我找不到任何有关在我的应用上实施Single Sign Out CAS功能的实际指南。我在SO上尝试了很多答案,但都没有效果(如this和this)。此外,没有使用Java配置找到Spring Security + CAS的示例,所以我也有点迷失。我甚至无法弄清楚这是否是我应该使用的实际URL,因为文档告诉我使用“/ j_spring_security_logout”,这只是将我重定向到空白索引页面,因为我的索引页面正在工作,如果我访问它通常(尽管控制台显示所有正确的请求,如JS和CSS)。非常感谢一些指导,因为我找不到使用Java注释的文档。提前谢谢!
我的WebSecurityConfig:
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<li id="ctl00_EFG" class="current">
<a id="ctl00_SGB" href="http://SGI/EFG">EFG</a>
<ul style="width:535px;">
<li class="top_border">
<a style='color: #d94129; font-weight: bold;' href="http://SGI/EFG/regione-abruzzo" title="EFGAbruzzo">Abruzzo</a>
<ul style="width:100%;">
<li>
<a href="http://SGI/EFG/chieti" title="EFG chieti" rel="nofollow">Chieti</a>
</li>
<li>
<a href="http://SGI/EFG/pescara" title="EFG pescara" rel="nofollow">Pescara</a>
</li>
</ul>
</li>
<li class="top_border"><a style='color: #d94129; font-weight: bold;' href="http://SGI/EFG/regione-valdaosta" title="EFGValDAosta">Val d'Aosta</a>
<ul style="width:100%;">
<li>
<a href="http://SGI/EFG/aosta" title="EFG aosta" rel="nofollow">Aosta</a>
</li>
</ul>
</li>
</ul>
</li>我的Web.xml上的SSOut过滤器,不知道为什么我添加它:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private static String CAS_URL = "https://localhost:8443/cas";
private static String APP_URL = "https://localhost:8443/i9t-YM";
@Bean
public ServiceProperties serviceProperties() {
ServiceProperties serviceProperties = new ServiceProperties();
serviceProperties.setService(APP_URL+"/j_spring_cas_security_check");
serviceProperties.setSendRenew(false);
return serviceProperties;
}
@Bean
public CasAuthenticationProvider casAuthenticationProvider() {
CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
casAuthenticationProvider.setAuthenticationUserDetailsService(authenticationUserDetailsService());
casAuthenticationProvider.setServiceProperties(serviceProperties());
casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
casAuthenticationProvider.setKey("an_id_for_this_auth_provider_only");
return casAuthenticationProvider;
}
@Bean
public AuthenticationUserDetailsService authenticationUserDetailsService() {
return new TestCasAuthenticationUserDetailsService();
}
@Bean
public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
return new Cas20ServiceTicketValidator(CAS_URL);
}
@Bean
public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
casAuthenticationFilter.setAuthenticationManager(authenticationManager());
return casAuthenticationFilter;
}
@Bean
public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
casAuthenticationEntryPoint.setLoginUrl(CAS_URL+"/login");
casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
return casAuthenticationEntryPoint;
}
@Bean
public SingleSignOutFilter SingleSignOutFilter(){
return new SingleSignOutFilter();
}
@Bean
public LogoutFilter requestLogoutFilter(){
SecurityContextLogoutHandler handler = new SecurityContextLogoutHandler();
handler.setClearAuthentication(true);
handler.setInvalidateHttpSession(true);
LogoutFilter logoutFilter = new LogoutFilter(APP_URL, handler);
return logoutFilter;
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(casAuthenticationProvider());
auth.inMemoryAuthentication().withUser("joe").password("joe").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilter(casAuthenticationFilter());
http.exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint());
http.addFilterBefore(requestLogoutFilter(), LogoutFilter.class);
http.addFilterBefore(SingleSignOutFilter(), CasAuthenticationFilter.class);
http.httpBasic().and().authorizeRequests().antMatchers("/index.html", "/home.html", "/login.html", "/")
.permitAll().anyRequest().authenticated()
.and().addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
.csrf().csrfTokenRepository(csrfTokenRepository())
;
http.logout()
.deleteCookies("remove").invalidateHttpSession(true).logoutUrl("cas/logout")
.logoutSuccessUrl("/");
//http.exceptionHandling().accessDeniedPage("/403.html");
}
private CsrfTokenRepository csrfTokenRepository() {
HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
repository.setHeaderName("X-XSRF-TOKEN");
return repository;
}
}
答案 0 :(得分:1)
这是我用于通过cas集成进行Spring Security单次注销的配置:
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />
be performed -->
<bean id="requestSingleLogoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg
value="${cas.server.address}/logout?service=${cas.server.address}" />
<constructor-arg>
<bean
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
</constructor-arg>
<property name="filterProcessesUrl" value="/j_spring_cas_security_logout" />
</bean>
您应该将这些过滤器添加到springSecurityFilterChain:
<sec:filter-chain pattern="/logout*"
filters="securityContextPersistenceFilter,singleLogoutFilter,casAuthenticationFilter" />
<sec:filter-chain pattern="/j_spring_cas_security_logout*"
filters="requestSingleLogoutFilter" />