服务器之家

服务器之家 > 正文

Spring Security整合CAS的示例代码

时间:2021-05-13 12:01     来源/作者:乱世浮生

这里使用的是spring-security和原生的jasig cas包来进行整合,为什么没有直接使用spring提供的spring-security-cas,后面会进行解释。

配置

web.xml

?
1
2
3
4
5
6
7
8
9
10
11
12
<filter>
 <filter-name>casfilterchain</filter-name>
 <filter-class>org.springframework.web.filter.delegatingfilterproxy</filter-class>
</filter>
<filter-mapping>
 <filter-name>casfilterchain</filter-name>
 <url-pattern>/*</url-pattern>
</filter-mapping>
 
<listener>
 <listener-class>org.jasig.cas.client.session.singlesignouthttpsessionlistener</listener-class>
</listener>

applicationcontext-security.xml

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<?xml version="1.0" encoding="utf-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"
  xmlns:security="http://www.springframework.org/schema/security"
  xmlns:util="http://www.springframework.org/schema/util"
  xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
  http://www.springframework.org/schema/security
  http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
 
 <bean id="casfilterchain" class="org.springframework.security.web.filterchainproxy">
  <constructor-arg>
   <util:list>
    <security:filter-chain pattern="/**" filters="singlesignoutfilter, cas20proxyreceivingticketvalidationfilter, authenticationfilter, httpservletrequestwrapperfilter, assertionthreadlocalfilter"/>
   </util:list>
  </constructor-arg>
 </bean>
 
 <bean id="singlesignoutfilter" class="org.jasig.cas.client.session.singlesignoutfilter"/>
 
 <bean id="cas20proxyreceivingticketvalidationfilter"
   class="org.jasig.cas.client.validation.cas20proxyreceivingticketvalidationfilter">
  <property name="servername" value="${client.url}"/>
  <property name="ticketvalidator" ref="cas20serviceticketvalidator"/>
 </bean>
 
 <bean id="cas20serviceticketvalidator" class="org.jasig.cas.client.validation.cas20serviceticketvalidator">
  <constructor-arg value="${cas.url}"/>
  <property name="renew" value="false"/>
 </bean>
 
 <bean id="authenticationfilter" class="org.jasig.cas.client.authentication.authenticationfilter">
  <property name="renew" value="false"/>
  <property name="casserverloginurl" value="${cas.url}"/>
  <property name="servername" value="${client.url}"/>
 </bean>
 
 <bean id="httpservletrequestwrapperfilter" class="org.jasig.cas.client.util.httpservletrequestwrapperfilter"/>
 
 <bean id="assertionthreadlocalfilter" class="org.jasig.cas.client.util.assertionthreadlocalfilter"/>
 
</beans>

properties

?
1
2
3
4
#cas服务地址
cas.url=https://cas.example.com:8443
#cas客户端地址,就是本应用的地址
client.url=http://localhost:8080

分析

在applicationcontext-security.xml中的security filter chain中,我们使用了5个filter,分别是:singlesignoutfilter、cas20proxyreceivingticketvalidationfilter、authenticationfilter、httpservletrequestwrapperfilter、assertionthreadlocalfilter。

为什么不用spring-security-cas

spring-security-cas

在spring-security-cas中负责ticket validator filter使用的是org.springframework.security.cas.authentication.casauthenticationprovider。

?
1
2
3
4
private casauthenticationtoken authenticatenow(final authentication authentication) throws authenticationexception {
 try {
  final assertion assertion = this.ticketvalidator.validate(authentication.getcredentials().tostring(), getserviceurl(authentication));
  ...

在构建validator的validator方法的第二个参数时

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
private string getserviceurl(authentication authentication) {
 string serviceurl;
 if(authentication.getdetails() instanceof serviceauthenticationdetails) {
  serviceurl = ((serviceauthenticationdetails)authentication.getdetails()).getserviceurl();
 }else if(serviceproperties == null){
  throw new illegalstateexception("serviceproperties cannot be null unless authentication.getdetails() implements serviceauthenticationdetails.");
 }else if(serviceproperties.getservice() == null){
  throw new illegalstateexception("serviceproperties.getservice() cannot be null unless authentication.getdetails() implements serviceauthenticationdetails.");
 }else {
  serviceurl = serviceproperties.getservice();
 }
 if(logger.isdebugenabled()) {
  logger.debug("serviceurl = "+serviceurl);
 }
 return serviceurl;
}

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持服务器之家。

原文链接:http://atbug.com/spring-security-integrated-with-cas/

标签:

相关文章

热门资讯

2020微信伤感网名听哭了 让对方看到心疼的伤感网名大全
2020微信伤感网名听哭了 让对方看到心疼的伤感网名大全 2019-12-26
yue是什么意思 网络流行语yue了是什么梗
yue是什么意思 网络流行语yue了是什么梗 2020-10-11
背刺什么意思 网络词语背刺是什么梗
背刺什么意思 网络词语背刺是什么梗 2020-05-22
苹果12mini价格表官网报价 iPhone12mini全版本价格汇总
苹果12mini价格表官网报价 iPhone12mini全版本价格汇总 2020-11-13
2021德云社封箱演出完整版 2021年德云社封箱演出在线看
2021德云社封箱演出完整版 2021年德云社封箱演出在线看 2021-03-15
返回顶部