我正在尝试将使用LDAP进行身份验证和授权的Spring Web项目迁移到Spring和CAS。我的项目使用LDAP工作得很好,但现在我必须使用CAS ..一旦我更改了XML文件,一切都停止了。
使用LDAP的XML:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xmlns:jee="http://www.springframework.org/schema/jee"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/jee
http://www.springframework.org/schema/jee/spring-jee-3.1.xsd
"
xmlns="http://www.springframework.org/schema/security">
<http auto-config="true" use-expressions="true">
<intercept-url access="hasRole('ROLE_MEMBER_INQUIRY')"
pattern="/requests/**" />
<form-login default-target-url="/requests/add.html" />
</http>
<authentication-manager>
<ldap-authentication-provider
user-search-base="ou=webusers" user-search-filter="(uid={0})">
<password-compare>
<password-encoder ref="passwordEncoder">
</password-encoder>
</password-compare>
</ldap-authentication-provider>
</authentication-manager>
<beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder">
</beans:bean>
<beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg
value="ldaps://dvldap01.uftwf.dev:636/dc=uftwf,dc=dev" />
<beans:property name="userDn" value="cn=Manager,dc=uftwf,dc=dev" />
<beans:property name="password" value="uftwf" />
</beans:bean>
<beans:bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource" />
<beans:property name="userDnPatterns">
<beans:list>
<beans:value>
uid={0},ou=webusers
</beans:value>
</beans:list>
</beans:property>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource" />
<beans:constructor-arg value="ou=groups" />
<beans:property name="groupRoleAttribute" value="ou" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<ldap-server url="ldaps://dvldap01.uftwf.dev:636/dc=uftwf,dc=dev" />
<beans:bean id="propertyConfigurer"
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<beans:property name="location" value="classpath:jdbc.properties2" />
</beans:bean>
<beans:bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
> <beans:property name="driverClassName" value="${database.driver}" /> <beans:property
name="url" value="${database.url}" /> <beans:property name="username" value="${database.user}"
/> <beans:property name="password" value="${database.password}" /> <beans:property
name="initialSize" value="5" /> <beans:property name="maxActive" value="10"
/> </beans:bean>
<!--
<beans:bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
> <beans:property name="driverClassName" value="${database.driver}" /> <beans:property
name="url" value="${database.url}" /> <beans:property name="username" value="${database.user}"
/> <beans:property name="password" value="${database.password}" /> <beans:property
name="initialSize" value="5" /> <beans:property name="maxActive" value="10"
/> </beans:bean>
<jee:jndi-lookup id="dataSourcejndi" jndi-name="dataSourcejndi"
lookup-on-startup="false" proxy-interface="javax.sql.DataSource"
cache="true" resource-ref="true" />
<beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean"
lazy-init="true">
<beans:property name="dataSource" ref="dataSourcejndi" />
</beans:bean>
<beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<beans:property name="jndiName" value="java:dataSourcejndi" />
</beans:bean>
<beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<beans:property name="jndiName" value="java:comp/env/jdbc/mi"/>
</beans:bean>
<mvc:annotation-driven />
-->
<!-- <beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<beans:property name="jndiName" value="java:dataSourcejndi" />
</beans:bean>
-->
</beans:beans>
使用CAS的XML:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url access="hasRole('ROLE_MEMBER_INQUIRY')"
pattern="/requests/**" />
<form-login default-target-url="/requests/add.html" />
</http>
<bean id="securityFilter" class="org.springframework.security.util.FilterChainProxy">
<sec:filter-chain-map path-type="ant">
<sec:filter-chain pattern="/images/**" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/css/**" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/js/**" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/403.jsp" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/404.jsp" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/error.jsp" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/**/cas/changePassword.htm*" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/**/cas/login.htm*" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/**/cas/passwordExpired.htm*" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/**/*.html*" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/**"
filters="channelProcessingFilter,httpSessionContextIntegrationFilter,logoutFilter,casSingleSignOutFilter,casProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor"/>
</sec:filter-chain-map>
</bean>
<!-- this is what hooks up the CAS entry point -->
<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref local="casProcessingFilterEntryPoint"/>
</property>
</bean>
<!-- where do I go when I need authentication from CAS-->
<bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">
<property name="loginUrl" value="https://dvjvm11.uftwf.dev:8443/cas-server-webapp/login"/>
<property name="serviceProperties" ref="serviceProperties"/>
</bean>
<!-- defines which roles are allowed to access http resources -->
<bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
**=ROLE_ALLOWED_ROLES_HERE
</value>
</property>
</bean>
<!-- hooks up CAS ticket validator and user details loader -->
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="casAuthenticationProvider"/>
</list>
</property>
</bean>
<!-- supporting class for filterInvocationInterceptor -->
<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<ref local="roleVoter"/>
</list>
</property>
</bean>
<bean id="roleVoter" class="org.springframework.security.vote.RoleVoter">
<property name="rolePrefix" value=""/>
</bean>
<!-- setup method level security using annotations -->
<sec:global-method-security jsr250-annotations="enabled" secured-annotations="enabled"/>
<alias name="authenticationManager" alias="_authenticationManager"/>
<bean id="passwordEncoder" class="org.springframework.security.providers.encoding.ShaPasswordEncoder"/>
<!-- which service (application) am I authenticating -->
<bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
<property name="service" value="https://dvjvm11.uftwf.dev:8443/cas-server-webapp/j_spring_cas_security_check"/>
<property name="sendRenew" value="false"/>
</bean>
<!-- handles a logout request from the CAS server -->
<bean id="casSingleSignOutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
<!-- performs CAS authentication -->
<bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureUrl" value="/403.jsp"/>
<property name="alwaysUseDefaultTargetUrl" value="false"/>
<property name="defaultTargetUrl" value="/"/>
</bean>
<!-- Does the CAS ticket validation and user details loading -->
<bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
<property name="userDetailsService" ref="pickYourUserDetailsServiceImplementation"/>
<property name="serviceProperties" ref="serviceProperties"/>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="https://dvjvm11.uftwf.dev:8443/cas-server-webapp/"/>
</bean>
</property>
<property name="key" value="my_password_for_this_auth_provider_only"/>
</bean>
<!-- Log failed authentication attempts to commons-logging -->
<bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/>
<bean id="httpSessionContextIntegrationFilter"
class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
<bean id="securityContextHolderAwareRequestFilter"
class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
<!-- ===================== SSL SWITCHING ==================== -->
<bean id="channelProcessingFilter" class="org.springframework.security.securechannel.ChannelProcessingFilter">
<property name="channelDecisionManager" ref="channelDecisionManager"/>
<property name="filterInvocationDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
**=REQUIRES_SECURE_CHANNEL
</value>
</property>
</bean>
<bean id="channelDecisionManager" class="org.springframework.security.securechannel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<bean class="org.springframework.security.securechannel.SecureChannelProcessor">
<property name="entryPoint" ref="channelEntryPoint"/>
</bean>
<bean class="org.springframework.security.securechannel.InsecureChannelProcessor">
<property name="entryPoint" ref="channelEntryPoint"/>
</bean>
</list>
</property>
</bean>
<bean id="channelEntryPoint" class="org.springframework.security.securechannel.RetryWithHttpsEntryPoint">
<property name="portMapper" ref="portMapper"/>
</bean>
<bean id="portMapper" class="org.springframework.security.util.PortMapperImpl">
<property name="portMappings">
<map>
<entry key="80" value="443"/>
<entry key="8080" value="8443"/>
<entry key="5580" value="5543"/>
</map>
</property>
</bean>
<!-- Invoked when the user clicks logout -->
<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
<!-- URL redirected to after logout success -->
<constructor-arg value="https://dvjvm11.uftwf.dev:8443/cas-server-webapp/logout"/>
<constructor-arg>
<list>
<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler">
<property name="invalidateHttpSession" value="false"/>
</bean>
</list>
</constructor-arg>
</bean>
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"> <property name="driverClassName" value="${database.driver}" /> <property
name="url" value="${database.url}" /> <property name="username" value="${database.user}"
/> <property name="password" value="${database.password}" /> <property
name="initialSize" value="5" /> <property name="maxActive" value="10"
/> </bean>
</beans>
有人可以告诉我为什么一切都停止了工作
答案 0 :(得分:0)
我不确定你为什么使用securityFilter和http标签。我们像这样使用它
<http use-expressions="true"
request-matcher="ciRegex"
auto-config="false"
disable-url-rewriting="true"
access-denied-page="/denied.page"
entry-point-ref="casProcessingFilterEntryPoint">
[..]
<intercept-url
pattern="/.*"
access="isAuthenticated()" />
[..]
<custom-filter ref="casSingleSignOutFilter" before="CAS_FILTER" />
<custom-filter ref="casAuthenticationFilter" after="CAS_FILTER" />
<custom-filter ref="sessionRegistryFixFilter" after="SESSION_MANAGEMENT_FILTER" />
<logout invalidate-session="true"
logout-success-url="{cas.url}/logout?service=[..]" />
</http>
Andd将您的调用重定向(如果您请求实际上在“isAuthenticated()”子句后面的somethig)到CAS服务器。
从那时起,它就像描述here
一样