Spring Security整合CAS的示例代码
作者:乱世浮生 时间:2023-11-12 19:04:26
这里使用的是spring-security和原生的jasig cas包来进行整合,为什么没有直接使用spring提供的spring-security-cas,后面会进行解释。
配置
web.xml
<filter>
<filter-name>casFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>casFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<bean id="casFilterChain" class="org.springframework.security.web.FilterChainProxy">
<constructor-arg>
<util:list>
<security:filter-chain pattern="/**" filters="singleSignOutFilter, cas20ProxyReceivingTicketValidationFilter, authenticationFilter, httpServletRequestWrapperFilter, assertionThreadLocalFilter"/>
</util:list>
</constructor-arg>
</bean>
<bean id="singleSignOutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
<bean id="cas20ProxyReceivingTicketValidationFilter"
class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter">
<property name="serverName" value="${client.url}"/>
<property name="ticketValidator" ref="cas20ServiceTicketValidator"/>
</bean>
<bean id="cas20ServiceTicketValidator" class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg value="${cas.url}"/>
<property name="renew" value="false"/>
</bean>
<bean id="authenticationFilter" class="org.jasig.cas.client.authentication.AuthenticationFilter">
<property name="renew" value="false"/>
<property name="casServerLoginUrl" value="${cas.url}"/>
<property name="serverName" value="${client.url}"/>
</bean>
<bean id="httpServletRequestWrapperFilter" class="org.jasig.cas.client.util.HttpServletRequestWrapperFilter"/>
<bean id="assertionThreadLocalFilter" class="org.jasig.cas.client.util.AssertionThreadLocalFilter"/>
</beans>
properties
#CAS服务地址
cas.url=https://cas.example.com:8443
#CAS客户端地址,就是本应用的地址
client.url=http://localhost:8080
分析
在applicationContext-security.xml中的security filter chain中,我们使用了5个filter,分别是:singleSignOutFilter、cas20ProxyReceivingTicketValidationFilter、authenticationFilter、httpServletRequestWrapperFilter、assertionThreadLocalFilter。
为什么不用spring-security-cas
spring-security-cas
在spring-security-cas中负责ticket validator filter使用的是org.springframework.security.cas.authentication.CasAuthenticationProvider。
private CasAuthenticationToken authenticateNow(final Authentication authentication) throws AuthenticationException {
try {
final Assertion assertion = this.ticketValidator.validate(authentication.getCredentials().toString(), getServiceUrl(authentication));
...
在构建validator的validator方法的第二个参数时
private String getServiceUrl(Authentication authentication) {
String serviceUrl;
if(authentication.getDetails() instanceof ServiceAuthenticationDetails) {
serviceUrl = ((ServiceAuthenticationDetails)authentication.getDetails()).getServiceUrl();
}else if(serviceProperties == null){
throw new IllegalStateException("serviceProperties cannot be null unless Authentication.getDetails() implements ServiceAuthenticationDetails.");
}else if(serviceProperties.getService() == null){
throw new IllegalStateException("serviceProperties.getService() cannot be null unless Authentication.getDetails() implements ServiceAuthenticationDetails.");
}else {
serviceUrl = serviceProperties.getService();
}
if(logger.isDebugEnabled()) {
logger.debug("serviceUrl = "+serviceUrl);
}
return serviceUrl;
}
来源:http://atbug.com/spring-security-integrated-with-cas/
标签:Spring,Security,CAS
0
投稿猜你喜欢
200行Java代码如何实现依赖注入框架详解
2022-08-28 01:22:42
Java+Swing实现医院管理系统的完整代码
2023-03-17 00:40:21
java使用Hashtable过滤数组中重复值的方法
2023-10-22 06:24:08
SpringBoot读写操作yml配置文件方法
2023-10-11 00:13:03
spring-AOP 及 AOP获取request各项参数操作
2021-11-17 19:43:34
Java中超详细this与super的概念和用法
2021-05-25 19:45:50
JAVA中数组从小到大排序的2种方法实例
2021-10-09 09:46:18
图文精讲java常见分布式事务理论与解决方案
2023-05-22 19:50:10
一天时间用Java写了个飞机大战游戏,朋友直呼高手
2023-12-11 10:51:30
C#根据前台传入实体名称实现动态查询数据
2021-06-17 09:28:43
Java实现单例模式的五种方法介绍
2022-10-20 17:32:56
Git和Maven的子模块简单实践
2023-09-22 01:45:55
Fragment 多层嵌套方法调用问题的解决方案
2023-09-29 08:12:38
c#循环中产生伪随机数
2023-05-17 23:09:40
基于spring-boot和docker-java实现对docker容器的动态管理和监控功能[附完整源码下载]
2022-02-04 00:41:18
一文带你了解Android中的网络请求
2023-08-11 23:46:38
Java操作MongoDB模糊查询和分页查询
2023-03-12 20:31:22
Java抛出异常与自定义异常类应用示例
2022-10-23 01:58:52
C# 数独求解算法的实现
2022-04-04 18:48:57
springMVC如何将controller中Model数据传递到jsp页面
2023-05-25 23:46:58