NPE in Spring saml sso integration

Question

I am integrating saml sso with spring security 3.2.6 with saml library spring-security-saml2-core 1.0.3. The application is deployed in Wildfly 13. When I'm starting the application I am getting below exception. I am using sso circle as dummy idp. I want to ssecure just 1 endpoint using saml sso- /app/catalogs/getProductSellSheet/**. FYI: I followed this link https://docs.spring.io/spring-security-saml/docs/current/reference/htmlsingle/#configuration-key-management-public-keys

Below is appcontext-security.xml for saml sso config:

<security:http pattern="/app/catalogs/getProductSellSheet/**" entry-point-ref="samlEntryPoint">
        <security:intercept-url pattern="/app/catalogs/getProductSellSheet/**"    access="isAuthenticated()" />
        <security:custom-filter before="FIRST" ref="metadataGeneratorFilter" />
        <security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter" />
    </security:http>

<bean id="samlEntryPoint" class="org.springframework.security.saml.SAMLEntryPoint">
            <property name="defaultProfileOptions">
                <bean class="org.springframework.security.saml.websso.WebSSOProfileOptions">
                    <property name="includeScoping" value="false"/>
                </bean>
            </property>
     </bean>

<bean id="webSSOprofile" class="org.springframework.security.saml.websso.WebSSOProfileImpl"/>
    <bean id="samlLogger" class="org.springframework.security.saml.log.SAMLDefaultLogger">
        <property name="logErrors" value="true"/> 
    </bean>
    <bean id="contextProvider" class="org.springframework.security.saml.context.SAMLContextProviderImpl"/>

<bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
   <constructor-arg>
       <list>
          <security:filter-chain pattern="/saml/login/**" filters="samlEntryPoint"/>
          <security:filter-chain pattern="/saml/logout/**" filters="samlLogoutFilter"/>
          <security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter"/>
           <security:filter-chain pattern="/saml/SSO/**" filters="samlWebSSOProcessingFilter"/>
          <security:filter-chain pattern="/saml/SSOHoK/**" filters="samlWebSSOHoKProcessingFilter"/>
          <security:filter-chain pattern="/saml/SingleLogout/**" filters="samlLogoutProcessingFilter"/>
           <security:filter-chain pattern="/saml/discovery/**" filters="samlIDPDiscovery"/>
           <security:filter-chain pattern="/app/catalogs/getProductSellSheet/**" filters="samlWebSSOProcessingFilter"/>
        </list>
     </constructor-arg>
</bean>

<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
    <constructor-arg>
           <bean class="org.springframework.security.saml.metadata.MetadataGenerator">
              <property name="entityId" value="mds-app"/>
          <property name="extendedMetadata">
         <bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
            <property name="idpDiscoveryEnabled" value="true"/>
        </bean>
          </property>
       </bean>
    </constructor-arg>
</bean>
<bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">    
   <constructor-arg>
    <list>
       <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate"   
          <constructor-arg>
             <bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
        <constructor-arg>
           <bean class="java.util.Timer"/>
       </constructor-arg>
    <constructor-arg>
       <bean class="org.opensaml.util.resource.ClasspathResource">
           <constructor-arg value="/metadata/meta-idp.xml"/>
      </bean>
   </constructor-arg>
   <property name="parserPool" ref="parserPool"/>
   </bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
</bean>
</constructor-arg>
</bean>
</list>
</constructor-arg>
</bean>

<bean id="metadataDisplayFilter" class="org.springframework.security.saml.metadata.MetadataDisplayFilter"/>

<bean id="keyManager" class="org.springframework.security.saml.key.EmptyKeyManager"/>
<bean id="parserPool" class="org.opensaml.xml.parse.StaticBasicParserPool" init-method="initialize"/>
<bean id="parserPoolHolder" class="org.springframework.security.saml.parser.ParserPoolHolder"/>

I am receiving the following error:

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata' defined in class path resource [appcontext-security.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException

17:36:45,277 WARN  [org.springframework.security.saml.metadata.MetadataManager] (Metadata-reload) Metadata refreshing has failed: java.lang.NullPointerException

Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.saml.metadata.MetadataGenerator#21066305': Unsatisfied dependency expressed through method 'setSamlEntryPoint' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'samlEntryPoint': Unsatisfied dependency expressed through method 'setMetadata' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata' defined in class path resource [appcontext-security.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException
    at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:768)
    at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:720)
    at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:119)
    at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessProperties(AutowiredAnnotationBeanPostProcessor.java:399)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1413)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:601)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:524)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:374)
    ... 65 more
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'samlEntryPoint': Unsatisfied dependency expressed through method 'setMetadata' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata' defined in class path resource [appcontext-security.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException
    at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:768)
    at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:720)
    at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:119)
    at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessProperties(AutowiredAnnotationBeanPostProcessor.java:399)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1413)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:601)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:524)
    at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)
    at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1380)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1300)
    at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:760)
    ... 72 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata' defined in class path resource [appcontext-security.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1786)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:602)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:524)
    at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)
    at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1380)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1300)
    at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:760)
    ... 86 more
Caused by: java.lang.NullPointerException
    at org.springframework.security.saml.metadata.MetadataManager.getTrustEngine(MetadataManager.java:588)
    at org.springframework.security.saml.metadata.MetadataManager.initializeProviderFilters(MetadataManager.java:523)
    at org.springframework.security.saml.metadata.MetadataManager.refreshMetadata(MetadataManager.java:237)
    at org.springframework.security.saml.metadata.CachingMetadataManager.refreshMetadata(CachingMetadataManager.java:86)
    at org.springframework.security.saml.metadata.MetadataManager.afterPropertiesSet(MetadataManager.java:142)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1845)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1782)
    ... 96 more

12:14:03,761 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" => "mds.war")]) - failure description: {
    "WFLYCTL0080: Failed services" => {"jboss.undertow.deployment.default-server.default-host./mds" => "java.lang.RuntimeException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#0' while setting bean property 'sourceList' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#0': Cannot resolve reference to bean 'metadataGeneratorFilter' while setting constructor argument with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadataGeneratorFilter' defined in class path resource [appcontext-security.xml]: Cannot create inner bean 'org.springframework.security.saml.metadata.MetadataGenerator#21066305' of type [org.springframework.security.saml.metadata.MetadataGenerator] while setting constructor argument; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.saml.metadata.MetadataGenerator#21066305': Unsatisfied dependency expressed through method 'setSamlEntryPoint' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'samlEntryPoint': Unsatisfied dependency expressed through method 'setMetadata' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata' defined in class path resource [appcontext-security.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException

Answer 1

When setSamlEntryPoint is being called there is a nested exception. It's related to your bean named metadata, this one

<security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter"/>

As you can see, there is a dependency, specified as the value of the filters attribute called metadataDisplayFilter. Yet, when this is attempted to be initialized, you get a NullPointerException. You will need to look into your metadata in order to fix this issue.