends HTTPPostDecoder {
 	 *             thrown if there is a problem decoding and processing the
 	 *             message Destination or receiver endpoint information
 	 */
+	@SuppressWarnings("rawtypes")
 	@Override
 	protected void checkEndpointURI(SAMLMessageContext messageContext)
 			throws SecurityException, MessageDecodingException {
@@ -99,6 +97,7 @@ public class OpenHTTPPostDecoder extends HTTPPostDecoder {
 	}
 	@Override
+	@SuppressWarnings("rawtypes")
 	protected String getActualReceiverEndpointURI(
 			 SAMLMessageContext messageContext) throws MessageDecodingException {
 		InTransport inTransport = messageContext.getInboundMessageTransport();

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/OpenHTTPPostSimpleSignDecoder.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/OpenHTTPPostSimpleSignDecoder.java
-package org.maxkey.authz.saml20;
+package org.maxkey.authz.saml20.binding.decoder;
 import javax.servlet.http.HttpServletRequest;
 import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder;
 import org.opensaml.saml2.binding.decoding.HTTPPostSimpleSignDecoder;
 import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.ws.transport.InTransport;
@@ -14,9 +13,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 public class OpenHTTPPostSimpleSignDecoder extends HTTPPostSimpleSignDecoder {
+	private final Logger log = LoggerFactory.getLogger(OpenHTTPPostSimpleSignDecoder.class);
-	/** Class logger. */
-	private final Logger log = LoggerFactory.getLogger(BaseSAMLMessageDecoder.class);
 	private String receiverEndpoint;
@@ -42,7 +39,9 @@ public class OpenHTTPPostSimpleSignDecoder extends HTTPPostSimpleSignDecoder {
 	 *             thrown if there is a problem decoding and processing the
 	 *             message Destination or receiver endpoint information
 	 */
 	@Override
+	@SuppressWarnings("rawtypes")
 	protected void checkEndpointURI(SAMLMessageContext messageContext)
 			throws SecurityException, MessageDecodingException {
@@ -56,58 +55,48 @@ public class OpenHTTPPostSimpleSignDecoder extends HTTPPostSimpleSignDecoder {
 		if (messageDestination == null) {
 			if (bindingRequires) {
 				log.error("SAML message intended destination endpoint URI required by binding was empty");
-				throw new SecurityException(
+				throw new SecurityException("SAML message intended destination (required by binding) was not present");
-						"SAML message intended destination (required by binding) was not present");
 			} else {
 				log.debug("SAML message intended destination endpoint in message was empty, not required by binding, skipping");
 				return;
 			}
 		}
-		String receiverEndpoint = DatatypeHelper
+		String receiverEndpoint = DatatypeHelper.safeTrimOrNullString(getActualReceiverEndpointURI(messageContext));
-				.safeTrimOrNullString(getActualReceiverEndpointURI(messageContext));
-		log.debug("Intended message destination endpoint: {}",
+		log.debug("Intended message destination endpoint: {}",messageDestination);
-				messageDestination);
 		log.debug("Actual message receiver endpoint: {}", receiverEndpoint);
 		// 协议头统一（http或https，需要和destination统一）
 		if (messageDestination.indexOf("/") != -1
 				&& receiverEndpoint.indexOf("/") != -1) {
-			if (!messageDestination.substring(0,
+			if (!messageDestination.substring(0,messageDestination.indexOf("/"))
-					messageDestination.indexOf("/"))
+					.equalsIgnoreCase(receiverEndpoint.substring(0,receiverEndpoint.indexOf("/")))) {
-					.equalsIgnoreCase(
-							receiverEndpoint.substring(0,
+				receiverEndpoint = messageDestination.substring(0,messageDestination.indexOf("/"))
-									receiverEndpoint.indexOf("/")))) {
+						+ receiverEndpoint.substring(receiverEndpoint.indexOf("/"));
-				receiverEndpoint = messageDestination.substring(0,
-						messageDestination.indexOf("/"))
-						+ receiverEndpoint.substring(receiverEndpoint
-								.indexOf("/"));
 			}
 		}
 		boolean matched = compareEndpointURIs(messageDestination,
 				receiverEndpoint);
 		if (!matched) {
-			log.error(
+			log.error("SAML message intended destination endpoint '{}' did not match the recipient endpoint '{}'",
-					"SAML message intended destination endpoint '{}' did not match the recipient endpoint '{}'",
 					messageDestination, receiverEndpoint);
-			throw new SecurityException(
+			throw new SecurityException("SAML message intended destination endpoint did not match recipient endpoint");
-					"SAML message intended destination endpoint did not match recipient endpoint");
 		} else {
 			log.debug("SAML message intended destination endpoint matched recipient endpoint");
 		}
 	}
 	@Override
+	@SuppressWarnings("rawtypes")
 	protected String getActualReceiverEndpointURI(
 			SAMLMessageContext messageContext) throws MessageDecodingException {
 		InTransport inTransport = messageContext.getInboundMessageTransport();
 		if (!(inTransport instanceof HttpServletRequestAdapter)) {
-			throw new MessageDecodingException(
+			throw new MessageDecodingException("Message context InTransport instance was an unsupported type");
-					"Message context InTransport instance was an unsupported type");
 		}
-		HttpServletRequest httpRequest = ((HttpServletRequestAdapter) inTransport)
+		HttpServletRequest httpRequest = ((HttpServletRequestAdapter) inTransport).getWrappedRequest();
-				.getWrappedRequest();
 		StringBuffer urlBuilder = httpRequest.getRequestURL();

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/OpenHTTPRedirectDecoder.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/OpenHTTPRedirectDecoder.java
-package org.maxkey.authz.saml20;
+package org.maxkey.authz.saml20.binding.decoder;
 import javax.servlet.http.HttpServletRequest;
 import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder;
 import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
 import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.ws.transport.InTransport;
@@ -14,9 +13,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 public class OpenHTTPRedirectDecoder extends HTTPRedirectDeflateDecoder {
+	private final Logger log = LoggerFactory.getLogger(OpenHTTPRedirectDecoder.class);
-	/** Class logger. */
-	private final Logger log = LoggerFactory.getLogger(BaseSAMLMessageDecoder.class);
 	private String receiverEndpoint;
@@ -42,9 +39,10 @@ public class OpenHTTPRedirectDecoder extends HTTPRedirectDeflateDecoder {
 	 *             thrown if there is a problem decoding and processing the
 	 *             message Destination or receiver endpoint information
 	 */
 	@Override
-	protected void checkEndpointURI(SAMLMessageContext messageContext)
+	@SuppressWarnings("rawtypes")
-			throws SecurityException, MessageDecodingException {
+	protected void checkEndpointURI(SAMLMessageContext messageContext)throws SecurityException, MessageDecodingException {
 		log.debug("Checking SAML message intended destination endpoint against receiver endpoint");
@@ -99,8 +97,8 @@ public class OpenHTTPRedirectDecoder extends HTTPRedirectDeflateDecoder {
 	}
 	@Override
-	protected String getActualReceiverEndpointURI(
+	@SuppressWarnings("rawtypes")
-			SAMLMessageContext messageContext) throws MessageDecodingException {
+	protected String getActualReceiverEndpointURI(SAMLMessageContext messageContext) throws MessageDecodingException {
 		InTransport inTransport = messageContext.getInboundMessageTransport();
 		if (!(inTransport instanceof HttpServletRequestAdapter)) {
 			throw new MessageDecodingException(

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/ExtractPostBindingAdapter.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/ExtractPostBindingAdapter.java
-package org.maxkey.authz.saml20;
+package org.maxkey.authz.saml20.binding.impl;
 import java.security.KeyStore;
 import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.lang.StringUtils;
 import org.maxkey.authz.saml.common.TrustResolver;
+import org.maxkey.authz.saml20.binding.ExtractBindingAdapter;
 import org.maxkey.crypto.keystore.KeyStoreLoader;
 import org.maxkey.domain.apps.AppsSAML20Details;
 import org.opensaml.common.binding.BasicSAMLMessageContext;
@@ -18,9 +19,12 @@ import org.opensaml.ws.security.SecurityPolicyResolver;
 import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
 import org.opensaml.xml.security.SecurityException;
 import org.opensaml.xml.security.credential.CredentialResolver;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
 public class ExtractPostBindingAdapter implements ExtractBindingAdapter, InitializingBean{
+	private final static Logger logger = LoggerFactory.getLogger(ExtractPostBindingAdapter.class);
 	static final String SAML_REQUEST_POST_PARAM_NAME = "SAMLRequest";
 	static final String SAML_RESPONSE_POST_PARAM_NAME = "SAMLResponse";
@@ -65,7 +69,9 @@ public class ExtractPostBindingAdapter implements ExtractBindingAdapter, Initial
 	@Override
+	@SuppressWarnings("rawtypes")
 	public SAMLMessageContext extractSAMLMessageContext(HttpServletRequest request) throws MessageDecodingException, SecurityException {
 		BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext();
@@ -75,7 +81,7 @@ public class ExtractPostBindingAdapter implements ExtractBindingAdapter, Initial
 		messageContext.setSecurityPolicyResolver(securityPolicyResolver);
 		decoder.decode(messageContext);
+		logger.debug("decode successed ");
 		return	messageContext;
 	}

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/ExtractRedirectBindingAdapter.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/ExtractRedirectBindingAdapter.java
-package org.maxkey.authz.saml20;
+package org.maxkey.authz.saml20.binding.impl;
 import java.security.KeyStore;
@@ -31,7 +31,8 @@ public class ExtractRedirectBindingAdapter extends ExtractPostBindingAdapter{
 					keyStoreLoader.getEntityName(),
 					keyStoreLoader.getKeystorePassword(), 
 					issueInstantRule,
-					messageReplayRule,"Redirect");
+					messageReplayRule,
+					"Redirect");
 		credentialResolver = (CredentialResolver)trustResolver.getKeyStoreCredentialResolver();
 		this.securityPolicyResolver = trustResolver.getStaticSecurityPolicyResolver();
 	}

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/PostBindingAdapter.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/PostBindingAdapter.java
-package org.maxkey.authz.saml20;
+package org.maxkey.authz.saml20.binding.impl;
 import java.security.KeyStore;
 import javax.servlet.http.HttpServletRequest;
@@ -9,6 +9,8 @@ import org.apache.commons.lang.Validate;
 import org.apache.velocity.app.VelocityEngine;
 import org.maxkey.authz.saml.common.AuthnRequestInfo;
 import org.maxkey.authz.saml.common.TrustResolver;
+import org.maxkey.authz.saml20.binding.BindingAdapter;
+import org.maxkey.authz.saml20.binding.ExtractBindingAdapter;
 import org.maxkey.crypto.keystore.KeyStoreLoader;
 import org.maxkey.crypto.keystore.KeyStoreUtil;
 import org.maxkey.domain.apps.AppsSAML20Details;
@@ -32,7 +34,6 @@ import org.opensaml.xml.security.criteria.UsageCriteria;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
-import org.springframework.beans.factory.annotation.Required;
 public class PostBindingAdapter implements BindingAdapter, InitializingBean{
 	private final static Logger logger = LoggerFactory.getLogger(PostBindingAdapter.class);
@@ -73,12 +74,12 @@ public class PostBindingAdapter implements BindingAdapter, InitializingBean{
 	}
-	@Required
 	public void setVelocityEngine(VelocityEngine velocityEngine) {
 		this.velocityEngine = velocityEngine;
 	}
 	@Override
+	@SuppressWarnings({ "rawtypes", "unchecked" })
 	public void sendSAMLMessage(SignableSAMLObject samlMessage,
 								Endpoint endpoint, 
 								HttpServletRequest request,

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/PostSimpleSignBindingAdapter.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/PostSimpleSignBindingAdapter.java
-package org.maxkey.authz.saml20;
+package org.maxkey.authz.saml20.binding.impl;
 import org.opensaml.saml2.binding.encoding.HTTPPostSimpleSignEncoder;
 import org.opensaml.ws.security.SecurityPolicyResolver;

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/AuthnRequestGenerator.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/AuthnRequestGenerator.java
@@ -5,16 +5,12 @@ package org.maxkey.authz.saml20.consumer;
 import org.maxkey.authz.saml.service.IDService;
 import org.maxkey.authz.saml.service.TimeService;
 import org.maxkey.authz.saml20.xml.IssuerGenerator;
-import org.opensaml.Configuration;
 import org.opensaml.saml2.core.AuthnRequest;
 import org.opensaml.saml2.core.impl.AuthnRequestBuilder;
-import org.opensaml.xml.XMLObjectBuilderFactory;
 public class AuthnRequestGenerator {
-	private XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
 	private final String issuingEntityName;
 	private final TimeService timeService; 
 	private final IDService idService;
@@ -30,10 +26,7 @@ public class AuthnRequestGenerator {
 	}
 	public AuthnRequest generateAuthnRequest(String destination, String responseLocation) {
+		AuthnRequest authnRequest = new AuthnRequestBuilder().buildObject();
-		AuthnRequestBuilder authnRequestBuilder = (AuthnRequestBuilder) builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
-		AuthnRequest authnRequest = authnRequestBuilder.buildObject();
 		authnRequest.setAssertionConsumerServiceURL(responseLocation);
 		authnRequest.setID(idService.generateID());

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java
@@ -17,7 +17,7 @@ import org.maxkey.authz.saml.common.EndpointGenerator;
 import org.maxkey.authz.saml.common.TrustResolver;
 import org.maxkey.authz.saml.service.IDService;
 import org.maxkey.authz.saml.service.TimeService;
-import org.maxkey.authz.saml20.ExtractBindingAdapter;
+import org.maxkey.authz.saml20.binding.ExtractBindingAdapter;
 import org.maxkey.authz.saml20.consumer.AuthnRequestGenerator;
 import org.maxkey.authz.saml20.consumer.spring.IdentityProviderAuthenticationException;
 import org.maxkey.authz.saml20.consumer.spring.ServiceProviderAuthenticationException;
@@ -174,13 +174,11 @@ public class ConsumerEndpoint {
 	public void afterPropertiesSet() throws Exception {
-		authnRequestGenerator = new AuthnRequestGenerator(
+		authnRequestGenerator = new AuthnRequestGenerator(keyStoreLoader.getEntityName(), timeService, idService);
-				keyStoreLoader.getEntityName(), timeService, idService);
 		endpointGenerator = new EndpointGenerator();
 		CriteriaSet criteriaSet = new CriteriaSet();
-		criteriaSet.add(new EntityIDCriteria(keyStoreLoader
+		criteriaSet.add(new EntityIDCriteria(keyStoreLoader.getEntityName()));
-				.getEntityName()));
 		criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
 		try {
@@ -210,17 +208,13 @@ public class ConsumerEndpoint {
 		InputStream keyStoreStream = new ByteArrayInputStream(keyStoreBytes);
 		try {
-			KeyStore keyStore = KeyStore.getInstance(keyStoreLoader
+			KeyStore keyStore = KeyStore.getInstance(keyStoreLoader.getKeystoreType());
-					.getKeystoreType());
+			keyStore.load(keyStoreStream, keyStoreLoader.getKeystorePassword().toCharArray());
-			keyStore.load(keyStoreStream, keyStoreLoader.getKeystorePassword()
-					.toCharArray());
 			Map<String, String> passwords = new HashMap<String, String>();
-			for (Enumeration<String> en = keyStore.aliases(); en
+			for (Enumeration<String> en = keyStore.aliases(); en.hasMoreElements();) {
-					.hasMoreElements();) {
 				String aliase = en.nextElement();
-				if (aliase.equalsIgnoreCase(keyStoreLoader
+				if (aliase.equalsIgnoreCase(keyStoreLoader.getEntityName())) {
-						.getEntityName())) {
 					passwords.put(aliase, keyStoreLoader.getKeystorePassword());
 				}
 			}

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/spring/RealAuthenticationFailureHandler.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/spring/RealAuthenticationFailureHandler.java
@@ -6,8 +6,6 @@ import java.io.IOException;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.core.AuthenticationException;

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/spring/ServiceProviderAuthenticationException.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/spring/ServiceProviderAuthenticationException.java
@@ -15,8 +15,12 @@ import org.springframework.security.core.AuthenticationException;
 * @author jcox
 *
 */
-public class ServiceProviderAuthenticationException extends
+public class ServiceProviderAuthenticationException extends AuthenticationException {
-		AuthenticationException {
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 8817095932085915398L;
 	public ServiceProviderAuthenticationException(String msg, Throwable t) {
 		super(msg, t);

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/metadata/MetadataDescriptorUtil.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/metadata/MetadataDescriptorUtil.java
@@ -157,25 +157,21 @@ public class MetadataDescriptorUtil {
 		// System.out.println("3 : "+idpEntityDescriptor.);
 		// System.out.println("+"+ entityDescriptor.getOrganization());
-		List<RoleDescriptor> listRoleDescriptor = entityDescriptor
+		List<RoleDescriptor> listRoleDescriptor = entityDescriptor.getRoleDescriptors();
-				.getRoleDescriptors();
 		for (RoleDescriptor roleDescriptor : listRoleDescriptor) {
 			// SPSSODescriptor
 			// sPSSODescriptor1=idpEntityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-			if (roleDescriptor instanceof org.opensaml.saml2.metadata.impl.IDPSSODescriptorImpl) {
+			if (roleDescriptor instanceof IDPSSODescriptorImpl) {
 				IDPSSODescriptor iDPSSODescriptor = (IDPSSODescriptorImpl) roleDescriptor;
-				// System.out.println("3 : "+sPSSODescriptor1.getAssertionConsumerServices().get(0).getLocation());
+				 System.out.println("3 : "+iDPSSODescriptor.getSingleSignOnServices().get(0).getLocation());
-				// System.out.println("4 : "+sPSSODescriptor1.getAssertionConsumerServices().get(0).getBinding());
 				// System.out.println("- : "+iDPSSODescriptor.getNameIDFormats().get(0).getFormat());
 				// System.out.println("- : "+iDPSSODescriptor.getKeyDescriptors().get(0).getKeyInfo().getX509Datas().get(0));
 			} else {
 				SPSSODescriptor sPSSODescriptor = (SPSSODescriptorImpl) roleDescriptor;
-				// System.out.println("- : "+sPSSODescriptor.getAssertionConsumerServices().get(0).getLocation());
+				 System.out.println("- : "+sPSSODescriptor.getAssertionConsumerServices().get(0).getLocation());
 				// System.out.println("- : "+sPSSODescriptor.getAssertionConsumerServices().get(0).getBinding());
 			}

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/metadata/MetadataGenerator.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/metadata/MetadataGenerator.java
@@ -113,7 +113,8 @@ public class MetadataGenerator {
   }
-   public  void samlmtest(){
+   @SuppressWarnings({ "unchecked", "rawtypes" })
+public  void samlmtest(){
 	    try {
 	         KeyStoreLoader keyStoreLoader=new  KeyStoreLoader();
 	         keyStoreLoader.setKeystorePassword("secret");
@@ -342,7 +343,8 @@ public class MetadataGenerator {
 	   return encryptionKeyDescriptor;
   }
-   public static XMLObject buildXMLObject(QName objectQName){
+   @SuppressWarnings("rawtypes")
+public static XMLObject buildXMLObject(QName objectQName){
       XMLObjectBuilder builder = builderFactory.getBuilder(objectQName);
       if(builder == null){
          ; //fail("Unable to retrieve builder for object QName " + objectQName);

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/binding/encoding/WebServicePostEncoder.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/binding/encoding/WebServicePostEncoder.java
@@ -36,6 +36,7 @@ public class WebServicePostEncoder extends HTTPPostEncoder {
 		super(engine, templateId);
 	}
+	@SuppressWarnings("rawtypes")
 	public VelocityContext encodeMsgContext(MessageContext messageContext)
 			throws MessageEncodingException {
@@ -66,6 +67,7 @@ public class WebServicePostEncoder extends HTTPPostEncoder {
 	 * @throws MessageEncodingException
 	 *             thrown if there is a problem encoding the message
 	 */
+	@SuppressWarnings("rawtypes")
 	protected VelocityContext encodeMsgContext(SAMLMessageContext messageContext)
 			throws MessageEncodingException {
@@ -83,6 +85,7 @@ public class WebServicePostEncoder extends HTTPPostEncoder {
 		}
 	}
+	@SuppressWarnings("rawtypes")
 	protected void populateVelocityContext(VelocityContext velocityContext,
 			SAMLMessageContext messageContext) throws MessageEncodingException {
@@ -185,6 +188,7 @@ public class WebServicePostEncoder extends HTTPPostEncoder {
 	 * 
 	 * @return the form control data string for signature computation
 	 */
+	@SuppressWarnings("rawtypes")
 	protected String buildFormDataToSign(VelocityContext velocityContext,
 			SAMLMessageContext messageContext, String sigAlgURI) {
 		StringBuilder builder = new StringBuilder();

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java
@@ -9,7 +9,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.joda.time.DateTime;
 import org.maxkey.authz.saml.common.AuthnRequestInfo;
 import org.maxkey.authz.saml.common.EndpointGenerator;
-import org.maxkey.authz.saml20.BindingAdapter;
+import org.maxkey.authz.saml20.binding.BindingAdapter;
 import org.maxkey.authz.saml20.provider.xml.AuthnResponseGenerator;
 import org.maxkey.domain.apps.AppsSAML20Details;
 import org.maxkey.web.WebContext;

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/IdpInitEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/IdpInitEndpoint.java
@@ -6,8 +6,8 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.maxkey.authz.saml.common.AuthnRequestInfo;
-import org.maxkey.authz.saml20.BindingAdapter;
+import org.maxkey.authz.saml20.binding.BindingAdapter;
-import org.maxkey.authz.saml20.ExtractBindingAdapter;
+import org.maxkey.authz.saml20.binding.ExtractBindingAdapter;
 import org.maxkey.crypto.keystore.KeyStoreLoader;
 import org.maxkey.crypto.keystore.KeyStoreUtil;
 import org.maxkey.dao.service.AppsSaml20DetailsService;

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/SingleSignOnEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/SingleSignOnEndpoint.java
@@ -6,8 +6,8 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.maxkey.authz.saml.common.AuthnRequestInfo;
-import org.maxkey.authz.saml20.BindingAdapter;
+import org.maxkey.authz.saml20.binding.BindingAdapter;
-import org.maxkey.authz.saml20.ExtractBindingAdapter;
+import org.maxkey.authz.saml20.binding.ExtractBindingAdapter;
 import org.maxkey.authz.saml20.xml.SAML2ValidatorSuite;
 import org.maxkey.crypto.keystore.KeyStoreUtil;
 import org.maxkey.dao.service.AppsSaml20DetailsService;
@@ -105,6 +105,7 @@ public class SingleSignOnEndpoint {
 	}
+	@SuppressWarnings("rawtypes")
 	public void extractSAMLMessage(ExtractBindingAdapter extractBindingAdapter,HttpServletRequest request) throws Exception{
 		SAMLMessageContext messageContext;
 		logger.debug("extract SAML Message .");

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/springframework/ui/velocity/package-info.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/springframework/ui/velocity/package-info.java
 /**
- * 
+ * @author Crystal.Sea
- */
+ * SAML 2.0 must use velocity,but spring 5.* is removed
-/**
- * @author Administrator
- *
 */
 package org.springframework.ui.velocity;
--- a/maxkey-web-maxkey/src/main/resources/spring/maxkey-protocol-saml.xml
+++ b/maxkey-web-maxkey/src/main/resources/spring/maxkey-protocol-saml.xml
@@ -42,21 +42,31 @@
 	<bean id="mapBasedStorageService" class="org.opensaml.util.storage.MapBasedStorageService"/>
+	<bean id="replayCache" class="org.opensaml.util.storage.ReplayCache">
+		<constructor-arg ref="mapBasedStorageService"/>
+		<constructor-arg value="${config.saml.v20.replay.cache.life.in.millis}"></constructor-arg>
+	</bean> 
+	<bean id="messageReplayRule" class="org.opensaml.common.binding.security.MessageReplayRule">
+		<constructor-arg ref="replayCache"/>
+	</bean>
 	<bean id="samlParserPool"  class="org.opensaml.xml.parse.BasicParserPool" >
 			<property name="maxPoolSize" value="${config.saml.v20.max.parser.pool.size}" /> 
 	</bean>
-	<bean id="OpenHTTPPostSimpleSignDecoder" class="org.maxkey.authz.saml20.OpenHTTPPostSimpleSignDecoder">
+	<!-- Decoder -->
+	<bean id="openHTTPPostSimpleSignDecoder" class="org.maxkey.authz.saml20.binding.decoder.OpenHTTPPostSimpleSignDecoder">
 			<constructor-arg ref="samlParserPool"/>
 			<property name="receiverEndpoint" value="${config.saml.v20.idp.receiver.endpoint}" />
 	</bean>
-	<bean id="openHTTPPostDecoder" class="org.maxkey.authz.saml20.OpenHTTPPostDecoder">
+	<bean id="openHTTPPostDecoder" class="org.maxkey.authz.saml20.binding.decoder.OpenHTTPPostDecoder">
 			<constructor-arg ref="samlParserPool"/>
 			<property name="receiverEndpoint" value="${config.saml.v20.idp.receiver.endpoint}" />
 	</bean>
-	<bean id="openHTTPRedirectDecoder" class="org.maxkey.authz.saml20.OpenHTTPRedirectDecoder">
+	<bean id="openHTTPRedirectDecoder" class="org.maxkey.authz.saml20.binding.decoder.OpenHTTPRedirectDecoder">
 			<constructor-arg ref="samlParserPool"/>
 			<property name="receiverEndpoint" value="${config.saml.v20.idp.receiver.endpoint}" />
 	</bean>
@@ -69,19 +79,9 @@
 	</bean>
+	<!-- Binding  -->
-	<bean id="replayCache" class="org.opensaml.util.storage.ReplayCache">
-		<constructor-arg ref="mapBasedStorageService"/>
-		<constructor-arg value="${config.saml.v20.replay.cache.life.in.millis}"></constructor-arg>
-	</bean> 
-	<bean id="messageReplayRule" class="org.opensaml.common.binding.security.MessageReplayRule">
-		<constructor-arg ref="replayCache"/>
-	</bean>
 	<!-- ExtractPostBindingAdapter  -->
-	<bean id="extractPostBindingAdapter" class="org.maxkey.authz.saml20.ExtractPostBindingAdapter">
+	<bean id="extractPostBindingAdapter" class="org.maxkey.authz.saml20.binding.impl.ExtractPostBindingAdapter">
 		<constructor-arg ref="openHTTPPostDecoder"/>
 		<property name="keyStoreLoader" ref="keyStoreLoader" />
 		<property name="issueInstantRule" ref="issueInstantRule" />
@@ -89,7 +89,7 @@
 	</bean>
 	<!-- ExtractRedirectBindingAdapter  -->
-	<bean id="extractRedirectBindingAdapter" class="org.maxkey.authz.saml20.ExtractRedirectBindingAdapter">
+	<bean id="extractRedirectBindingAdapter" class="org.maxkey.authz.saml20.binding.impl.ExtractRedirectBindingAdapter">
 		<constructor-arg ref="openHTTPRedirectDecoder"/>
 		<property name="keyStoreLoader" ref="keyStoreLoader" />
 		<property name="issueInstantRule" ref="issueInstantRule" />
@@ -97,13 +97,13 @@
 	</bean>
 	<!-- PostBindingAdapter -->
-	<bean id="postSimpleSignBindingAdapter" class="org.maxkey.authz.saml20.PostSimpleSignBindingAdapter">
+	<bean id="postSimpleSignBindingAdapter" class="org.maxkey.authz.saml20.binding.impl.PostSimpleSignBindingAdapter">
 		<property name="velocityEngine" ref="velocityEngine" />
 		<property name="issuerEntityName" value="${config.saml.v20.idp.issuer}"/>
 	</bean>
 	<!-- PostBindingAdapter -->
-	<bean id="postBindingAdapter" class="org.maxkey.authz.saml20.PostBindingAdapter">
+	<bean id="postBindingAdapter" class="org.maxkey.authz.saml20.binding.impl.PostBindingAdapter">
 		<property name="velocityEngine" ref="velocityEngine" />
 		<property name="issuerEntityName" ref="issuerEntityName"/>
 	</bean>
@@ -127,7 +127,6 @@
 	</bean>
 	<bean id="spKeyStoreLoader" class="org.maxkey.crypto.keystore.KeyStoreLoader">
    	<property name="entityName" value="${config.saml.v20.sp.issuing.entity.id}" />
 		<property name="keystorePassword" value="${config.saml.v20.sp.keystore.password}" /> 
@@ -138,6 +137,7 @@
 		<constructor-arg value="${config.saml.v20.sp.issuing.entity.id}"/>
 	</bean>
+	<!-- Metadata -->
 	<bean id="saml20Metadata" class="org.maxkey.domain.Saml20Metadata">
    	<property name="orgName" value="${config.saml.v20.metadata.orgName}" />
 		<property name="orgDisplayName" value="${config.saml.v20.metadata.orgDisplayName}" />