具有自定义外部表单和弹簧安全性的 CAS 身份验证
Posted
技术标签:
【中文标题】具有自定义外部表单和弹簧安全性的 CAS 身份验证【英文标题】:CAS Authentication with custom external form and spring security 【发布时间】:2015-12-06 16:33:04 【问题描述】:目前我们正在使用 jasig CAS 服务器进行 SSO 解决方案。我们有两个使用相同 CAS 服务器的 Web 应用程序。我们正在使用 spring security 来配置 CAS 客户端。示例代码如下:
<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
<sec:filter-chain-map path-type="ant" >
<sec:filter-chain pattern="/j_spring_security_logout(.jsp)*" filters="appLogoutFilter,exceptionTranslationFilter,filterSecurityInterceptor"/>
<sec:filter-chain pattern="/**"
filters="securityContextPersistenceFilter,requestSingleLogoutFilter,appLogoutFilter,casAuthenticationFilter,requestCacheFilter,contextAwareFilter,exceptionTranslationFilter,filterSecurityInterceptor" />
</sec:filter-chain-map>
</bean>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="casAuthenticationProvider" />
</sec:authentication-manager>
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService" ref="userDetailsServiceWrapper"/>
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator" ref="ticketValidator"/>
<property name="key" value="an_id_for_this_auth_provider_only"/>
</bean>
<bean id="userDetailsServiceWrapper" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<property name="userDetailsService" ref="lormsSecurityUserDetailsService"/>
</bean>
<bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
<constructor-arg ref="casEntryPoint"/>
<property name="accessDeniedHandler" ref="accessDeniedHandler"/>
</bean>
<bean id="appLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="/j_spring_cas_security_logout"/>
<constructor-arg>
<list>
<ref bean="lormsLogOutHandler"/>
</list>
</constructor-arg>
<property name="logoutRequestMatcher">
<bean class="org.springframework.security.web.util.matcher.RegexRequestMatcher">
<constructor-arg name="pattern" value="/j_spring_security_logout(.jsp)*" />
<constructor-arg name="httpMethod">
<null/>
</constructor-arg>
</bean>
</property>
</bean>
<!-- This filter redirects to the CAS Server to signal Single Logout should be performed ?service=$singleSignOn.cas.app.url/LORMS -->
<bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="$singleSignOn.cas.server.url/logout?service=$singleSignOn.cas.app.url/LORMS"/>
<constructor-arg>
<bean class= "org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
</constructor-arg>
<property name="logoutRequestMatcher">
<bean class="org.springframework.security.web.util.matcher.RegexRequestMatcher">
<constructor-arg name="pattern" value="/j_spring_cas_security_logout(.jsp)*" />
<constructor-arg name="httpMethod">
<null/>
</constructor-arg>
</bean>
</property>
</bean>
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator" id="ticketValidator">
<constructor-arg index="0" value="$singleSignOn.cas.server.url" />
</bean>
<bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/>
</bean>
<bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="$singleSignOn.cas.server.url/login"/>
<property name="serviceProperties" ref="serviceProperties"/>
</bean>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="$singleSignOn.cas.app.url/LORMS/j_spring_cas_security_check"/>
<property name="sendRenew" value="false"/>
</bean>
现在我有了现有的基于表单的登录 UI。我想使用相同的而不是使用 jasig 网络登录屏幕。我找到了这个链接“Using CAS from external link or custom external form”,我可以使用它来使用我的登录 UI。任何人都可以帮助我在我的应用程序中与 spring security 集成吗?
【问题讨论】:
【参考方案1】:集成应用程序后,您可以更改和编辑 casviewpage.jsp。您可以更改所有 UI。您使用默认的 casview.jsp 并对其进行编辑。为什么不想编辑 casview.jsp?
【讨论】:
CAS 服务器提供了开箱即用的方式来替换他们的 UI,只需传递参数“auto=true”那么为什么要投入精力来替换 UI?以上是关于具有自定义外部表单和弹簧安全性的 CAS 身份验证的主要内容,如果未能解决你的问题,请参考以下文章