通过CAS服务器验证spring web应用程序

时间:2016-12-13 04:36:35

标签: java spring-security cas

我在服务器上安装了CAS服务器。 (在apache tomcat中部署战争)。我在CAS服务器上有用户信息,如用户名和密码。 (将来它将连接到用户凭证的LDAP或简单关系数据库。问题在这里。我想通过这个CAS服务器验证我的spring应用程序,但是我找不到任何适当的弹簧安全配置。我的配置文件是:

        @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable()
            .authorizeRequests()
                .antMatchers("/assets","/css", "/js","/font-awesome","/bootstrap","/images").permitAll()
                .antMatchers("/", "/home").authenticated()
//                .antMatchers("/hi").access("hasRole('ROLE_SUBSCRIPTION') or hasRole('ROLE_ADMIN')")
                .antMatchers("/edit").authenticated()
//                .antMatchers("/playlists/*").authenticated()
//                .antMatchers("/createplaylist").authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
            .logout()
                .permitAll();
    }

    @Bean
    public ServiceProperties serviceProperties() {
        ServiceProperties sp = new ServiceProperties();
        sp.setService(env.getRequiredProperty(CAS_SERVICE_URL));
        sp.setSendRenew(false);
        return sp;
    }
    @Bean
    public Set<String> adminList() {
        Set<String> admins = new HashSet<String>();
        String adminUserName = env.getProperty(APP_ADMIN_USER_NAME);

        admins.add("admin");
        if (adminUserName != null && !adminUserName.isEmpty()) {
            admins.add(adminUserName);
        }
        return admins;
    }

    @Bean
    public AuthenticationUserDetailsService<CasAssertionAuthenticationToken> customUserDetailsService() {
        return new CustomUserDetailsService(adminList());
    }
    @Bean
    public CasAuthenticationProvider casAuthenticationProvider() {
        CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
//        casAuthenticationProvider.setAuthenticationUserDetailsService(customUserDetailsService());
//        casAuthenticationProvider.setServiceProperties(serviceProperties());
        casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
//        casAuthenticationProvider.setKey("an_id_for_this_auth_provider_only");
        return casAuthenticationProvider;
    }
    @Bean
    public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
        return new Cas20ServiceTicketValidator(env.getRequiredProperty(CAS_URL_PREFIX));
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
//        auth.inMemoryAuthentication().withUser("admin").password("admin").roles("ADMIN");
        auth.authenticationProvider(casAuthenticationProvider());
    }

3 个答案:

答案 0 :(得分:0)

您可能希望使用pac4j轻松配置:https://github.com/pac4j/spring-security-pac4jhttp://www.pac4j.org/1.9.x/docs/clients/cas.html

示例:https://github.com/pac4j/spring-security-pac4j-demo/blob/master/src/main/resources/securityContext.xml#L158https://github.com/pac4j/spring-security-pac4j-boot-demo/blob/master/src/main/java/org/pac4j/demo/spring/SecurityConfig.java#L244

答案 1 :(得分:0)

@ kaveh.n 我希望您在访问服务时收到403错误。如果这是您的问题,则身份验证入口点是配置中缺少的部分。请按照spring教程进行配置 http://docs.spring.io/spring-security/site/docs/3.1.4.RELEASE/reference/cas.html#cas-how-it-works

答案 2 :(得分:0)

好吧,我在GitHub上为Cas客户端找到了一个简单的自动配置,弹簧只有两个动作:) 首先添加依赖项 第二个只是添加一个注释 https://github.com/Unicon/cas-client-autoconfig-support

相关问题
最新问题