Spring Security整合CAS的示例代码_Java教程

Spring Security整合CAS的示例代码

2021-05-13 12:01乱世浮生 Java教程

本篇文章主要介绍了Spring Security整合CAS的示例代码，小编觉得挺不错的，现在分享给大家，也给大家做个参考。一起跟随小编过来看看吧

这里使用的是spring-security和原生的jasig cas包来进行整合，为什么没有直接使用spring提供的spring-security-cas，后面会进行解释。

配置

web.xml

				?

									<filter>

									 <filter-name>casfilterchain</filter-name>

									 <filter-class>org.springframework.web.filter.delegatingfilterproxy</filter-class>

									</filter>

									<filter-mapping>

									 <filter-name>casfilterchain</filter-name>

									 <url-pattern>/*</url-pattern>

									</filter-mapping>

									<listener>

									 <listener-class>org.jasig.cas.client.session.singlesignouthttpsessionlistener</listener-class>

									</listener>

applicationcontext-security.xml

				?

									<?xml version="1.0" encoding="utf-8"?>

									<beans xmlns="http://www.springframework.org/schema/beans"

									  xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"

									  xmlns:security="http://www.springframework.org/schema/security"

									  xmlns:util="http://www.springframework.org/schema/util"

									  xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd

									  http://www.springframework.org/schema/security

									  http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">

									 <bean id="casfilterchain" class="org.springframework.security.web.filterchainproxy">

									  <constructor-arg>

									   <util:list>

									    <security:filter-chain pattern="/**" filters="singlesignoutfilter, cas20proxyreceivingticketvalidationfilter, authenticationfilter, httpservletrequestwrapperfilter, assertionthreadlocalfilter"/>

									   </util:list>

									  </constructor-arg>

									 </bean>

									 <bean id="singlesignoutfilter" class="org.jasig.cas.client.session.singlesignoutfilter"/>

									 <bean id="cas20proxyreceivingticketvalidationfilter"

									   class="org.jasig.cas.client.validation.cas20proxyreceivingticketvalidationfilter">

									  <property name="servername" value="${client.url}"/>

									  <property name="ticketvalidator" ref="cas20serviceticketvalidator"/>

									 </bean>

									 <bean id="cas20serviceticketvalidator" class="org.jasig.cas.client.validation.cas20serviceticketvalidator">

									  <constructor-arg value="${cas.url}"/>

									  <property name="renew" value="false"/>

									 </bean>

									 <bean id="authenticationfilter" class="org.jasig.cas.client.authentication.authenticationfilter">

									  <property name="renew" value="false"/>

									  <property name="casserverloginurl" value="${cas.url}"/>

									  <property name="servername" value="${client.url}"/>

									 </bean>

									 <bean id="httpservletrequestwrapperfilter" class="org.jasig.cas.client.util.httpservletrequestwrapperfilter"/>

									 <bean id="assertionthreadlocalfilter" class="org.jasig.cas.client.util.assertionthreadlocalfilter"/>

									</beans>

properties

				?

									#cas服务地址

									cas.url=https://cas.example.com:8443

									#cas客户端地址，就是本应用的地址

									client.url=http://localhost:8080

分析

在applicationcontext-security.xml中的security filter chain中，我们使用了5个filter，分别是：singlesignoutfilter、cas20proxyreceivingticketvalidationfilter、authenticationfilter、httpservletrequestwrapperfilter、assertionthreadlocalfilter。

为什么不用spring-security-cas

spring-security-cas

在spring-security-cas中负责ticket validator filter使用的是org.springframework.security.cas.authentication.casauthenticationprovider。

				?

									private casauthenticationtoken authenticatenow(final authentication authentication) throws authenticationexception {

									 try {

									  final assertion assertion = this.ticketvalidator.validate(authentication.getcredentials().tostring(), getserviceurl(authentication));

									  ...

在构建validator的validator方法的第二个参数时

				?

									private string getserviceurl(authentication authentication) {

									 string serviceurl;

									 if(authentication.getdetails() instanceof serviceauthenticationdetails) {

									  serviceurl = ((serviceauthenticationdetails)authentication.getdetails()).getserviceurl();

									 }else if(serviceproperties == null){

									  throw new illegalstateexception("serviceproperties cannot be null unless authentication.getdetails() implements serviceauthenticationdetails.");

									 }else if(serviceproperties.getservice() == null){

									  throw new illegalstateexception("serviceproperties.getservice() cannot be null unless authentication.getdetails() implements serviceauthenticationdetails.");

									 }else {

									  serviceurl = serviceproperties.getservice();

									 }

									 if(logger.isdebugenabled()) {

									  logger.debug("serviceurl = "+serviceurl);

									 }

									 return serviceurl;

									}