SpringSecurity3整合CAS

发布时间:2019-09-16 07:13:59编辑:auto阅读(1773)

    SpringSecurity本身已经做好了与CAS的集成工作,只需要我们做简单配置就可以了

    步骤1 spring-cas.xml配置文件内容如下(完整版)

     

    1. <?xml version="1.0" encoding="UTF-8"?> 
    2. <beans:beans xmlns="http://www.springframework.org/schema/security" 
    3.     xmlns:context="http://www.springframework.org/schema/context" 
    4.     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" 
    5.     xmlns:beans="http://www.springframework.org/schema/beans" 
    6.     xsi:schemaLocation="  http://www.springframework.org/schema/context  http://www.springframework.org/schema/context/spring-context-2.5.xsd  
    7.            http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd    
    8.            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"  
    9.     default-lazy-init="true"> 
    10.     <context:component-scan base-package="com.itec.core" /> 
    11. <!--SSO --> 
    12.     <http auto-config="false" entry-point-ref="casEntryPoint" servlet-api-provision="true">    
    13.         <intercept-url pattern="/login.do" filters="none" /> 
    14.         <intercept-url pattern="/p_w_picpath.do" filters="none" /> 
    15.         <intercept-url pattern="/admin/*.do*" access="ROLE_LOGIN" />   
    16.         <!-- logout-success-url="/login.html" -->    
    17. <!--        <logout logout-url="/login.do" success-handler-ref="casLogoutSuccessHandler"/>   --> 
    18.         <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />   
    19.         <custom-filter position="FORM_LOGIN_FILTER" ref="casFilter"/>    
    20.         <custom-filter ref="singleLogoutFilter" before="CAS_FILTER" /> 
    21.     </http>   
    22.  
    23.     <beans:bean id="casEntryPoint"  class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">    
    24.         <beans:property name="loginUrl" value="http://172.19.50.21:9083/HASLSSO/login"/>    
    25.         <beans:property name="serviceProperties" ref="serviceProperties"/>    
    26.     </beans:bean> 
    27.     <beans:bean id="serviceProperties"  class="org.springframework.security.cas.ServiceProperties">    
    28.         <beans:property name="service"  value="http://172.19.4.225:8080/HACMS/j_spring_cas_security_check"/>    
    29.         <beans:property name="sendRenew" value="false"/>    
    30.     </beans:bean> 
    31.  
    32.     <beans:bean id="casFilter"  class="org.springframework.security.cas.web.CasAuthenticationFilter">    
    33.         <beans:property name="authenticationManager" ref="authenticationManager"/>    
    34.     </beans:bean>    
    35.         
    36.     <authentication-manager alias="authenticationManager">    
    37.         <authentication-provider ref="casAuthenticationProvider"/>   
    38.     </authentication-manager>    
    39.         
    40.     <beans:bean id="casAuthenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">    
    41.         <beans:property name="userDetailsService" >    
    42.             <beans:ref bean="userDetailsManager" />    
    43.         </beans:property>    
    44.     </beans:bean>    
    45.        
    46.     <beans:bean id="casAuthenticationProvider"    
    47.             class="org.springframework.security.cas.authentication.CasAuthenticationProvider">    
    48.         <beans:property name="authenticationUserDetailsService" ref="casAuthenticationUserDetailsService"/>    
    49.         <beans:property name="serviceProperties" ref="serviceProperties" />    
    50.         <beans:property name="ticketValidator">    
    51.             <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">    
    52.                 <beans:constructor-arg index="0" value="http://172.19.50.21:9083/HASLSSO" />    
    53.             </beans:bean>    
    54.         </beans:property>    
    55.         <beans:property name="key" value="an_id_for_this_auth_provider_only"/>    
    56.     </beans:bean>    
    57.  
    58.     <!-- 注销客户端 --> 
    59.     <beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" /> 
    60.  
    61.     <!-- 注销服务器端 --> 
    62.     <beans:bean id="requestSingleLogoutFilter" 
    63.     class="org.springframework.security.web.authentication.logout.LogoutFilter"> 
    64.     <beans:constructor-arg 
    65.     value="http://172.19.50.21:9083/HASLSSO/logout" /> 
    66.     <beans:constructor-arg> 
    67.     <beans:bean 
    68.     class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/> 
    69.     </beans:constructor-arg> 
    70.     <beans:property name="filterProcessesUrl" value="/j_spring_cas_security_logout" /> 
    71.     </beans:bean> 
    72.  
    73. </beans:beans>    

     

    步骤2 之前的UserDetailsManager不需要改任何代码

     

    1. @Service 
    2. public class UserDetailsManager implements UserDetailsService { 

    步骤3 web.xml需要修改一点东西,不加载Security的配置文件就行了

     

    1. <context-param> 
    2.         <param-name>contextConfigLocation</param-name> 
    3.         <!-- 使用工程本身验证 --> 
    4.         <param-value>/WEB-INF/spring-config.xml,/WEB-INF/spring-freemarker.xml,/WEB-INF/spring-jpa.xml,/WEB-INF/spring-security.xml</param-value> 
    5.         <!-- 使用 SSO 验证 --> 
    6. <!--        <param-value>/WEB-INF/spring-config.xml,/WEB-INF/spring-freemarker.xml,/WEB-INF/spring-jpa.xml,/WEB-INF/spring-cas.xml</param-value> --> 
    7.     </context-param> 

    大功告成~!

关键字

上一篇: python之多进程multiproce

下一篇: Python自动化开发学习19-Djan