这篇文章将为大家详细讲解有关如何在Spring Security中使用CAS,文章内容质量较高,因此小编分享给大家做个参考,希望大家阅读完这篇文章后对相关知识有一定的了解。
配置
web.xml
<filter> <filter-name>casFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>casFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener>
applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"> <bean id="casFilterChain" class="org.springframework.security.web.FilterChainProxy"> <constructor-arg> <util:list> <security:filter-chain pattern="/**" filters="singleSignOutFilter, cas20ProxyReceivingTicketValidationFilter, authenticationFilter, httpServletRequestWrapperFilter, assertionThreadLocalFilter"/> </util:list> </constructor-arg> </bean> <bean id="singleSignOutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/> <bean id="cas20ProxyReceivingTicketValidationFilter" class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter"> <property name="serverName" value="${client.url}"/> <property name="ticketValidator" ref="cas20ServiceTicketValidator"/> </bean> <bean id="cas20ServiceTicketValidator" class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <constructor-arg value="${cas.url}"/> <property name="renew" value="false"/> </bean> <bean id="authenticationFilter" class="org.jasig.cas.client.authentication.AuthenticationFilter"> <property name="renew" value="false"/> <property name="casServerLoginUrl" value="${cas.url}"/> <property name="serverName" value="${client.url}"/> </bean> <bean id="httpServletRequestWrapperFilter" class="org.jasig.cas.client.util.HttpServletRequestWrapperFilter"/> <bean id="assertionThreadLocalFilter" class="org.jasig.cas.client.util.AssertionThreadLocalFilter"/> </beans>
properties
#CAS服务地址 cas.url=https://cas.example.com:8443 #CAS客户端地址,就是本应用的地址 client.url=http://localhost:8080
分析
在applicationContext-security.xml中的security filter chain中,我们使用了5个filter,分别是:singleSignOutFilter、cas20ProxyReceivingTicketValidationFilter、authenticationFilter、httpServletRequestWrapperFilter、assertionThreadLocalFilter。
为什么不用spring-security-cas
spring-security-cas
在spring-security-cas中负责ticket validator filter使用的是org.springframework.security.cas.authentication.CasAuthenticationProvider。
private CasAuthenticationToken authenticateNow(final Authentication authentication) throws AuthenticationException { try { final Assertion assertion = this.ticketValidator.validate(authentication.getCredentials().toString(), getServiceUrl(authentication)); ...
在构建validator的validator方法的第二个参数时
private String getServiceUrl(Authentication authentication) { String serviceUrl; if(authentication.getDetails() instanceof ServiceAuthenticationDetails) { serviceUrl = ((ServiceAuthenticationDetails)authentication.getDetails()).getServiceUrl(); }else if(serviceProperties == null){ throw new IllegalStateException("serviceProperties cannot be null unless Authentication.getDetails() implements ServiceAuthenticationDetails."); }else if(serviceProperties.getService() == null){ throw new IllegalStateException("serviceProperties.getService() cannot be null unless Authentication.getDetails() implements ServiceAuthenticationDetails."); }else { serviceUrl = serviceProperties.getService(); } if(logger.isDebugEnabled()) { logger.debug("serviceUrl = "+serviceUrl); } return serviceUrl; }
关于如何在Spring Security中使用CAS就分享到这里了,希望以上内容可以对大家有一定的帮助,可以学到更多知识。如果觉得文章不错,可以把它分享出去让更多的人看到。
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。