0

Following spring securty and saml plugin tutorial i have created a simple app.

Here are links to the tutorial i followed to create simple hello world app.

http://grails-plugins.github.io/grails-spring-security-core/2.0.x/guide/tutorials.html

https://www.wave-access.com/public_en/blog/2014/june/23/how-we-configured-saml-20-on-grails.aspx

I could finally make the saml plugin to configure.

The app now runs but is throwing 500 runtime error as shown below.

I have looked around for a while and havent found any useful solution. The app and plugins are both old because i have to use grails 2.2.

I am using grails 2.2.

I appreciate any insights as to what is causing this no thread bound request found exception.

For your reference i have published the code in github

https://github.com/learningcscience/saml

Thanks!

|Loading Grails 2.2.0
No mavenInfo file found.
|Configuring classpath
.
|Environment set to development
.................................
|Packaging Grails application
....
|Compiling 1 source files
.............
|Running Grails application

Configuring Spring Security Core ...
... finished configuring Spring Security Core

Configuring Spring Security SAML ...
Registering metadata key: ping and value: security/idp-local.xml
...finished configuring Spring Security SAML
|Server running. Browse to http://localhost:8080/bookstore
Error |
2021-09-19 12:47:23,330 [http-bio-8080-exec-3] ERROR [/bookstore].[gsp]  - Servlet.service() for servlet [gsp] in context with path [/bookstore] threw exception
Message: No thread-bound request found: Are you referring to request attributes outside of an actual web request, or processing a request outside of the originally receiving thread? If you are actually operating within a web request and still receive this message, your code is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use RequestContextListener or RequestContextFilter to expose the current request.
    Line | Method
->> 1152 | runWorker in java.util.concurrent.ThreadPoolExecutor
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
|    622 | run       in java.util.concurrent.ThreadPoolExecutor$Worker
^    748 | run . . . in java.lang.Thread

Error |
2021-09-19 12:47:24,146 [http-bio-8080-exec-2] ERROR [/bookstore].[default]  - Servlet.service() for servlet [default] in context with path [/bookstore] threw exception
Message: No thread-bound request found: Are you referring to request attributes outside of an actual web request, or processing a request outside of the originally receiving thread? If you are actually operating within a web request and still receive this message, your code is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use RequestContextListener or RequestContextFilter to expose the current request.
    Line | Method
->> 1152 | runWorker in java.util.concurrent.ThreadPoolExecutor
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
|    622 | run       in java.util.concurrent.ThreadPoolExecutor$Worker
^    748 | run . . . in java.lang.Thread
kofhearts
  • 3,607
  • 8
  • 46
  • 79

1 Answers1

0

After taking a quick look at your configuration, it looks like You have not completed step 3 of your SAML on GRAILS tutorial:

3. Key manager settings

  • [....]
  • Download and save sp.xml in grails-app/conf/security/folder. Copy ipd.xml, which we have generated on OpenAM server configuration, in the same folder. Add sp and idp settings in Config.groovy:
grails.plugins.springsecurity.saml.metadata.sp.file = 'security/sp.xml'
        grails.plugins.springsecurity.saml.metadata.providers = [idp: 'security/idp.xml']
        grails.plugins.springsecurity.saml.metadata.defaultIdp = 'idp'
        grails.plugins.springsecurity.saml.metadata.sp.defaults = [
            local: true,
            alias: 'localSp',
            securityProfile: 'metaiop',
            signingKey: 'apollo',
            encryptionKey: 'apollo',
            requireArtifactResolveSigned: true,
            requireLogoutRequestSigned: true,
            requireLogoutResponseSigned: true
        ]

Note that the tutorial says "Copy ipd.xml", which probably is a typo. Should it be idp.xml instead?

rchfox
  • 159
  • 1
  • 4
  • By the way, do you have constraints that prevent you from using newer GRAILS versions? (2.2.x is sort of outdated nowadays). Don't get me wrong, I still have a couple of GRAILS 2.x projects myself. Just wondering why not use at least the latest version of the 2.x series (namely GRAILS 2.5.6) – rchfox Sep 19 '21 at 17:58
  • thank you rchfox. ill try your suggestion today. right now we are stuck with grails 2.2 because of space and resources constraints. also there is no time for upgrade which would take a long time. thanks! ill update soon. – kofhearts Sep 20 '21 at 04:41
  • ok i just added the missing configurations and still it is throwing 2021-09-20 10:40:00,910 [http-bio-8080-exec-3] ERROR [/bookstore].[gsp] - Servlet.service() for servlet [gsp] in context with path [/bookstore] threw exception Message: No thread-bound request found: Are you referring to request attributes outside of an actual web request, or processing a request outside of the originally receiving thread? – kofhearts Sep 20 '21 at 04:56
  • btw i intentionally left that missing steps because before that it says Run application. There is a UI available as the metadata controller http://localhost:8080/myApp/metadata). And the url didnt work. – kofhearts Sep 20 '21 at 04:58