spring security与cas 集成(中)
来源:互联网 发布:美空军云计算 编辑:程序博客网 时间:2024/06/05 22:49
上一篇对于spring security与cas集成中涉及的名词,认证与授权进行简单说明,现在将spring security与cas集成的配置文件简单贴上来,这其中所需要的jar太多了,主要涉及cas client 3.1,spring security 3.2, spring security-cas client,spring 3.2这几类jar包。
主要配置如下:
web.xml主要内容如下:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>Spring Security CAS Demo Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-security-success.xml
</param-value>
</context-param>
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
spring-security.xml内容如下:其中关于proxy-ticket部分被我注掉了,因为我在实际项目中没有应用,有兴趣的盆友可以测试一下。
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
xmlns="http://www.springframework.org/schema/security" xmlns:p="http://www.springframework.org/schema/p"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<http entry-point-ref="casEntryPoint" >
<intercept-url pattern="/**" access="ROLE_USER" />
<custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
<custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />
<custom-filter ref="casAuthenticationFilter" position="CAS_FILTER" />
<logout logout-success-url="/cas-logout.jsp" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthenticationProvider" />
</authentication-manager>
<user-service id="userService">
<user name="scott" password="scott" authorities="ROLE_USER" />
</user-service>
<b:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />
<b:bean id="requestSingleLogoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter"
p:filterProcessesUrl="/j_spring_cas_security_logout">
<b:constructor-arg value="${cas.server.host}/cas/logout" />
<b:constructor-arg>
<b:bean
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
</b:constructor-arg>
</b:bean>
<b:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"
p:service="${cas.service.host}/j_spring_cas_security_check"
p:authenticateAllArtifacts="true" />
<b:bean id="casAuthenticationFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter"
p:authenticationManager-ref="authenticationManager" p:serviceProperties-ref="serviceProperties">
<!--
<b:property name="proxyGrantingTicketStorage" ref="pgtStorage" />
<b:property name="proxyReceptorUrl" value="/j_spring_cas_security_proxyreceptor"/>
<b:property name="authenticationDetailsSource">
<b:bean
class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource" />
</b:property>
<b:property name="authenticationFailureHandler">
<b:bean
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
p:defaultFailureUrl="/casfailed.jsp" />
</b:property> -->
</b:bean>
<b:bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"
p:serviceProperties-ref="serviceProperties" p:loginUrl="${cas.server.host}/cas/login" />
<!-- NOTE: In a real application you should not use an in memory implementation.
You will also want to ensure to clean up expired tickets by calling ProxyGrantingTicketStorage.cleanup()
<b:bean id="pgtStorage"
class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" /> -->
<b:bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider"
p:serviceProperties-ref="serviceProperties" p:key="casAuthProviderKey">
<b:property name="authenticationUserDetailsService">
<b:bean
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<b:constructor-arg ref="userService" />
</b:bean>
</b:property>
<b:property name="ticketValidator">
<b:bean class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator">
<b:constructor-arg value="${cas.server.host}/cas" />
<!--
<b:property name="acceptAnyProxy" value="true" />
<b:property name="proxyCallbackUrl" value="${cas.service.host}/j_spring_cas_security_proxyreceptor" />
<b:property name="proxyGrantingTicketStorage" ref="pgtStorage" />-->
</b:bean>
</b:property>
<!--
<b:property name="statelessTicketCache">
<b:bean
class="org.springframework.security.cas.authentication.EhCacheBasedTicketCache">
<b:property name="cache">
<b:bean class="net.sf.ehcache.Cache" init-method="initialise"
destroy-method="dispose">
<b:constructor-arg value="casTickets" />
<b:constructor-arg value="50" />
<b:constructor-arg value="true" />
<b:constructor-arg value="false" />
<b:constructor-arg value="3600" />
<b:constructor-arg value="900" />
</b:bean>
</b:property>
</b:bean>
</b:property> -->
</b:bean>
<context:property-placeholder
system-properties-mode="OVERRIDE" properties-ref="environment" />
<util:properties id="environment">
<b:prop key="cas.service.host">http://localhost:8080/securitytest</b:prop>
<b:prop key="cas.server.host">http://localhost:7080</b:prop>
</util:properties>
</b:beans>
这个配置很简单,但是在实际的项目中基本上不能使用,因为用户的授权与资源的管理都是配置在xml文件中,参考spring-security的文档,我们可以找到关于用户授权的部分的功能进行数据库配置的形式,但是关于资源管理的部分是没有的,这样是不能灵活进行系统资源管理。这个涉及到系统功能设计:系统资源管理,系统菜单管理,用户认证,用户授权几部分,后边会分几篇文章来分别完成相应的内容。后面的文章上来的速度可能会很慢,因为我要抽时间来完善我们系统框架,然后将相应的内容分享给大家。
主要配置如下:
web.xml主要内容如下:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>Spring Security CAS Demo Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-security-success.xml
</param-value>
</context-param>
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
spring-security.xml内容如下:其中关于proxy-ticket部分被我注掉了,因为我在实际项目中没有应用,有兴趣的盆友可以测试一下。
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
xmlns="http://www.springframework.org/schema/security" xmlns:p="http://www.springframework.org/schema/p"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<http entry-point-ref="casEntryPoint" >
<intercept-url pattern="/**" access="ROLE_USER" />
<custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
<custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />
<custom-filter ref="casAuthenticationFilter" position="CAS_FILTER" />
<logout logout-success-url="/cas-logout.jsp" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthenticationProvider" />
</authentication-manager>
<user-service id="userService">
<user name="scott" password="scott" authorities="ROLE_USER" />
</user-service>
<b:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />
<b:bean id="requestSingleLogoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter"
p:filterProcessesUrl="/j_spring_cas_security_logout">
<b:constructor-arg value="${cas.server.host}/cas/logout" />
<b:constructor-arg>
<b:bean
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
</b:constructor-arg>
</b:bean>
<b:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"
p:service="${cas.service.host}/j_spring_cas_security_check"
p:authenticateAllArtifacts="true" />
<b:bean id="casAuthenticationFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter"
p:authenticationManager-ref="authenticationManager" p:serviceProperties-ref="serviceProperties">
<!--
<b:property name="proxyGrantingTicketStorage" ref="pgtStorage" />
<b:property name="proxyReceptorUrl" value="/j_spring_cas_security_proxyreceptor"/>
<b:property name="authenticationDetailsSource">
<b:bean
class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource" />
</b:property>
<b:property name="authenticationFailureHandler">
<b:bean
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
p:defaultFailureUrl="/casfailed.jsp" />
</b:property> -->
</b:bean>
<b:bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"
p:serviceProperties-ref="serviceProperties" p:loginUrl="${cas.server.host}/cas/login" />
<!-- NOTE: In a real application you should not use an in memory implementation.
You will also want to ensure to clean up expired tickets by calling ProxyGrantingTicketStorage.cleanup()
<b:bean id="pgtStorage"
class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" /> -->
<b:bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider"
p:serviceProperties-ref="serviceProperties" p:key="casAuthProviderKey">
<b:property name="authenticationUserDetailsService">
<b:bean
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<b:constructor-arg ref="userService" />
</b:bean>
</b:property>
<b:property name="ticketValidator">
<b:bean class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator">
<b:constructor-arg value="${cas.server.host}/cas" />
<!--
<b:property name="acceptAnyProxy" value="true" />
<b:property name="proxyCallbackUrl" value="${cas.service.host}/j_spring_cas_security_proxyreceptor" />
<b:property name="proxyGrantingTicketStorage" ref="pgtStorage" />-->
</b:bean>
</b:property>
<!--
<b:property name="statelessTicketCache">
<b:bean
class="org.springframework.security.cas.authentication.EhCacheBasedTicketCache">
<b:property name="cache">
<b:bean class="net.sf.ehcache.Cache" init-method="initialise"
destroy-method="dispose">
<b:constructor-arg value="casTickets" />
<b:constructor-arg value="50" />
<b:constructor-arg value="true" />
<b:constructor-arg value="false" />
<b:constructor-arg value="3600" />
<b:constructor-arg value="900" />
</b:bean>
</b:property>
</b:bean>
</b:property> -->
</b:bean>
<context:property-placeholder
system-properties-mode="OVERRIDE" properties-ref="environment" />
<util:properties id="environment">
<b:prop key="cas.service.host">http://localhost:8080/securitytest</b:prop>
<b:prop key="cas.server.host">http://localhost:7080</b:prop>
</util:properties>
</b:beans>
这个配置很简单,但是在实际的项目中基本上不能使用,因为用户的授权与资源的管理都是配置在xml文件中,参考spring-security的文档,我们可以找到关于用户授权的部分的功能进行数据库配置的形式,但是关于资源管理的部分是没有的,这样是不能灵活进行系统资源管理。这个涉及到系统功能设计:系统资源管理,系统菜单管理,用户认证,用户授权几部分,后边会分几篇文章来分别完成相应的内容。后面的文章上来的速度可能会很慢,因为我要抽时间来完善我们系统框架,然后将相应的内容分享给大家。
1 0
- spring security与cas 集成(中)
- spring security与cas 集成(中)续
- spring security与cas 集成(上)
- Spring security集成CAS
- Spring Security集成CAS实现单点登录
- spring security 中启用角色继承、ACL与CAS
- 单点登录CAS与Spring Security集成(数据库验证,向客户端发送更多信息)
- 16.玩转Spring Boot 使用Spring security 集成CAS
- spring security+cas 中…
- ssh+spring security+cas搭建(一)
- ssh+spring security+cas搭建(二)
- spring security 整合 CAS
- spring security 整合 CAS
- spring security 整合cas
- spring-security整合CAS
- Spring Security 整合Cas
- spring security cas
- Spring Boot 与 Spring Security 持续集成
- Sql server 没有足够的系统内存来运行此查询
- HDU1002(大数)
- 创建数据库与完成数据增删改查 SQLite数据库
- Myeclipse中怎么设置Servlet模板??
- delphi中combobox键值对
- spring security与cas 集成(中)
- java中的String,StringBuffer和StringBuilder浅谈
- HttpClient使用详解
- 12th.浙江省省赛A题 Ace of Aces
- EL学习
- springmvc学习笔记(16)——重定向和转发
- C++数据结构之线性顺序表基本操作
- 【翻译自mos文章】加大数据库连接数(the Number of Database Connections )
- Android Deeplink 功能实现