这里使用的是spring-security和原生的jasig cas包来进行整合,为什么没有直接使用spring提供的spring-security-cas,后面会进行解释。
配置
web.xml
1
2
3
4
5
6
7
8
9
10
11
12
|
<filter> <filter-name>casfilterchain</filter-name> <filter- class >org.springframework.web.filter.delegatingfilterproxy</filter- class > </filter> <filter-mapping> <filter-name>casfilterchain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener- class >org.jasig.cas.client.session.singlesignouthttpsessionlistener</listener- class > </listener> |
applicationcontext-security.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
<?xml version= "1.0" encoding= "utf-8" ?> <beans xmlns= "http://www.springframework.org/schema/beans" xmlns:xsi= "http://www.w3.org/2001/xmlschema-instance" xmlns:security= "http://www.springframework.org/schema/security" xmlns:util= "http://www.springframework.org/schema/util" xsi:schemalocation="http: //www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http: //www.springframework.org/schema/security http: //www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"> <bean id= "casfilterchain" class = "org.springframework.security.web.filterchainproxy" > <constructor-arg> <util:list> <security:filter-chain pattern= "/**" filters= "singlesignoutfilter, cas20proxyreceivingticketvalidationfilter, authenticationfilter, httpservletrequestwrapperfilter, assertionthreadlocalfilter" /> </util:list> </constructor-arg> </bean> <bean id= "singlesignoutfilter" class = "org.jasig.cas.client.session.singlesignoutfilter" /> <bean id= "cas20proxyreceivingticketvalidationfilter" class = "org.jasig.cas.client.validation.cas20proxyreceivingticketvalidationfilter" > <property name= "servername" value= "${client.url}" /> <property name= "ticketvalidator" ref= "cas20serviceticketvalidator" /> </bean> <bean id= "cas20serviceticketvalidator" class = "org.jasig.cas.client.validation.cas20serviceticketvalidator" > <constructor-arg value= "${cas.url}" /> <property name= "renew" value= "false" /> </bean> <bean id= "authenticationfilter" class = "org.jasig.cas.client.authentication.authenticationfilter" > <property name= "renew" value= "false" /> <property name= "casserverloginurl" value= "${cas.url}" /> <property name= "servername" value= "${client.url}" /> </bean> <bean id= "httpservletrequestwrapperfilter" class = "org.jasig.cas.client.util.httpservletrequestwrapperfilter" /> <bean id= "assertionthreadlocalfilter" class = "org.jasig.cas.client.util.assertionthreadlocalfilter" /> </beans> |
properties
1
2
3
4
|
#cas服务地址 cas.url=https: //cas.example.com:8443 #cas客户端地址,就是本应用的地址 client.url=http: //localhost:8080 |
分析
在applicationcontext-security.xml中的security filter chain中,我们使用了5个filter,分别是:singlesignoutfilter、cas20proxyreceivingticketvalidationfilter、authenticationfilter、httpservletrequestwrapperfilter、assertionthreadlocalfilter。
为什么不用spring-security-cas
spring-security-cas
在spring-security-cas中负责ticket validator filter使用的是org.springframework.security.cas.authentication.casauthenticationprovider。
1
2
3
4
|
private casauthenticationtoken authenticatenow( final authentication authentication) throws authenticationexception { try { final assertion assertion = this .ticketvalidator.validate(authentication.getcredentials().tostring(), getserviceurl(authentication)); ... |
在构建validator的validator方法的第二个参数时
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
private string getserviceurl(authentication authentication) { string serviceurl; if (authentication.getdetails() instanceof serviceauthenticationdetails) { serviceurl = ((serviceauthenticationdetails)authentication.getdetails()).getserviceurl(); } else if (serviceproperties == null ){ throw new illegalstateexception( "serviceproperties cannot be null unless authentication.getdetails() implements serviceauthenticationdetails." ); } else if (serviceproperties.getservice() == null ){ throw new illegalstateexception( "serviceproperties.getservice() cannot be null unless authentication.getdetails() implements serviceauthenticationdetails." ); } else { serviceurl = serviceproperties.getservice(); } if (logger.isdebugenabled()) { logger.debug( "serviceurl = " +serviceurl); } return serviceurl; } |
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持服务器之家。
原文链接:http://atbug.com/spring-security-integrated-with-cas/