hanqunfeng
- 浏览: 1526295 次
- 性别:
- 来自: 北京
-
文章分类
- 全部博客 (225)
- JAVA (27)
- Spring (49)
- Linux (51)
- JavaScript (8)
- Scrum (23)
- IDE (2)
- JSON (2)
- Solr (0)
- Webharvest (0)
- Hibernate (8)
- 杂谈 (3)
- Windows 7 (4)
- 持续集成 (23)
- tomcat (3)
- Android (1)
- SpringSecurity (11)
- Maven (9)
- jotm (3)
- C3P0 (1)
- Active Directory (2)
- cas (1)
- JQuery (2)
- ajax (1)
- plsql (2)
- nginx (4)
- apache (1)
- thrift (7)
- python (3)
- oracle (4)
- php (2)
- redis (1)
- fedora (1)
- windows7 (0)
- SVN (1)
- NFS (1)
- SAMBA (1)
- Atomikos (1)
- apache-poi (1)
- mysql (2)
- vncserver (1)
- mac (2)
- firefox (1)
- JIRA (1)
- p6spy (1)
- git (1)
- github (1)
- gitlab (1)
- gogs (1)
- Druid (1)
- MyBatis (1)
- docker (8)
- zabbix (1)
最新评论
-
lialatd:
您好,我用您的方法通过java api往jira系统中添加is ...
JIRA REST API ---- JAVA -
sprcen945:
可以了,是因为没加intercept-url 的拦截, 尼玛, ...
SpringSecurity3.X--Cas client 配置 -
sprcen945:
请问为什么我配了security.xml后切入点不起作用(之前 ...
SpringSecurity3.X--Cas client 配置 -
linxingyul:
根据楼主的代码 继承了WebMvcConfigurationS ...
SpringMVC4零配置--Web上下文配置【MvcConfig】 -
java_老头:
MvcConfig.java的FilterType.ANNOT ...
SpringMVC4零配置--Web上下文配置【MvcConfig】
目录
SpringSecurity3.X--一个简单实现
SpringSecurity3.X--前台与后台登录认证
SpringSecurity3.X--remember-me
SpringSecurity3.X--验证码
最近参照springsecury3.x的官方帮助文档,对cas客户端进行了配置,确实与springsecurity2.X的配置方式有很大区别,
下面给出SpringSecurity3.X的Cas client配置。
applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"
default-lazy-init="true">
<http entry-point-ref="casEntryPoint" access-decision-manager-ref="accessDecisionManager"
access-denied-page="/access/denied.do" auto-config="false">
<intercept-url pattern="/demo.do*" access="IS_AUTHENTICATED_REMEMBERED" />
<intercept-url pattern="/**/*.do*" access="HODLE" />
<session-management>
<concurrency-control max-sessions="1"
expired-url="/access/same_login.do" error-if-maximum-exceeded="false" />
</session-management>
<custom-filter position="CAS_FILTER" ref="casFilter" />
<custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
<custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />
</http>
<!-- cas 认证过滤器 -->
<beans:bean id="casFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationFailureHandler"
ref="authenticationFailureHandler" />
<beans:property name="authenticationSuccessHandler"
ref="authenticationSuccessHandler" />
<beans:property name="filterProcessesUrl" value="/j_spring_cas_security_check" />
</beans:bean>
<!-- cas 认证失败控制器 -->
<beans:bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/fail.jsp" />
</beans:bean>
<!-- cas 认证成功控制器 -->
<beans:bean id="authenticationSuccessHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<beans:property name="alwaysUseDefaultTargetUrl" value="true" />
<beans:property name="defaultTargetUrl" value="/frame.do" />
</beans:bean>
<!-- 注销客户端 -->
<beans:bean id="singleLogoutFilter"
class="org.jasig.cas.client.session.SingleSignOutFilter" />
<!-- 注销服务器端 -->
<beans:bean id="requestSingleLogoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg
value="https://hello.cas.server:8443/BOSS_CAS_SERVER/logout" />
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/j_spring_cas_security_logout" />
</beans:bean>
<!-- 登录成功后的返回地址 -->
<beans:bean id="serviceProperties"
class="org.springframework.security.cas.ServiceProperties">
<beans:property name="service"
value="http://hello.cas.server:8081/spring/j_spring_cas_security_check" />
<beans:property name="sendRenew" value="false" />
</beans:bean>
<!-- CAS认证切入点,声明cas服务器端登录的地址 -->
<beans:bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<beans:property name="loginUrl"
value="https://hello.cas.server:8443/BOSS_CAS_SERVER/login" />
<beans:property name="serviceProperties" ref="serviceProperties" />
</beans:bean>
<!-- cas认证提供器,定义客户端的验证方式 -->
<beans:bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<!-- 客户端只验证用户名是否合法 -->
<beans:property name="authenticationUserDetailsService">
<beans:bean
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:constructor-arg ref="userService" />
</beans:bean>
</beans:property>
<beans:property name="serviceProperties" ref="serviceProperties" />
<beans:property name="ticketValidator">
<beans:bean
class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<beans:constructor-arg index="0"
value="https://hello.cas.server:8443/BOSS_CAS_SERVER" />
</beans:bean>
</beans:property>
<beans:property name="key"
value="an_id_for_this_auth_provider_only" />
</beans:bean>
<!-- 在认证管理器中注册cas认证提供器 -->
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthenticationProvider" />
</authentication-manager>
<!-- 事件日志 -->
<beans:bean id="loggerListener"
class="org.springframework.security.authentication.event.LoggerListener" />
<!-- 获取客户端用户 -->
<beans:bean id="userService" class="com.piaoyi.common.security.UserService" />
<!-- 认证拦截器,用于客户端权限验证 -->
<beans:bean id="accessDecisionManager"
class="org.springframework.security.access.vote.AffirmativeBased">
<beans:property name="decisionVoters">
<beans:list>
<beans:bean class="org.springframework.security.access.vote.RoleVoter" />
<beans:bean
class="org.springframework.security.access.vote.AuthenticatedVoter" />
<beans:bean class="com.piaoyi.common.security.DynamicRoleVoter" />
</beans:list>
</beans:property>
</beans:bean>
</beans:beans>
除了自定义了UserService(客户端用户验证)和DynamicRoleVoter(客户端权限投票器)外,其它均是springsecurity自己的组件。
关于上面两个类的实现,可以参考
SpringSecurity3.X--一个简单实现
另外,为了使注销生效,需要在web.xml中增加一个cas注销监听器,如下:
web.xml
<listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener>
ok,完成。
分享到:
评论
8 楼
sprcen945
2017-02-27
可以了,
是因为没加intercept-url 的拦截, 尼玛,想死的心都有,谢谢大神
是因为没加intercept-url 的拦截, 尼玛,想死的心都有,谢谢大神
7 楼
sprcen945
2017-02-27
请问为什么我配了security.xml后切入点不起作用(之前这个配置是配的本地认证登录的,没有问题,WEB.XML里加载了这个XML),它现在不跳到CAS服务登录,直接进入WEB.XML
配置的welcome list里面的页面了,WEB.XML还要配置什么吗?除了退出监听。我是这么配置的:(靠,粘贴不了图片,我粘文字吧)基本是复制上面的,看到麻烦回复一下,不进跳到配置的loginUrl页面,晕了,搞了好几天都没成功,谢谢
<http entry-point-ref="casEntryPoint" auto-config="true">
<session-management>
<concurrency-control max-sessions="1"
expired-url="/index.jsp?f=2" error-if-maximum-exceeded="false" />
</session-management>
<custom-filter ref="casFilter" after="CAS_FILTER"/>
</http>
<!-- CAS认证切入点,声明cas服务器端登录的地址 -->
<beans:bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<beans:property name="loginUrl" value="http://localhost:8088/cas/login" />
<beans:property name="serviceProperties" ref="serviceProperties" />
</beans:bean>
<beans:bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
<beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
<beans:property name="filterProcessesUrl" value="/j_spring_cas_security_check" />
</beans:bean>
<!-- 登录成功后的返回地址 -->
<beans:bean id="serviceProperties"
class="org.springframework.security.cas.ServiceProperties">
<beans:property name="service" value="http://localhost:8080/esm_sjs/j_spring_cas_security_check" />
<beans:property name="sendRenew" value="false" />
</beans:bean>
<!-- 在认证管理器中注册cas认证提供器 -->
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthenticationProvider" />
</authentication-manager>
<!-- cas 认证失败控制器 -->
<beans:bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/index.jsp?f=1" />
</beans:bean>
<!-- cas 认证成功控制器 -->
<beans:bean id="authenticationSuccessHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<beans:property name="alwaysUseDefaultTargetUrl" value="true" />
<beans:property name="defaultTargetUrl" value="/frame/default/esm/welcome.jsp" />
</beans:bean>
<!-- cas认证提供器,定义客户端的验证方式 -->
<beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<!-- 客户端只验证用户名是否合法 -->
<beans:property name="authenticationUserDetailsService">
<beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:constructor-arg ref="userService" />
</beans:bean>
</beans:property>
<beans:property name="serviceProperties" ref="serviceProperties" />
<beans:property name="ticketValidator">
<beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<beans:constructor-arg index="0" value="http://localhost:8088/cas" />
</beans:bean>
</beans:property>
<beans:property name="key" value="an_id_for_this_auth_provider_only" />
</beans:bean>
配置的welcome list里面的页面了,WEB.XML还要配置什么吗?除了退出监听。我是这么配置的:(靠,粘贴不了图片,我粘文字吧)基本是复制上面的,看到麻烦回复一下,不进跳到配置的loginUrl页面,晕了,搞了好几天都没成功,谢谢
<http entry-point-ref="casEntryPoint" auto-config="true">
<session-management>
<concurrency-control max-sessions="1"
expired-url="/index.jsp?f=2" error-if-maximum-exceeded="false" />
</session-management>
<custom-filter ref="casFilter" after="CAS_FILTER"/>
</http>
<!-- CAS认证切入点,声明cas服务器端登录的地址 -->
<beans:bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<beans:property name="loginUrl" value="http://localhost:8088/cas/login" />
<beans:property name="serviceProperties" ref="serviceProperties" />
</beans:bean>
<beans:bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
<beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
<beans:property name="filterProcessesUrl" value="/j_spring_cas_security_check" />
</beans:bean>
<!-- 登录成功后的返回地址 -->
<beans:bean id="serviceProperties"
class="org.springframework.security.cas.ServiceProperties">
<beans:property name="service" value="http://localhost:8080/esm_sjs/j_spring_cas_security_check" />
<beans:property name="sendRenew" value="false" />
</beans:bean>
<!-- 在认证管理器中注册cas认证提供器 -->
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthenticationProvider" />
</authentication-manager>
<!-- cas 认证失败控制器 -->
<beans:bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/index.jsp?f=1" />
</beans:bean>
<!-- cas 认证成功控制器 -->
<beans:bean id="authenticationSuccessHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<beans:property name="alwaysUseDefaultTargetUrl" value="true" />
<beans:property name="defaultTargetUrl" value="/frame/default/esm/welcome.jsp" />
</beans:bean>
<!-- cas认证提供器,定义客户端的验证方式 -->
<beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<!-- 客户端只验证用户名是否合法 -->
<beans:property name="authenticationUserDetailsService">
<beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:constructor-arg ref="userService" />
</beans:bean>
</beans:property>
<beans:property name="serviceProperties" ref="serviceProperties" />
<beans:property name="ticketValidator">
<beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<beans:constructor-arg index="0" value="http://localhost:8088/cas" />
</beans:bean>
</beans:property>
<beans:property name="key" value="an_id_for_this_auth_provider_only" />
</beans:bean>
6 楼
eric_8409
2013-05-14
我配置的是http的 不是https的 ,经观察发现跳转成功后的jsessionid 和SingleSignOutFilter中获得的ticket(st)也就是token配对的jsessionid不是同一个
5 楼
hanqunfeng
2013-05-14
eric_8409 写道
您好,我最近在也在研究这个,发现这样配置,默认第一次进来就会跳转到<beans:bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/fail.jsp" />
</beans:bean> fail.jsp这个的页面,不知道为什么,请帮忙看看,这是我的配置
<s:http auto-config="true" entry-point-ref="casAuthenticationEntryPoint" use-expressions="true">
<s:session-management
session-authentication-strategy-ref="sessionAuthenticationStrategy" />
<s:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<s:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></s:custom-filter>
<s:custom-filter before="LOGOUT_FILTER" ref="requestSingleLogoutFilter"/>
<s:custom-filter before="CAS_FILTER" ref="singleLogoutFilter"/>
<s:intercept-url pattern="/resources/**" filters="none" />
<s:intercept-url pattern="/index.jsp" access="none" />
<s:intercept-url pattern="/secure/skin/*" access="hasAnyRole('ROLE_皮肤管理')" />
<s:intercept-url pattern="/secure/user/*" access="hasAnyRole('ROLE_用户管理')" />
<s:intercept-url pattern="/secure/role/*" access="hasAnyRole('ROLE_角色管理')" />
<s:intercept-url pattern="/secure/documentBook/*" access="hasAnyRole('ROLE_内容管理')" />
<s:intercept-url pattern="/secure/document/*" access="hasAnyRole('ROLE_出版物管理')" />
<s:intercept-url pattern="/secure/comment/*" access="hasAnyRole('ROLE_评论管理')" />
<s:intercept-url pattern="/secure/clientInfoSingle/*" access="hasAnyRole('ROLE_应用管理')" />
<s:intercept-url pattern="/secure/clientinfo/*" access="hasAnyRole('ROLE_应用管理')" />
<s:intercept-url pattern="/secure/suggestFreeback/*" access="hasAnyRole('ROLE_意见反馈')" />
<s:intercept-url pattern="/secure/log/*" access="hasAnyRole('ROLE_系统日志')" />
</s:http>
<s:authentication-manager alias="authenticationManager">
<s:authentication-provider ref="casAuthenticationProvider"></s:authentication-provider>
</s:authentication-manager>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="http://172.19.34.57:8080/cpplatform1/j_spring_cas_security_check"></property>
<property name="sendRenew" value="false"></property>
</bean>
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"></property>
<property name="filterProcessesUrl" value="/j_spring_cas_security_check" ></property>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler" >
<property name="alwaysUseDefaultTargetUrl" value="true"/>
<property name="defaultTargetUrl" value="/secure/home"/>
</bean>
</property>
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" >
<property name="defaultFailureUrl" value="/error/index.jsp"/>
</bean>
</property>
<property name="sessionAuthenticationStrategy"
ref="sessionAuthenticationStrategy" />
</bean>
<bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="http://172.19.34.57:8080/cas/login"></property>
<property name="serviceProperties" ref="serviceProperties"></property>
</bean>
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/>
<property name="serviceProperties" ref="serviceProperties"></property>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="http://172.19.34.57:8080/cas" />
</bean>
</property>
<property name="key" value="cas"></property>
</bean>
<bean id="authenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"></bean>
<!-- 退出 -->
<bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="http://172.19.34.57:8080/cas/logout?service=http://172.19.34.57:8080/cpplatform1/"></constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"></bean>
</constructor-arg>
<property name="filterProcessesUrl" value="/j_spring_cas_serurity_logout"/>
</bean>
<bean id="sessionAuthenticationStrategy"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<constructor-arg name="sessionRegistry"
ref="sessionRegistry" />
<property name="maximumSessions" value="1" />
</bean>
<bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
<bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="expiredUrl" value="/error/index1.jsp" />
</bean>
<!-- 项目实现的用户查询服务 -->
............
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/fail.jsp" />
</beans:bean> fail.jsp这个的页面,不知道为什么,请帮忙看看,这是我的配置
<s:http auto-config="true" entry-point-ref="casAuthenticationEntryPoint" use-expressions="true">
<s:session-management
session-authentication-strategy-ref="sessionAuthenticationStrategy" />
<s:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<s:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></s:custom-filter>
<s:custom-filter before="LOGOUT_FILTER" ref="requestSingleLogoutFilter"/>
<s:custom-filter before="CAS_FILTER" ref="singleLogoutFilter"/>
<s:intercept-url pattern="/resources/**" filters="none" />
<s:intercept-url pattern="/index.jsp" access="none" />
<s:intercept-url pattern="/secure/skin/*" access="hasAnyRole('ROLE_皮肤管理')" />
<s:intercept-url pattern="/secure/user/*" access="hasAnyRole('ROLE_用户管理')" />
<s:intercept-url pattern="/secure/role/*" access="hasAnyRole('ROLE_角色管理')" />
<s:intercept-url pattern="/secure/documentBook/*" access="hasAnyRole('ROLE_内容管理')" />
<s:intercept-url pattern="/secure/document/*" access="hasAnyRole('ROLE_出版物管理')" />
<s:intercept-url pattern="/secure/comment/*" access="hasAnyRole('ROLE_评论管理')" />
<s:intercept-url pattern="/secure/clientInfoSingle/*" access="hasAnyRole('ROLE_应用管理')" />
<s:intercept-url pattern="/secure/clientinfo/*" access="hasAnyRole('ROLE_应用管理')" />
<s:intercept-url pattern="/secure/suggestFreeback/*" access="hasAnyRole('ROLE_意见反馈')" />
<s:intercept-url pattern="/secure/log/*" access="hasAnyRole('ROLE_系统日志')" />
</s:http>
<s:authentication-manager alias="authenticationManager">
<s:authentication-provider ref="casAuthenticationProvider"></s:authentication-provider>
</s:authentication-manager>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="http://172.19.34.57:8080/cpplatform1/j_spring_cas_security_check"></property>
<property name="sendRenew" value="false"></property>
</bean>
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"></property>
<property name="filterProcessesUrl" value="/j_spring_cas_security_check" ></property>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler" >
<property name="alwaysUseDefaultTargetUrl" value="true"/>
<property name="defaultTargetUrl" value="/secure/home"/>
</bean>
</property>
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" >
<property name="defaultFailureUrl" value="/error/index.jsp"/>
</bean>
</property>
<property name="sessionAuthenticationStrategy"
ref="sessionAuthenticationStrategy" />
</bean>
<bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="http://172.19.34.57:8080/cas/login"></property>
<property name="serviceProperties" ref="serviceProperties"></property>
</bean>
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/>
<property name="serviceProperties" ref="serviceProperties"></property>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="http://172.19.34.57:8080/cas" />
</bean>
</property>
<property name="key" value="cas"></property>
</bean>
<bean id="authenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"></bean>
<!-- 退出 -->
<bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="http://172.19.34.57:8080/cas/logout?service=http://172.19.34.57:8080/cpplatform1/"></constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"></bean>
</constructor-arg>
<property name="filterProcessesUrl" value="/j_spring_cas_serurity_logout"/>
</bean>
<bean id="sessionAuthenticationStrategy"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<constructor-arg name="sessionRegistry"
ref="sessionRegistry" />
<property name="maximumSessions" value="1" />
</bean>
<bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
<bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="expiredUrl" value="/error/index1.jsp" />
</bean>
<!-- 项目实现的用户查询服务 -->
............
https证书配置成功了吗?
4 楼
eric_8409
2013-05-13
您好,我最近在也在研究这个,发现这样配置,默认第一次进来就会跳转到<beans:bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/fail.jsp" />
</beans:bean> fail.jsp这个的页面,不知道为什么,请帮忙看看,这是我的配置
<s:http auto-config="true" entry-point-ref="casAuthenticationEntryPoint" use-expressions="true">
<s:session-management
session-authentication-strategy-ref="sessionAuthenticationStrategy" />
<s:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<s:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></s:custom-filter>
<s:custom-filter before="LOGOUT_FILTER" ref="requestSingleLogoutFilter"/>
<s:custom-filter before="CAS_FILTER" ref="singleLogoutFilter"/>
<s:intercept-url pattern="/resources/**" filters="none" />
<s:intercept-url pattern="/index.jsp" access="none" />
<s:intercept-url pattern="/secure/skin/*" access="hasAnyRole('ROLE_皮肤管理')" />
<s:intercept-url pattern="/secure/user/*" access="hasAnyRole('ROLE_用户管理')" />
<s:intercept-url pattern="/secure/role/*" access="hasAnyRole('ROLE_角色管理')" />
<s:intercept-url pattern="/secure/documentBook/*" access="hasAnyRole('ROLE_内容管理')" />
<s:intercept-url pattern="/secure/document/*" access="hasAnyRole('ROLE_出版物管理')" />
<s:intercept-url pattern="/secure/comment/*" access="hasAnyRole('ROLE_评论管理')" />
<s:intercept-url pattern="/secure/clientInfoSingle/*" access="hasAnyRole('ROLE_应用管理')" />
<s:intercept-url pattern="/secure/clientinfo/*" access="hasAnyRole('ROLE_应用管理')" />
<s:intercept-url pattern="/secure/suggestFreeback/*" access="hasAnyRole('ROLE_意见反馈')" />
<s:intercept-url pattern="/secure/log/*" access="hasAnyRole('ROLE_系统日志')" />
</s:http>
<s:authentication-manager alias="authenticationManager">
<s:authentication-provider ref="casAuthenticationProvider"></s:authentication-provider>
</s:authentication-manager>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="http://172.19.34.57:8080/cpplatform1/j_spring_cas_security_check"></property>
<property name="sendRenew" value="false"></property>
</bean>
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"></property>
<property name="filterProcessesUrl" value="/j_spring_cas_security_check" ></property>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler" >
<property name="alwaysUseDefaultTargetUrl" value="true"/>
<property name="defaultTargetUrl" value="/secure/home"/>
</bean>
</property>
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" >
<property name="defaultFailureUrl" value="/error/index.jsp"/>
</bean>
</property>
<property name="sessionAuthenticationStrategy"
ref="sessionAuthenticationStrategy" />
</bean>
<bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="http://172.19.34.57:8080/cas/login"></property>
<property name="serviceProperties" ref="serviceProperties"></property>
</bean>
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/>
<property name="serviceProperties" ref="serviceProperties"></property>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="http://172.19.34.57:8080/cas" />
</bean>
</property>
<property name="key" value="cas"></property>
</bean>
<bean id="authenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"></bean>
<!-- 退出 -->
<bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="http://172.19.34.57:8080/cas/logout?service=http://172.19.34.57:8080/cpplatform1/"></constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"></bean>
</constructor-arg>
<property name="filterProcessesUrl" value="/j_spring_cas_serurity_logout"/>
</bean>
<bean id="sessionAuthenticationStrategy"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<constructor-arg name="sessionRegistry"
ref="sessionRegistry" />
<property name="maximumSessions" value="1" />
</bean>
<bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
<bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="expiredUrl" value="/error/index1.jsp" />
</bean>
<!-- 项目实现的用户查询服务 -->
............
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/fail.jsp" />
</beans:bean> fail.jsp这个的页面,不知道为什么,请帮忙看看,这是我的配置
<s:http auto-config="true" entry-point-ref="casAuthenticationEntryPoint" use-expressions="true">
<s:session-management
session-authentication-strategy-ref="sessionAuthenticationStrategy" />
<s:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<s:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></s:custom-filter>
<s:custom-filter before="LOGOUT_FILTER" ref="requestSingleLogoutFilter"/>
<s:custom-filter before="CAS_FILTER" ref="singleLogoutFilter"/>
<s:intercept-url pattern="/resources/**" filters="none" />
<s:intercept-url pattern="/index.jsp" access="none" />
<s:intercept-url pattern="/secure/skin/*" access="hasAnyRole('ROLE_皮肤管理')" />
<s:intercept-url pattern="/secure/user/*" access="hasAnyRole('ROLE_用户管理')" />
<s:intercept-url pattern="/secure/role/*" access="hasAnyRole('ROLE_角色管理')" />
<s:intercept-url pattern="/secure/documentBook/*" access="hasAnyRole('ROLE_内容管理')" />
<s:intercept-url pattern="/secure/document/*" access="hasAnyRole('ROLE_出版物管理')" />
<s:intercept-url pattern="/secure/comment/*" access="hasAnyRole('ROLE_评论管理')" />
<s:intercept-url pattern="/secure/clientInfoSingle/*" access="hasAnyRole('ROLE_应用管理')" />
<s:intercept-url pattern="/secure/clientinfo/*" access="hasAnyRole('ROLE_应用管理')" />
<s:intercept-url pattern="/secure/suggestFreeback/*" access="hasAnyRole('ROLE_意见反馈')" />
<s:intercept-url pattern="/secure/log/*" access="hasAnyRole('ROLE_系统日志')" />
</s:http>
<s:authentication-manager alias="authenticationManager">
<s:authentication-provider ref="casAuthenticationProvider"></s:authentication-provider>
</s:authentication-manager>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="http://172.19.34.57:8080/cpplatform1/j_spring_cas_security_check"></property>
<property name="sendRenew" value="false"></property>
</bean>
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"></property>
<property name="filterProcessesUrl" value="/j_spring_cas_security_check" ></property>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler" >
<property name="alwaysUseDefaultTargetUrl" value="true"/>
<property name="defaultTargetUrl" value="/secure/home"/>
</bean>
</property>
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" >
<property name="defaultFailureUrl" value="/error/index.jsp"/>
</bean>
</property>
<property name="sessionAuthenticationStrategy"
ref="sessionAuthenticationStrategy" />
</bean>
<bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="http://172.19.34.57:8080/cas/login"></property>
<property name="serviceProperties" ref="serviceProperties"></property>
</bean>
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/>
<property name="serviceProperties" ref="serviceProperties"></property>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="http://172.19.34.57:8080/cas" />
</bean>
</property>
<property name="key" value="cas"></property>
</bean>
<bean id="authenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"></bean>
<!-- 退出 -->
<bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="http://172.19.34.57:8080/cas/logout?service=http://172.19.34.57:8080/cpplatform1/"></constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"></bean>
</constructor-arg>
<property name="filterProcessesUrl" value="/j_spring_cas_serurity_logout"/>
</bean>
<bean id="sessionAuthenticationStrategy"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<constructor-arg name="sessionRegistry"
ref="sessionRegistry" />
<property name="maximumSessions" value="1" />
</bean>
<bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
<bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="expiredUrl" value="/error/index1.jsp" />
</bean>
<!-- 项目实现的用户查询服务 -->
............
3 楼
desirej
2013-04-11
请问楼主,cas server怎么把username传给你的UserService实现的那个接口呢?
2 楼
hanqunfeng
2011-10-09
xzcgeorge 写道
谢谢分享。辛苦了。
不知楼主用的CAS server 是3.x 还是2.x?
spring security 3.x 能否与 cas server V2.x一起使用?
谢谢。
不知楼主用的CAS server 是3.x 还是2.x?
spring security 3.x 能否与 cas server V2.x一起使用?
谢谢。
cas server的版本是3.x,springsecurity2.X和springsecurity3.X都可以,不确定是否支持cas server 2.x,你可以测试看看。
cas-client-core-3.1.3.jar
cas-server-core-3.3.2.jar
1 楼
xzcgeorge
2011-10-02
谢谢分享。辛苦了。
不知楼主用的CAS server 是3.x 还是2.x?
spring security 3.x 能否与 cas server V2.x一起使用?
谢谢。
不知楼主用的CAS server 是3.x 还是2.x?
spring security 3.x 能否与 cas server V2.x一起使用?
谢谢。
发表评论
-
Druid学习笔记
2016-10-07 11:55 2444官方网站:https://github.com/aliba ... -
Spring Cache注解+Redis
2015-01-15 13:36 54434Spring3.1 Cache注解 依赖jar包: ... -
Spring Cache注解+Memcached
2015-01-12 16:11 20392Spring3.1 Cache注解 依赖jar包: ... -
Spring4+Hibernate4+Atomikos3.3多数据源事务管理
2014-09-25 10:46 8336Spring3+后不再对JTOM提供支持,所以可以改用At ... -
SpringMVC4零配置--Web上下文配置【MvcConfig】
2014-09-10 18:22 73350与SpringSecurity的配置类似,spring同样 ... -
SpringMVC4零配置--SpringSecurity相关配置【SpringSecurityConfig】
2014-09-10 18:22 71916SpringSecurity的配置相对来说有些复杂,如果 ... -
SpringMVC4零配置--应用上下文配置【AppConfig】
2014-09-10 18:21 26473从spring3.0开始,Spring将JavaConfi ... -
SpringMVC4零配置--web.xml
2014-09-10 18:21 98634servlet3.0+规范后,允许servlet,filt ... -
SpringMVC4零配置
2014-09-05 19:11 89907基于Servlet3.0规范和SpringMVC4注解式配 ... -
SpringSecurity3.X--SpEL 表达式
2014-07-17 10:03 2961使用 Spring 表达式语言配置访问控制,要实现这一功能 ... -
SpringSecurity3.X--LDAP:AD配置
2014-07-08 17:08 5518前面介绍过基于本地数据库验证的方式,参考http://ha ... -
Thrift--JSClient
2013-09-26 14:45 5914thrift提供了基于jquery--ajax的客户端调用 ... -
Thrift--Spring集成ThriftServlet
2013-09-25 11:42 11080Thrift除了可以通过TCP协议访问,还可以通过HTTP ... -
Thrift转SpringHttpInvoker
2013-09-24 13:26 1728关于在spring中集成Thrift请参看:http://h ... -
Spring集成Thrift--Server AND Client
2013-09-04 20:13 13714Thrift网上有N多教程, ... -
C3P0配置实战
2012-09-04 18:34 51850C3P0: 一个开源的JDBC连接池,它实现了数据源和JN ... -
spring+jotm 多数据源事务管理(三)JNDI+Tomcat
2012-06-07 16:27 5221spring+jotm 多数据源事务管理系列 spr ... -
spring+jotm 多数据源事务管理(二)hibernate
2012-06-07 11:20 2814spring+jotm 多数据源事务管理系列 spr ... -
spring+jotm 多数据源事务管理(一)jdbc
2012-06-07 11:00 5232spring+jotm 多数据源事务管理系列 spr ... -
SpringSecurity3.X--Cas client 配置之配置session-management遇到的问题(2)
2011-10-27 14:19 2097关于“SpringSecurity3.X--Cas clien ...
相关推荐
CAS - spring-security-cas-client.jar 1.4.1.7. OpenID - spring-security-openid.jar 1.4.2. 获得源代码 2. Security命名空间配置 2.1. 介绍 2.1.1. 命名空间的设计 2.2. 开始使用安全命名空间配置 2.2.1....
spring-security-cas-client-2.0.4.jar
spring-security-cas-client-3.0.3.RELEASE-sources.jar spring-security-config-3.0.3.RELEASE-sources.jar spring-security-core-3.0.3.RELEASE-sources.jar spring-security-ldap-3.0.3.RELEASE-sources.jar ...
CAS - spring-security-cas-client.jar 1.4.1.7. OpenID - spring-security-openid.jar 1.4.2. 获得源代码 2. Security命名空间配置 2.1. 介绍 2.1.1. 命名空间的设计 2.2. 开始使用安全命名空间配置 ...
spring-security-cas-client-3.0.3.RELEASE.jar spring-security-config-3.0.3.RELEASE.jar spring-security-core-3.0.3.RELEASE.jar spring-security-ldap-3.0.3.RELEASE.jar spring-security-openid-3.0.3....
cas-client-core-3.1.12-sources.jar cas-client-core-3.1.12.jar ehcache-1.6.2.jar guice-2.0-javadoc.jar guice-2.0-sources.jar guice-2.0-src.jar guice-2.0.jar httpclient-4.1.1.jar jsr250-api-1.0.jar ...
CAS - spring-security-cas-client.jar 1.4.1.7. OpenID - spring-security-openid.jar 1.4.2. 获得源代码 2. Security 命名空间配置 2.1. 介绍 2.1.1. 命名空间的设计 2.2. 开始使用安全命名空间配置 ...
cas-client-core-3.3.3.jar cglib-2.2.2.jar commons-beanutils-1.8.0.jar commons-cli-1.2.jar commons-codec-1.9.jar commons-collections-3.2.1.jar commons-dbcp-1.4.jar commons-fileupload-1.3.1.jar ...
3 cas client 1.0配置说明 <?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:...
spring-security-cas-client-3.0.2.RELEASE.jar spring-security-config-3.0.2.RELEASE.jar spring-security-core-3.0.2.RELEASE.jar spring-security-taglibs-3.0.2.RELEASE.jar spring-security-web-3.0.2.RELEASE...
cas-client-core-3.2.1.jar cglib-3.1.jar ckfinder-2.3.jar ckfinderplugin-fileeditor-2.3.jar ckfinderplugin-imageresize-2.3.jar classmate-1.1.0.jar commons-beanutils-1.9.1.jar commons-codec-1.9.jar ...
springboot+security+cas集成demo。。
cas 5.3 overlay 整合MySQL 整合普通客户端,整合springsecurity客户端
本篇文章主要介绍了spring boot整合CAS Client实现单点登陆验证的示例,小编觉得挺不错的,现在分享给大家,也给大家做个参考。一起跟随小编过来看看吧
受 Spring Security CAS 客户端保护的 Java webapp ( ) Maven 演示使用来自 Spring Security 项目 (v3.2.5) 的 CAS 客户端来保护 Web 应用程序。 使用mvn clean compile jetty:run在上启动 webapp。 url '...
Spring Security 的前身是 Acegi Security ,是 Spring 项目组中用来提供安全认证服务的框架。 Spring Security 为基于J2EE企业应用软件提供了全面安全服务。特别是使用领先的J2EE解决方案-Spring框架开发的企业...
Security(client-spring-security) 三种客户端。 使用单机完成了三个客户端的 SSO 。 使用多机完成了三个客户端的 SSO 。 CAS without SSL 。 整合遗留系统。 相关软件 cas-server-3.4.11 cas-client-core 3.2.0 ...
spring boot整合spring security 实现SSO单点登陆 完整DEMO. 1、配置本地hosts 127.0.0.1 sso-login 127.0.0.1 sso-resource 127.0.0.1 sso-tmall 127.0.0.1 sso-taobao windows系统的路径在C:\WINDOWS\system...
CAS 包含两个部分: CAS Server 和 CAS Client 。 CAS Server :其实就是一个war包,CAS框架已经提供。只需要把部署到web服务器上即可,主要负责对用户的认证工作。 在文章末尾的示例项目中提供。 CAS Client...
cas server overlay 搭建方式,和spring security 加密算法集成