浏览 3924 次
|
精华帖 (0) :: 良好帖 (0) :: 新手帖 (0) :: 隐藏帖 (0)
|
|
|---|---|
| 作者 | 正文 |
|
发表时间:2011-09-01
目录 SpringSecurity3.X--一个简单实现SpringSecurity3.X--前台与后台登录认证SpringSecurity3.X--remember-meSpringSecurity3.X--验证码
最近参照springsecury3.x的官方帮助文档,对cas客户端进行了配置,确实与springsecurity2.X的配置方式有很大区别, 下面给出SpringSecurity3.X的Cas client配置。 applicationContext-security.xml <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"
default-lazy-init="true">
<http entry-point-ref="casEntryPoint" access-decision-manager-ref="accessDecisionManager"
access-denied-page="/access/denied.do" auto-config="false">
<intercept-url pattern="/demo.do*" access="IS_AUTHENTICATED_REMEMBERED" />
<intercept-url pattern="/**/*.do*" access="HODLE" />
<session-management>
<concurrency-control max-sessions="1"
expired-url="/access/same_login.do" error-if-maximum-exceeded="false" />
</session-management>
<custom-filter position="CAS_FILTER" ref="casFilter" />
<custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
<custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />
</http>
<!-- cas 认证过滤器 -->
<beans:bean id="casFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationFailureHandler"
ref="authenticationFailureHandler" />
<beans:property name="authenticationSuccessHandler"
ref="authenticationSuccessHandler" />
<beans:property name="filterProcessesUrl" value="/j_spring_cas_security_check" />
</beans:bean>
<!-- cas 认证失败控制器 -->
<beans:bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/fail.jsp" />
</beans:bean>
<!-- cas 认证成功控制器 -->
<beans:bean id="authenticationSuccessHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<beans:property name="alwaysUseDefaultTargetUrl" value="true" />
<beans:property name="defaultTargetUrl" value="/frame.do" />
</beans:bean>
<!-- 注销客户端 -->
<beans:bean id="singleLogoutFilter"
class="org.jasig.cas.client.session.SingleSignOutFilter" />
<!-- 注销服务器端 -->
<beans:bean id="requestSingleLogoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg
value="https://hello.cas.server:8443/BOSS_CAS_SERVER/logout" />
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/j_spring_cas_security_logout" />
</beans:bean>
<!-- 登录成功后的返回地址 -->
<beans:bean id="serviceProperties"
class="org.springframework.security.cas.ServiceProperties">
<beans:property name="service"
value="http://hello.cas.server:8081/spring/j_spring_cas_security_check" />
<beans:property name="sendRenew" value="false" />
</beans:bean>
<!-- CAS认证切入点,声明cas服务器端登录的地址 -->
<beans:bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<beans:property name="loginUrl"
value="https://hello.cas.server:8443/BOSS_CAS_SERVER/login" />
<beans:property name="serviceProperties" ref="serviceProperties" />
</beans:bean>
<!-- cas认证提供器,定义客户端的验证方式 -->
<beans:bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<!-- 客户端只验证用户名是否合法 -->
<beans:property name="authenticationUserDetailsService">
<beans:bean
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:constructor-arg ref="userService" />
</beans:bean>
</beans:property>
<beans:property name="serviceProperties" ref="serviceProperties" />
<beans:property name="ticketValidator">
<beans:bean
class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<beans:constructor-arg index="0"
value="https://hello.cas.server:8443/BOSS_CAS_SERVER" />
</beans:bean>
</beans:property>
<beans:property name="key"
value="an_id_for_this_auth_provider_only" />
</beans:bean>
<!-- 在认证管理器中注册cas认证提供器 -->
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthenticationProvider" />
</authentication-manager>
<!-- 事件日志 -->
<beans:bean id="loggerListener"
class="org.springframework.security.authentication.event.LoggerListener" />
<!-- 获取客户端用户 -->
<beans:bean id="userService" class="com.piaoyi.common.security.UserService" />
<!-- 认证拦截器,用于客户端权限验证 -->
<beans:bean id="accessDecisionManager"
class="org.springframework.security.access.vote.AffirmativeBased">
<beans:property name="decisionVoters">
<beans:list>
<beans:bean class="org.springframework.security.access.vote.RoleVoter" />
<beans:bean
class="org.springframework.security.access.vote.AuthenticatedVoter" />
<beans:bean class="com.piaoyi.common.security.DynamicRoleVoter" />
</beans:list>
</beans:property>
</beans:bean>
</beans:beans>
除了自定义了UserService(客户端用户验证)和DynamicRoleVoter(客户端权限投票器)外,其它均是springsecurity自己的组件。 关于上面两个类的实现,可以参考 SpringSecurity3.X--一个简单实现另外,为了使注销生效,需要在web.xml中增加一个cas注销监听器,如下: web.xml <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> ok,完成。
声明:ITeye文章版权属于作者,受法律保护。没有作者书面许可不得转载。
推荐链接
|
| 返回顶楼 | |
|
发表时间:2011-09-15
最后修改:2011-09-15
ITEYE很强大啊
|
| 返回顶楼 | |
|
发表时间:2011-09-27
CAS,从客户端连接到服务器端的时候抛出 unable to find valid certification path to requested target 异常,有人知道是什么原因么。
|
| 返回顶楼 | |
|
发表时间:2012-01-13
我想知道,如何把权限及资源配置在数据库中,然后在应用程序启动时加载,其实到这里我都实现了,问题出在当我把自定义的FORM登录尝试替换成entry-point-ref="casEntryPoint"后(当然有其他相关的CAS配置),整个集成就不工作了,但是奇怪的是,当我把资源--权限配置在spring-security.xml中后,对于想要访问的页面,security会把当前请求重定向到cas-server去验证,有什么我是没有注意到的吗?
|
| 返回顶楼 | |
