hanqunfeng
- 浏览: 1541825 次
- 性别:
- 来自: 北京
-
文章分类
- 全部博客 (225)
- JAVA (27)
- Spring (49)
- Linux (51)
- JavaScript (8)
- Scrum (23)
- IDE (2)
- JSON (2)
- Solr (0)
- Webharvest (0)
- Hibernate (8)
- 杂谈 (3)
- Windows 7 (4)
- 持续集成 (23)
- tomcat (3)
- Android (1)
- SpringSecurity (11)
- Maven (9)
- jotm (3)
- C3P0 (1)
- Active Directory (2)
- cas (1)
- JQuery (2)
- ajax (1)
- plsql (2)
- nginx (4)
- apache (1)
- thrift (7)
- python (3)
- oracle (4)
- php (2)
- redis (1)
- fedora (1)
- windows7 (0)
- SVN (1)
- NFS (1)
- SAMBA (1)
- Atomikos (1)
- apache-poi (1)
- mysql (2)
- vncserver (1)
- mac (2)
- firefox (1)
- JIRA (1)
- p6spy (1)
- git (1)
- github (1)
- gitlab (1)
- gogs (1)
- Druid (1)
- MyBatis (1)
- docker (8)
- zabbix (1)
最新评论
-
lialatd:
您好,我用您的方法通过java api往jira系统中添加is ...
JIRA REST API ---- JAVA -
sprcen945:
可以了,是因为没加intercept-url 的拦截, 尼玛, ...
SpringSecurity3.X--Cas client 配置 -
sprcen945:
请问为什么我配了security.xml后切入点不起作用(之前 ...
SpringSecurity3.X--Cas client 配置 -
linxingyul:
根据楼主的代码 继承了WebMvcConfigurationS ...
SpringMVC4零配置--Web上下文配置【MvcConfig】 -
java_老头:
MvcConfig.java的FilterType.ANNOT ...
SpringMVC4零配置--Web上下文配置【MvcConfig】
目录
SpringSecurity3.X--一个简单实现
SpringSecurity3.X--前台与后台登录认证
SpringSecurity3.X--remember-me
SpringSecurity3.X--验证码
最近参照springsecury3.x的官方帮助文档,对cas客户端进行了配置,确实与springsecurity2.X的配置方式有很大区别,
下面给出SpringSecurity3.X的Cas client配置。
applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"
default-lazy-init="true">
<http entry-point-ref="casEntryPoint" access-decision-manager-ref="accessDecisionManager"
access-denied-page="/access/denied.do" auto-config="false">
<intercept-url pattern="/demo.do*" access="IS_AUTHENTICATED_REMEMBERED" />
<intercept-url pattern="/**/*.do*" access="HODLE" />
<session-management>
<concurrency-control max-sessions="1"
expired-url="/access/same_login.do" error-if-maximum-exceeded="false" />
</session-management>
<custom-filter position="CAS_FILTER" ref="casFilter" />
<custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
<custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />
</http>
<!-- cas 认证过滤器 -->
<beans:bean id="casFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationFailureHandler"
ref="authenticationFailureHandler" />
<beans:property name="authenticationSuccessHandler"
ref="authenticationSuccessHandler" />
<beans:property name="filterProcessesUrl" value="/j_spring_cas_security_check" />
</beans:bean>
<!-- cas 认证失败控制器 -->
<beans:bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/fail.jsp" />
</beans:bean>
<!-- cas 认证成功控制器 -->
<beans:bean id="authenticationSuccessHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<beans:property name="alwaysUseDefaultTargetUrl" value="true" />
<beans:property name="defaultTargetUrl" value="/frame.do" />
</beans:bean>
<!-- 注销客户端 -->
<beans:bean id="singleLogoutFilter"
class="org.jasig.cas.client.session.SingleSignOutFilter" />
<!-- 注销服务器端 -->
<beans:bean id="requestSingleLogoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg
value="https://hello.cas.server:8443/BOSS_CAS_SERVER/logout" />
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/j_spring_cas_security_logout" />
</beans:bean>
<!-- 登录成功后的返回地址 -->
<beans:bean id="serviceProperties"
class="org.springframework.security.cas.ServiceProperties">
<beans:property name="service"
value="http://hello.cas.server:8081/spring/j_spring_cas_security_check" />
<beans:property name="sendRenew" value="false" />
</beans:bean>
<!-- CAS认证切入点,声明cas服务器端登录的地址 -->
<beans:bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<beans:property name="loginUrl"
value="https://hello.cas.server:8443/BOSS_CAS_SERVER/login" />
<beans:property name="serviceProperties" ref="serviceProperties" />
</beans:bean>
<!-- cas认证提供器,定义客户端的验证方式 -->
<beans:bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<!-- 客户端只验证用户名是否合法 -->
<beans:property name="authenticationUserDetailsService">
<beans:bean
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:constructor-arg ref="userService" />
</beans:bean>
</beans:property>
<beans:property name="serviceProperties" ref="serviceProperties" />
<beans:property name="ticketValidator">
<beans:bean
class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<beans:constructor-arg index="0"
value="https://hello.cas.server:8443/BOSS_CAS_SERVER" />
</beans:bean>
</beans:property>
<beans:property name="key"
value="an_id_for_this_auth_provider_only" />
</beans:bean>
<!-- 在认证管理器中注册cas认证提供器 -->
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthenticationProvider" />
</authentication-manager>
<!-- 事件日志 -->
<beans:bean id="loggerListener"
class="org.springframework.security.authentication.event.LoggerListener" />
<!-- 获取客户端用户 -->
<beans:bean id="userService" class="com.piaoyi.common.security.UserService" />
<!-- 认证拦截器,用于客户端权限验证 -->
<beans:bean id="accessDecisionManager"
class="org.springframework.security.access.vote.AffirmativeBased">
<beans:property name="decisionVoters">
<beans:list>
<beans:bean class="org.springframework.security.access.vote.RoleVoter" />
<beans:bean
class="org.springframework.security.access.vote.AuthenticatedVoter" />
<beans:bean class="com.piaoyi.common.security.DynamicRoleVoter" />
</beans:list>
</beans:property>
</beans:bean>
</beans:beans>
除了自定义了UserService(客户端用户验证)和DynamicRoleVoter(客户端权限投票器)外,其它均是springsecurity自己的组件。
关于上面两个类的实现,可以参考
SpringSecurity3.X--一个简单实现
另外,为了使注销生效,需要在web.xml中增加一个cas注销监听器,如下:
web.xml
<listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener>
ok,完成。
分享到:
评论
8 楼
sprcen945
2017-02-27
可以了,
是因为没加intercept-url 的拦截, 尼玛,想死的心都有,谢谢大神
是因为没加intercept-url 的拦截, 尼玛,想死的心都有,谢谢大神
7 楼
sprcen945
2017-02-27
请问为什么我配了security.xml后切入点不起作用(之前这个配置是配的本地认证登录的,没有问题,WEB.XML里加载了这个XML),它现在不跳到CAS服务登录,直接进入WEB.XML
配置的welcome list里面的页面了,WEB.XML还要配置什么吗?除了退出监听。我是这么配置的:(靠,粘贴不了图片,我粘文字吧)基本是复制上面的,看到麻烦回复一下,不进跳到配置的loginUrl页面,晕了,搞了好几天都没成功,谢谢
<http entry-point-ref="casEntryPoint" auto-config="true">
<session-management>
<concurrency-control max-sessions="1"
expired-url="/index.jsp?f=2" error-if-maximum-exceeded="false" />
</session-management>
<custom-filter ref="casFilter" after="CAS_FILTER"/>
</http>
<!-- CAS认证切入点,声明cas服务器端登录的地址 -->
<beans:bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<beans:property name="loginUrl" value="http://localhost:8088/cas/login" />
<beans:property name="serviceProperties" ref="serviceProperties" />
</beans:bean>
<beans:bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
<beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
<beans:property name="filterProcessesUrl" value="/j_spring_cas_security_check" />
</beans:bean>
<!-- 登录成功后的返回地址 -->
<beans:bean id="serviceProperties"
class="org.springframework.security.cas.ServiceProperties">
<beans:property name="service" value="http://localhost:8080/esm_sjs/j_spring_cas_security_check" />
<beans:property name="sendRenew" value="false" />
</beans:bean>
<!-- 在认证管理器中注册cas认证提供器 -->
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthenticationProvider" />
</authentication-manager>
<!-- cas 认证失败控制器 -->
<beans:bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/index.jsp?f=1" />
</beans:bean>
<!-- cas 认证成功控制器 -->
<beans:bean id="authenticationSuccessHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<beans:property name="alwaysUseDefaultTargetUrl" value="true" />
<beans:property name="defaultTargetUrl" value="/frame/default/esm/welcome.jsp" />
</beans:bean>
<!-- cas认证提供器,定义客户端的验证方式 -->
<beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<!-- 客户端只验证用户名是否合法 -->
<beans:property name="authenticationUserDetailsService">
<beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:constructor-arg ref="userService" />
</beans:bean>
</beans:property>
<beans:property name="serviceProperties" ref="serviceProperties" />
<beans:property name="ticketValidator">
<beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<beans:constructor-arg index="0" value="http://localhost:8088/cas" />
</beans:bean>
</beans:property>
<beans:property name="key" value="an_id_for_this_auth_provider_only" />
</beans:bean>
配置的welcome list里面的页面了,WEB.XML还要配置什么吗?除了退出监听。我是这么配置的:(靠,粘贴不了图片,我粘文字吧)基本是复制上面的,看到麻烦回复一下,不进跳到配置的loginUrl页面,晕了,搞了好几天都没成功,谢谢
<http entry-point-ref="casEntryPoint" auto-config="true">
<session-management>
<concurrency-control max-sessions="1"
expired-url="/index.jsp?f=2" error-if-maximum-exceeded="false" />
</session-management>
<custom-filter ref="casFilter" after="CAS_FILTER"/>
</http>
<!-- CAS认证切入点,声明cas服务器端登录的地址 -->
<beans:bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<beans:property name="loginUrl" value="http://localhost:8088/cas/login" />
<beans:property name="serviceProperties" ref="serviceProperties" />
</beans:bean>
<beans:bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
<beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
<beans:property name="filterProcessesUrl" value="/j_spring_cas_security_check" />
</beans:bean>
<!-- 登录成功后的返回地址 -->
<beans:bean id="serviceProperties"
class="org.springframework.security.cas.ServiceProperties">
<beans:property name="service" value="http://localhost:8080/esm_sjs/j_spring_cas_security_check" />
<beans:property name="sendRenew" value="false" />
</beans:bean>
<!-- 在认证管理器中注册cas认证提供器 -->
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthenticationProvider" />
</authentication-manager>
<!-- cas 认证失败控制器 -->
<beans:bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/index.jsp?f=1" />
</beans:bean>
<!-- cas 认证成功控制器 -->
<beans:bean id="authenticationSuccessHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<beans:property name="alwaysUseDefaultTargetUrl" value="true" />
<beans:property name="defaultTargetUrl" value="/frame/default/esm/welcome.jsp" />
</beans:bean>
<!-- cas认证提供器,定义客户端的验证方式 -->
<beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<!-- 客户端只验证用户名是否合法 -->
<beans:property name="authenticationUserDetailsService">
<beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:constructor-arg ref="userService" />
</beans:bean>
</beans:property>
<beans:property name="serviceProperties" ref="serviceProperties" />
<beans:property name="ticketValidator">
<beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<beans:constructor-arg index="0" value="http://localhost:8088/cas" />
</beans:bean>
</beans:property>
<beans:property name="key" value="an_id_for_this_auth_provider_only" />
</beans:bean>
6 楼
eric_8409
2013-05-14
我配置的是http的 不是https的 ,经观察发现跳转成功后的jsessionid 和SingleSignOutFilter中获得的ticket(st)也就是token配对的jsessionid不是同一个
5 楼
hanqunfeng
2013-05-14
eric_8409 写道
您好,我最近在也在研究这个,发现这样配置,默认第一次进来就会跳转到<beans:bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/fail.jsp" />
</beans:bean> fail.jsp这个的页面,不知道为什么,请帮忙看看,这是我的配置
<s:http auto-config="true" entry-point-ref="casAuthenticationEntryPoint" use-expressions="true">
<s:session-management
session-authentication-strategy-ref="sessionAuthenticationStrategy" />
<s:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<s:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></s:custom-filter>
<s:custom-filter before="LOGOUT_FILTER" ref="requestSingleLogoutFilter"/>
<s:custom-filter before="CAS_FILTER" ref="singleLogoutFilter"/>
<s:intercept-url pattern="/resources/**" filters="none" />
<s:intercept-url pattern="/index.jsp" access="none" />
<s:intercept-url pattern="/secure/skin/*" access="hasAnyRole('ROLE_皮肤管理')" />
<s:intercept-url pattern="/secure/user/*" access="hasAnyRole('ROLE_用户管理')" />
<s:intercept-url pattern="/secure/role/*" access="hasAnyRole('ROLE_角色管理')" />
<s:intercept-url pattern="/secure/documentBook/*" access="hasAnyRole('ROLE_内容管理')" />
<s:intercept-url pattern="/secure/document/*" access="hasAnyRole('ROLE_出版物管理')" />
<s:intercept-url pattern="/secure/comment/*" access="hasAnyRole('ROLE_评论管理')" />
<s:intercept-url pattern="/secure/clientInfoSingle/*" access="hasAnyRole('ROLE_应用管理')" />
<s:intercept-url pattern="/secure/clientinfo/*" access="hasAnyRole('ROLE_应用管理')" />
<s:intercept-url pattern="/secure/suggestFreeback/*" access="hasAnyRole('ROLE_意见反馈')" />
<s:intercept-url pattern="/secure/log/*" access="hasAnyRole('ROLE_系统日志')" />
</s:http>
<s:authentication-manager alias="authenticationManager">
<s:authentication-provider ref="casAuthenticationProvider"></s:authentication-provider>
</s:authentication-manager>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="http://172.19.34.57:8080/cpplatform1/j_spring_cas_security_check"></property>
<property name="sendRenew" value="false"></property>
</bean>
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"></property>
<property name="filterProcessesUrl" value="/j_spring_cas_security_check" ></property>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler" >
<property name="alwaysUseDefaultTargetUrl" value="true"/>
<property name="defaultTargetUrl" value="/secure/home"/>
</bean>
</property>
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" >
<property name="defaultFailureUrl" value="/error/index.jsp"/>
</bean>
</property>
<property name="sessionAuthenticationStrategy"
ref="sessionAuthenticationStrategy" />
</bean>
<bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="http://172.19.34.57:8080/cas/login"></property>
<property name="serviceProperties" ref="serviceProperties"></property>
</bean>
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/>
<property name="serviceProperties" ref="serviceProperties"></property>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="http://172.19.34.57:8080/cas" />
</bean>
</property>
<property name="key" value="cas"></property>
</bean>
<bean id="authenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"></bean>
<!-- 退出 -->
<bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="http://172.19.34.57:8080/cas/logout?service=http://172.19.34.57:8080/cpplatform1/"></constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"></bean>
</constructor-arg>
<property name="filterProcessesUrl" value="/j_spring_cas_serurity_logout"/>
</bean>
<bean id="sessionAuthenticationStrategy"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<constructor-arg name="sessionRegistry"
ref="sessionRegistry" />
<property name="maximumSessions" value="1" />
</bean>
<bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
<bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="expiredUrl" value="/error/index1.jsp" />
</bean>
<!-- 项目实现的用户查询服务 -->
............
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/fail.jsp" />
</beans:bean> fail.jsp这个的页面,不知道为什么,请帮忙看看,这是我的配置
<s:http auto-config="true" entry-point-ref="casAuthenticationEntryPoint" use-expressions="true">
<s:session-management
session-authentication-strategy-ref="sessionAuthenticationStrategy" />
<s:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<s:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></s:custom-filter>
<s:custom-filter before="LOGOUT_FILTER" ref="requestSingleLogoutFilter"/>
<s:custom-filter before="CAS_FILTER" ref="singleLogoutFilter"/>
<s:intercept-url pattern="/resources/**" filters="none" />
<s:intercept-url pattern="/index.jsp" access="none" />
<s:intercept-url pattern="/secure/skin/*" access="hasAnyRole('ROLE_皮肤管理')" />
<s:intercept-url pattern="/secure/user/*" access="hasAnyRole('ROLE_用户管理')" />
<s:intercept-url pattern="/secure/role/*" access="hasAnyRole('ROLE_角色管理')" />
<s:intercept-url pattern="/secure/documentBook/*" access="hasAnyRole('ROLE_内容管理')" />
<s:intercept-url pattern="/secure/document/*" access="hasAnyRole('ROLE_出版物管理')" />
<s:intercept-url pattern="/secure/comment/*" access="hasAnyRole('ROLE_评论管理')" />
<s:intercept-url pattern="/secure/clientInfoSingle/*" access="hasAnyRole('ROLE_应用管理')" />
<s:intercept-url pattern="/secure/clientinfo/*" access="hasAnyRole('ROLE_应用管理')" />
<s:intercept-url pattern="/secure/suggestFreeback/*" access="hasAnyRole('ROLE_意见反馈')" />
<s:intercept-url pattern="/secure/log/*" access="hasAnyRole('ROLE_系统日志')" />
</s:http>
<s:authentication-manager alias="authenticationManager">
<s:authentication-provider ref="casAuthenticationProvider"></s:authentication-provider>
</s:authentication-manager>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="http://172.19.34.57:8080/cpplatform1/j_spring_cas_security_check"></property>
<property name="sendRenew" value="false"></property>
</bean>
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"></property>
<property name="filterProcessesUrl" value="/j_spring_cas_security_check" ></property>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler" >
<property name="alwaysUseDefaultTargetUrl" value="true"/>
<property name="defaultTargetUrl" value="/secure/home"/>
</bean>
</property>
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" >
<property name="defaultFailureUrl" value="/error/index.jsp"/>
</bean>
</property>
<property name="sessionAuthenticationStrategy"
ref="sessionAuthenticationStrategy" />
</bean>
<bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="http://172.19.34.57:8080/cas/login"></property>
<property name="serviceProperties" ref="serviceProperties"></property>
</bean>
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/>
<property name="serviceProperties" ref="serviceProperties"></property>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="http://172.19.34.57:8080/cas" />
</bean>
</property>
<property name="key" value="cas"></property>
</bean>
<bean id="authenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"></bean>
<!-- 退出 -->
<bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="http://172.19.34.57:8080/cas/logout?service=http://172.19.34.57:8080/cpplatform1/"></constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"></bean>
</constructor-arg>
<property name="filterProcessesUrl" value="/j_spring_cas_serurity_logout"/>
</bean>
<bean id="sessionAuthenticationStrategy"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<constructor-arg name="sessionRegistry"
ref="sessionRegistry" />
<property name="maximumSessions" value="1" />
</bean>
<bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
<bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="expiredUrl" value="/error/index1.jsp" />
</bean>
<!-- 项目实现的用户查询服务 -->
............
https证书配置成功了吗?
4 楼
eric_8409
2013-05-13
您好,我最近在也在研究这个,发现这样配置,默认第一次进来就会跳转到<beans:bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/fail.jsp" />
</beans:bean> fail.jsp这个的页面,不知道为什么,请帮忙看看,这是我的配置
<s:http auto-config="true" entry-point-ref="casAuthenticationEntryPoint" use-expressions="true">
<s:session-management
session-authentication-strategy-ref="sessionAuthenticationStrategy" />
<s:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<s:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></s:custom-filter>
<s:custom-filter before="LOGOUT_FILTER" ref="requestSingleLogoutFilter"/>
<s:custom-filter before="CAS_FILTER" ref="singleLogoutFilter"/>
<s:intercept-url pattern="/resources/**" filters="none" />
<s:intercept-url pattern="/index.jsp" access="none" />
<s:intercept-url pattern="/secure/skin/*" access="hasAnyRole('ROLE_皮肤管理')" />
<s:intercept-url pattern="/secure/user/*" access="hasAnyRole('ROLE_用户管理')" />
<s:intercept-url pattern="/secure/role/*" access="hasAnyRole('ROLE_角色管理')" />
<s:intercept-url pattern="/secure/documentBook/*" access="hasAnyRole('ROLE_内容管理')" />
<s:intercept-url pattern="/secure/document/*" access="hasAnyRole('ROLE_出版物管理')" />
<s:intercept-url pattern="/secure/comment/*" access="hasAnyRole('ROLE_评论管理')" />
<s:intercept-url pattern="/secure/clientInfoSingle/*" access="hasAnyRole('ROLE_应用管理')" />
<s:intercept-url pattern="/secure/clientinfo/*" access="hasAnyRole('ROLE_应用管理')" />
<s:intercept-url pattern="/secure/suggestFreeback/*" access="hasAnyRole('ROLE_意见反馈')" />
<s:intercept-url pattern="/secure/log/*" access="hasAnyRole('ROLE_系统日志')" />
</s:http>
<s:authentication-manager alias="authenticationManager">
<s:authentication-provider ref="casAuthenticationProvider"></s:authentication-provider>
</s:authentication-manager>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="http://172.19.34.57:8080/cpplatform1/j_spring_cas_security_check"></property>
<property name="sendRenew" value="false"></property>
</bean>
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"></property>
<property name="filterProcessesUrl" value="/j_spring_cas_security_check" ></property>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler" >
<property name="alwaysUseDefaultTargetUrl" value="true"/>
<property name="defaultTargetUrl" value="/secure/home"/>
</bean>
</property>
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" >
<property name="defaultFailureUrl" value="/error/index.jsp"/>
</bean>
</property>
<property name="sessionAuthenticationStrategy"
ref="sessionAuthenticationStrategy" />
</bean>
<bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="http://172.19.34.57:8080/cas/login"></property>
<property name="serviceProperties" ref="serviceProperties"></property>
</bean>
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/>
<property name="serviceProperties" ref="serviceProperties"></property>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="http://172.19.34.57:8080/cas" />
</bean>
</property>
<property name="key" value="cas"></property>
</bean>
<bean id="authenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"></bean>
<!-- 退出 -->
<bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="http://172.19.34.57:8080/cas/logout?service=http://172.19.34.57:8080/cpplatform1/"></constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"></bean>
</constructor-arg>
<property name="filterProcessesUrl" value="/j_spring_cas_serurity_logout"/>
</bean>
<bean id="sessionAuthenticationStrategy"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<constructor-arg name="sessionRegistry"
ref="sessionRegistry" />
<property name="maximumSessions" value="1" />
</bean>
<bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
<bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="expiredUrl" value="/error/index1.jsp" />
</bean>
<!-- 项目实现的用户查询服务 -->
............
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/fail.jsp" />
</beans:bean> fail.jsp这个的页面,不知道为什么,请帮忙看看,这是我的配置
<s:http auto-config="true" entry-point-ref="casAuthenticationEntryPoint" use-expressions="true">
<s:session-management
session-authentication-strategy-ref="sessionAuthenticationStrategy" />
<s:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<s:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></s:custom-filter>
<s:custom-filter before="LOGOUT_FILTER" ref="requestSingleLogoutFilter"/>
<s:custom-filter before="CAS_FILTER" ref="singleLogoutFilter"/>
<s:intercept-url pattern="/resources/**" filters="none" />
<s:intercept-url pattern="/index.jsp" access="none" />
<s:intercept-url pattern="/secure/skin/*" access="hasAnyRole('ROLE_皮肤管理')" />
<s:intercept-url pattern="/secure/user/*" access="hasAnyRole('ROLE_用户管理')" />
<s:intercept-url pattern="/secure/role/*" access="hasAnyRole('ROLE_角色管理')" />
<s:intercept-url pattern="/secure/documentBook/*" access="hasAnyRole('ROLE_内容管理')" />
<s:intercept-url pattern="/secure/document/*" access="hasAnyRole('ROLE_出版物管理')" />
<s:intercept-url pattern="/secure/comment/*" access="hasAnyRole('ROLE_评论管理')" />
<s:intercept-url pattern="/secure/clientInfoSingle/*" access="hasAnyRole('ROLE_应用管理')" />
<s:intercept-url pattern="/secure/clientinfo/*" access="hasAnyRole('ROLE_应用管理')" />
<s:intercept-url pattern="/secure/suggestFreeback/*" access="hasAnyRole('ROLE_意见反馈')" />
<s:intercept-url pattern="/secure/log/*" access="hasAnyRole('ROLE_系统日志')" />
</s:http>
<s:authentication-manager alias="authenticationManager">
<s:authentication-provider ref="casAuthenticationProvider"></s:authentication-provider>
</s:authentication-manager>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="http://172.19.34.57:8080/cpplatform1/j_spring_cas_security_check"></property>
<property name="sendRenew" value="false"></property>
</bean>
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"></property>
<property name="filterProcessesUrl" value="/j_spring_cas_security_check" ></property>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler" >
<property name="alwaysUseDefaultTargetUrl" value="true"/>
<property name="defaultTargetUrl" value="/secure/home"/>
</bean>
</property>
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" >
<property name="defaultFailureUrl" value="/error/index.jsp"/>
</bean>
</property>
<property name="sessionAuthenticationStrategy"
ref="sessionAuthenticationStrategy" />
</bean>
<bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="http://172.19.34.57:8080/cas/login"></property>
<property name="serviceProperties" ref="serviceProperties"></property>
</bean>
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/>
<property name="serviceProperties" ref="serviceProperties"></property>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="http://172.19.34.57:8080/cas" />
</bean>
</property>
<property name="key" value="cas"></property>
</bean>
<bean id="authenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"></bean>
<!-- 退出 -->
<bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="http://172.19.34.57:8080/cas/logout?service=http://172.19.34.57:8080/cpplatform1/"></constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"></bean>
</constructor-arg>
<property name="filterProcessesUrl" value="/j_spring_cas_serurity_logout"/>
</bean>
<bean id="sessionAuthenticationStrategy"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<constructor-arg name="sessionRegistry"
ref="sessionRegistry" />
<property name="maximumSessions" value="1" />
</bean>
<bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
<bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="expiredUrl" value="/error/index1.jsp" />
</bean>
<!-- 项目实现的用户查询服务 -->
............
3 楼
desirej
2013-04-11
请问楼主,cas server怎么把username传给你的UserService实现的那个接口呢?
2 楼
hanqunfeng
2011-10-09
xzcgeorge 写道
谢谢分享。辛苦了。
不知楼主用的CAS server 是3.x 还是2.x?
spring security 3.x 能否与 cas server V2.x一起使用?
谢谢。
不知楼主用的CAS server 是3.x 还是2.x?
spring security 3.x 能否与 cas server V2.x一起使用?
谢谢。
cas server的版本是3.x,springsecurity2.X和springsecurity3.X都可以,不确定是否支持cas server 2.x,你可以测试看看。
cas-client-core-3.1.3.jar
cas-server-core-3.3.2.jar
1 楼
xzcgeorge
2011-10-02
谢谢分享。辛苦了。
不知楼主用的CAS server 是3.x 还是2.x?
spring security 3.x 能否与 cas server V2.x一起使用?
谢谢。
不知楼主用的CAS server 是3.x 还是2.x?
spring security 3.x 能否与 cas server V2.x一起使用?
谢谢。
发表评论
-
Druid学习笔记
2016-10-07 11:55 2515官方网站:https://github.com/aliba ... -
Spring Cache注解+Redis
2015-01-15 13:36 54517Spring3.1 Cache注解 依赖jar包: ... -
Spring Cache注解+Memcached
2015-01-12 16:11 20489Spring3.1 Cache注解 依赖jar包: ... -
Spring4+Hibernate4+Atomikos3.3多数据源事务管理
2014-09-25 10:46 8422Spring3+后不再对JTOM提供支持,所以可以改用At ... -
SpringMVC4零配置--Web上下文配置【MvcConfig】
2014-09-10 18:22 73493与SpringSecurity的配置类似,spring同样 ... -
SpringMVC4零配置--SpringSecurity相关配置【SpringSecurityConfig】
2014-09-10 18:22 72029SpringSecurity的配置相对来说有些复杂,如果 ... -
SpringMVC4零配置--应用上下文配置【AppConfig】
2014-09-10 18:21 26592从spring3.0开始,Spring将JavaConfi ... -
SpringMVC4零配置--web.xml
2014-09-10 18:21 98753servlet3.0+规范后,允许servlet,filt ... -
SpringMVC4零配置
2014-09-05 19:11 90039基于Servlet3.0规范和SpringMVC4注解式配 ... -
SpringSecurity3.X--SpEL 表达式
2014-07-17 10:03 3028使用 Spring 表达式语言配置访问控制,要实现这一功能 ... -
SpringSecurity3.X--LDAP:AD配置
2014-07-08 17:08 5583前面介绍过基于本地数据库验证的方式,参考http://ha ... -
Thrift--JSClient
2013-09-26 14:45 6017thrift提供了基于jquery--ajax的客户端调用 ... -
Thrift--Spring集成ThriftServlet
2013-09-25 11:42 11154Thrift除了可以通过TCP协议访问,还可以通过HTTP ... -
Thrift转SpringHttpInvoker
2013-09-24 13:26 1800关于在spring中集成Thrift请参看:http://h ... -
Spring集成Thrift--Server AND Client
2013-09-04 20:13 13789Thrift网上有N多教程, ... -
C3P0配置实战
2012-09-04 18:34 51934C3P0: 一个开源的JDBC连接池,它实现了数据源和JN ... -
spring+jotm 多数据源事务管理(三)JNDI+Tomcat
2012-06-07 16:27 5308spring+jotm 多数据源事务管理系列 spr ... -
spring+jotm 多数据源事务管理(二)hibernate
2012-06-07 11:20 2907spring+jotm 多数据源事务管理系列 spr ... -
spring+jotm 多数据源事务管理(一)jdbc
2012-06-07 11:00 5309spring+jotm 多数据源事务管理系列 spr ... -
SpringSecurity3.X--Cas client 配置之配置session-management遇到的问题(2)
2011-10-27 14:19 2162关于“SpringSecurity3.X--Cas clien ...
相关推荐
<artifactId>cas-client-autoconfig-support <version>1.4.0-GA ``` 然后,我们需要在 application.properties 文件中添加 CAS 服务器的 URL: ```properties cas.server-url-prefix=http://127.0.0.1 cas.server...
CAS - spring-security-cas-client.jar 1.4.1.7. OpenID - spring-security-openid.jar 1.4.2. 获得源代码 2. Security命名空间配置 2.1. 介绍 2.1.1. 命名空间的设计 2.2. 开始使用安全命名空间配置 2.2.1....
spring-security-cas-client-2.0.4.jar
spring-security-cas-client-3.0.3.RELEASE-sources.jar spring-security-config-3.0.3.RELEASE-sources.jar spring-security-core-3.0.3.RELEASE-sources.jar spring-security-ldap-3.0.3.RELEASE-sources.jar ...
spring-security-cas-client-3.0.3.RELEASE.jar spring-security-config-3.0.3.RELEASE.jar spring-security-core-3.0.3.RELEASE.jar spring-security-ldap-3.0.3.RELEASE.jar spring-security-openid-3.0.3....
CAS(Central Authentication Service)是一种基于Web的单点登录(Single Sign-On, ...通过理解并正确配置`cas-client-core-3.3.3`,你可以轻松地将你的应用程序与CAS服务器集成,从而提供安全、便捷的单点登录体验。
cas-client-core-3.1.12-sources.jar cas-client-core-3.1.12.jar ehcache-1.6.2.jar guice-2.0-javadoc.jar guice-2.0-sources.jar guice-2.0-src.jar guice-2.0.jar httpclient-4.1.1.jar jsr250-api-1.0.jar ...
- `spring-security-cas-client-3.0.2.RELEASE-sources`:提供CAS(Central Authentication Service)客户端支持,实现单点登录(SSO)功能。 - `spring-security-acl-3.0.2.RELEASE-sources`:提供细粒度的访问...
cas-client-core-3.3.3.jar cglib-2.2.2.jar commons-beanutils-1.8.0.jar commons-cli-1.2.jar commons-codec-1.9.jar commons-collections-3.2.1.jar commons-dbcp-1.4.jar commons-fileupload-1.3.1.jar ...
cas-client-core-3.2.1.jar cglib-3.1.jar ckfinder-2.3.jar ckfinderplugin-fileeditor-2.3.jar ckfinderplugin-imageresize-2.3.jar classmate-1.1.0.jar commons-beanutils-1.9.1.jar commons-codec-1.9.jar ...
3 cas client 1.0配置说明 <?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:...
`cas-server-client-springsecurity.zip`是一个针对CAS 5.3的预配置项目,旨在帮助开发者快速建立一个使用MySQL数据库并集成Spring Security客户端的CAS服务器。通过理解CAS的核心功能、MySQL的整合方式以及Spring ...
spring-security-cas-client-3.0.2.RELEASE.jar spring-security-config-3.0.2.RELEASE.jar spring-security-core-3.0.2.RELEASE.jar spring-security-taglibs-3.0.2.RELEASE.jar spring-security-web-3.0.2.RELEASE...
1. **配置CAS客户端**:在Spring Boot应用中,我们需要引入CAS客户端库,例如`spring-security-cas`,并配置相关的CAS服务器地址、服务验证URL等。 2. **配置Spring Security**:在Spring Security的配置类中,设置...
Spring Security 3 与 CAS 单点登录配置 ...使用 Spring Security 3 配置 CAS 单点登录需要配置 Client、`casEntryPoint` 和 `casFilter`。这三个组件一起工作,提供了安全、灵活的身份验证和授权功能。
这个Demo是为那些希望了解如何在Spring Boot应用中整合Spring Security和CAS(Central Authentication Service)服务的开发者准备的。下面将详细介绍这三个核心组件以及它们如何协同工作。 **Spring Boot** Spring ...
此外,为了在CAS服务器和客户端之间进行通信,还需要配置CAS客户端库,例如`cas-client-core-3.3.3`。这通常涉及在Spring Security配置中添加相关的过滤器链来处理CAS的认证请求和响应。 安全约束(security ...
2. **配置Spring Security**:在Spring Security的配置文件(如`security-context.xml`)中,我们需要定义CAS服务器的URL,并声明CAS认证处理器。这包括设置`casServerLoginUrl`、`serverName`等属性,以便Spring ...
3. 解压`cas-client-3.3.3-release.zip`,将客户端库引入你的Web应用项目的依赖。 4. 在你的Web应用中配置CAS客户端,例如在`web.xml`中添加过滤器和监听器。 5. 配置应用服务器,使其指向CAS服务器的位置,并设置...
SpringBoot提供了对CAS的支持,主要通过`spring-security-cas`模块实现。配置CAS客户端时,我们需要在`application.properties`文件中设置CAS服务器的相关URL以及服务端的验证地址。同时,需要添加相应的依赖,使...