CAS服务器认证成功后,如何使Spring安全将用户重定向到原始请求的页面
Posted
技术标签:
【中文标题】CAS服务器认证成功后,如何使Spring安全将用户重定向到原始请求的页面【英文标题】:How to make Spring security to redirect user to the original requested page after successfully authenticated by the CAS server 【发布时间】:2020-04-25 04:33:50 【问题描述】:我有一个 Spring Boot RESTFul Web 应用程序,它使用 CAS 服务器进行企业单点登录。如果未登录的用户尝试访问安全页面,则该用户将被重定向到 CAS 服务器进行身份验证。身份验证成功后,用户将被重定向到 Spring Boot RESTFul Web 应用程序的主页 - 而不是安全页面,用户尝试访问。我们如何直接将用户重定向到用户登录成功后想要访问的安全页面?
spring-security-cas-client用于实现CAS认证。实现 AuthenticationSuccessHandler 以将 UseReferer 设置为 true。 spring安全配置类如下:
package com.example.app
import java.util.Arrays;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutFilter;
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter
private AuthenticationProvider authenticationProvider;
private AuthenticationEntryPoint authenticationEntryPoint;
private SingleSignOutFilter singleSignOutFilter;
private LogoutFilter logoutFilter;
@Autowired
public SecurityConfig(CasAuthenticationProvider casAuthenticationProvider,
AuthenticationEntryPoint
eP,
LogoutFilter lF
, SingleSignOutFilter ssF
)
this.authenticationProvider = casAuthenticationProvider;
this.authenticationEntryPoint = eP;
this.logoutFilter = lF;
this.singleSignOutFilter = ssF;
@Override
protected void configure(HttpSecurity http) throws Exception
http
.authorizeRequests()
.antMatchers("/api/**", "/path-1", "/path-2")
.authenticated()
.and()
.authorizeRequests()
.regexMatchers("/")
.permitAll()
.and()
.httpBasic()
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.logout().logoutSuccessUrl("/logout")
.and()
.addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class)
.addFilterBefore(logoutFilter, LogoutFilter.class);
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
auth.authenticationProvider(authenticationProvider);
@Override
protected AuthenticationManager authenticationManager() throws Exception
return new ProviderManager(Arrays.asList(authenticationProvider));
@Bean
public CasAuthenticationFilter casAuthenticationFilter(ServiceProperties sP) throws Exception
CasAuthenticationFilter filter = new CasAuthenticationFilter();
filter.setServiceProperties(sP);
filter.setAuthenticationManager(authenticationManager());
return filter;
@Bean
public AuthenticationSuccessHandler successHandler()
SimpleUrlAuthenticationSuccessHandler handler = new SimpleUrlAuthenticationSuccessHandler();
handler.setUseReferer(true);
return handler;
【问题讨论】:
【参考方案1】:使用SavedRequestAwareAuthenticationSuccessHandler 代替SimpleUrlAuthenticationSuccessHandler 可能会帮助您实现重定向。
@Bean
public AuthenticationSuccessHandler successHandler()
SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
handler.setTargetUrlParameter("redirectTo");
handler.setDefaultTargetUrl("/");
return handler;
【讨论】:
以上是关于CAS服务器认证成功后,如何使Spring安全将用户重定向到原始请求的页面的主要内容,如果未能解决你的问题,请参考以下文章
通过 Spring Security 和 CAS 登录后,如何在非安全 JSP 页面上显示登录用户详细信息?