acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
来源:互联网 发布:淘宝类目小二群 编辑:程序博客网 时间:2024/04/26 22:26
First, Set SpringSide's web.xml, we use Acegi CAS Filter:
< filter-name > hibernateFilter filter-name >
< url-pattern > /j_acegi_cas_security_check url-pattern >
filter-mapping >
We Should Set Main ACEGI application Context:
1) filterChainProxy should add a cas filter as Acegi's Sample, but here, we reuse
authenticationProcessingFilter, which we act as cas client filter.
class ="org.acegisecurity.util.FilterChainProxy" >
< property name ="filterInvocationDefinitionSource" >
< value >
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,anonymousProcessingFilter,authenticationProcessingFilter,rememberMeProcessingFilter,logoutFilter,channelProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor
value >
property >
bean >
2) authenticationProcessingFilter, of course, play the most important role in this
applicationContext_acegi.xml.
In SpringSide, /admin is protected resource, so defaultTargetUrl protected it
and all those request to the target url must be authenticated by authenticationManager.
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureUrl">
<value>/security/login.jsp?login_error=1value>
property>
<property name="defaultTargetUrl">
<value>/admin/value>
property>
<property name="filterProcessesUrl">
<value>/j_acegi_cas_security_checkvalue>
property>
<property name="rememberMeServices" ref="rememberMeServices"/>
<property name="exceptionMappings">
<value>
org.acegisecurity.userdetails.UsernameNotFoundException=/security/login.jsp?login_error=user_not_found_error
org.acegisecurity.BadCredentialsException=/security/login.jsp?login_error=user_psw_error
org.acegisecurity.concurrent.ConcurrentLoginException=/security/login.jsp?login_error=too_many_user_error
value>
property>
bean>
3) Then, we set all the needed beans in CAS Filter
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref local="casProcessingFilterEntryPoint"/>
property>
bean>
<bean id="casProcessingFilterEntryPoint" class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint">
<property name="loginUrl"><value>https://sourcesite:8443/cas/loginvalue>property>
<property name="serviceProperties"><ref local="serviceProperties"/>property>
bean>
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="casAuthenticationProvider"/>
list>
property>
bean>
<bean id="casAuthenticationProvider" class="org.acegisecurity.providers.cas.CasAuthenticationProvider">
<property name="casAuthoritiesPopulator"><ref bean="casAuthoritiesPopulator"/>property>
<property name="casProxyDecider"><ref local="casProxyDecider"/>property>
<property name="ticketValidator"><ref local="casProxyTicketValidator"/>property>
<property name="statelessTicketCache"><ref local="statelessTicketCache"/>property>
<property name="key"><value>my_password_for_this_auth_provider_onlyvalue>property>
bean>
<bean id="casProxyTicketValidator" class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">
<property name="casValidate"><value>https://sourcesite:8443/cas/proxyValidatevalue>property>
<property name="serviceProperties"><ref local="serviceProperties"/>property>
bean>
<bean id="casProxyDecider" class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets" />
<bean id="serviceProperties" class="org.acegisecurity.ui.cas.ServiceProperties">
<property name="service">
<value>http://gzug:8080/springside/j_acegi_cas_security_checkvalue>
property>
<property name="sendRenew">
<value>falsevalue>
property>
bean>
<bean id="statelessTicketCache" class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache">
<property name="cache">
<bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
property>
<property name="cacheName" value="userCache"/>
bean>
property>
bean>
<bean id="casAuthoritiesPopulator" class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator">
<property name="userDetailsService"><ref local="jdbcDaoImpl"/>property>
bean>
<bean id="casProcessingFilter" class="org.acegisecurity.ui.cas.CasProcessingFilter">
<property name="authenticationManager"><ref local="authenticationManager"/>property>
<property name="authenticationFailureUrl"><value>/casfailed.jspvalue>property>
<property name="defaultTargetUrl"><value>/value>property>
<property name="filterProcessesUrl"><value>/j_acegi_cas_security_checkvalue>property>
bean>
casProcessingFilterEntryPoint is very critical,
loginUrl is the CAS Server's /login url, you should set up your CAS Server(2.0 or 3.0) and config for
those JKS keystore after enable SSL in Tomcat(Tomcat 5.5/conf/server.xml) and place the cacerts that
have the CAS Server's public cert to Acegi Client's JDK/jre/lib/security/
Check serviceProperties to make sure that SpringSide Service url is config as /j_acegi_cas_security_check
because Yale CAS use ticket cache for SSO impl, so we should config for statelessTicketCache
Just use springframework's ehcache for cacheManager.
SpringSide use jdbcDaoImpl which perform database authentication. So I am very happy to use it
as casAuthoritiesPopulator , which will set use detail for the user. And these info are very useful for
application authorization.
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource" ref="dataSource"/>
<property name="usersByUsernameQuery">
<value>
select loginid,passwd,1 from ss_users where status='1' and loginid = ?
value>
property>
<property name="authoritiesByUsernameQuery">
<value>
select u.loginid,p.name from ss_users u,ss_roles r,ss_permissions
p,ss_user_role ur,ss_role_permis rp where u.id=ur.user_id and
r.id=ur.role_id and p.id=rp.permis_id and
r.id=rp.role_id and p.status='1' and u.loginid=?
value>
property>
bean>
There is little difference between casclient 2.0.12 and Acegi, right?
Note that in my env, gzug:8080/springside is bookstore webapp
and sourcesite:8443 is the CAS 3 Server.
Hope for suggestion.....
Trackback: http://tb.blog.csdn.net/TrackBack.aspx?PostId=1503506
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- EhCache在acegi中的应用
- springside acegi
- YALE CAS HTTPS认证方式问题备忘
- Yale CAS(耶鲁集中认证服务)简介
- [webservices开发]XFire在SpringSide中的应用
- CAS及客户端Acegi的安装配置指南
- CAS 统一认证服务器及应用。
- 单点登陆SSO原理介绍
- 终究需要什么呢?
- JavaScript logger: Lumberjack
- MySQL加强对PHP的支持--mysqlnd_php6
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- CAS安全性介绍
- 创建Google Sitemap
- MySQL加强对PHP的支持--mysqlnd_php6
- 我们需要什么呢?
- 中国的LAMP在成长
- 福建PHP社区聚会正式通知 [9.30晚7点,厦门大学 附地点及路线图]
- 《PHP&MORE》 第七期发布
- JavaScript logger: Lumberjack