如何使CAS返回到正确的Spring页面

时间:2012-06-22 19:48:18

标签: spring spring-security cas

如何更改下面的XML文件以使CAS返回到正确的Spring。如果用户转到https://wcmisdlin07.uftmasterad.org:8443/MemberInquiry/requests/add.html但未登录,则转到CAS服务器但返回https://wcmisdlin07.uftmasterad.org:8443/MemberInquiry而不是https://wcmisdlin07.uftmasterad.org:8443/MemberInquiry/requests/add.html如何解决此问题

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
    xmlns="http://www.springframework.org/schema/security"
    xmlns:p="http://www.springframework.org/schema/p"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:util="http://www.springframework.org/schema/util"
    xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">

    <http entry-point-ref="casEntryPoint" use-expressions="true">
        <intercept-url pattern="/" access="permitAll"/>

        <intercept-url pattern="/index.jsp" access="permitAll"/>
        <intercept-url pattern="/cas-logout.jsp" access="permitAll"/>
        <intercept-url pattern="/casfailed.jsp" access="permitAll"/>

        <intercept-url pattern="/secure/**" access="hasRole('ROLE_USER')" />
        <intercept-url pattern="/requests/**" access="hasRole('ROLE_MEMBER_INQUIRY')" />

        <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
        <custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
        <custom-filter ref="casFilter" position="CAS_FILTER" />

        <logout logout-success-url="/cas-logout.jsp"/>
    </http>

    <authentication-manager alias="authManager">
        <authentication-provider ref="casAuthProvider" />
    </authentication-manager>

    <user-service id="userService">
        <user name="rod" password="rod" authorities="ROLE_SUPERVISOR,ROLE_USER" />
        <user name="cpilling04@aol.com.dev" password="testing" authorities="ROLE_MEMBER_INQUIRY" />
    </user-service>

    <!-- This filter handles a Single Logout Request from the CAS Server -->
    <b:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
    <!-- This filter redirects to the CAS Server to signal Single Logout should be performed -->
    <b:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"
        p:filterProcessesUrl="/j_spring_cas_security_logout">
        <b:constructor-arg value="https://${cas.server.host}/cas-server-webapp/logout"/>
        <b:constructor-arg>
            <b:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
        </b:constructor-arg>
    </b:bean>

    <b:bean id="serviceProperties"
        class="org.springframework.security.cas.ServiceProperties"
        p:service="https://${cas.service.host}/MemberInquiry/j_spring_cas_security_check"
        p:authenticateAllArtifacts="true"/>

    <b:bean id="casEntryPoint"
        class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"
        p:serviceProperties-ref="serviceProperties" p:loginUrl="https://${cas.server.host}/cas-server-webapp/login" />

    <b:bean id="casFilter"
        class="org.springframework.security.cas.web.CasAuthenticationFilter"
        p:authenticationManager-ref="authManager"
        p:serviceProperties-ref="serviceProperties"
        p:proxyGrantingTicketStorage-ref="pgtStorage"
        p:proxyReceptorUrl="/j_spring_cas_security_proxyreceptor">
        <b:property name="authenticationDetailsSource">
            <b:bean class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource"/>
        </b:property>

        <b:property name="authenticationFailureHandler">
            <b:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
                p:defaultFailureUrl="/casfailed.jsp"/>
        </b:property>
    </b:bean>
    <!--
        NOTE: In a real application you should not use an in memory implementation. You will also want
              to ensure to clean up expired tickets by calling ProxyGrantingTicketStorage.cleanup()
     -->
    <b:bean id="pgtStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl"/>
    <b:bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"
        p:serviceProperties-ref="serviceProperties"
        p:key="casAuthProviderKey">
        <b:property name="authenticationUserDetailsService">
            <b:bean
                class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
                <b:constructor-arg ref="userService" />
            </b:bean>
        </b:property>
        <b:property name="ticketValidator">
            <b:bean
                class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"
                p:acceptAnyProxy="true"
                p:proxyCallbackUrl="https://${cas.service.host}/MemberInquiry/j_spring_cas_security_proxyreceptor"
                p:proxyGrantingTicketStorage-ref="pgtStorage">
                <b:constructor-arg value="https://${cas.server.host}/cas-server-webapp" />
            </b:bean>
        </b:property>
        <b:property name="statelessTicketCache">
            <b:bean class="org.springframework.security.cas.authentication.EhCacheBasedTicketCache">
                <b:property name="cache">
                    <b:bean class="net.sf.ehcache.Cache"
                      init-method="initialise"
                      destroy-method="dispose">
                        <b:constructor-arg value="casTickets"/>
                        <b:constructor-arg value="50"/>
                        <b:constructor-arg value="true"/>
                        <b:constructor-arg value="false"/>
                        <b:constructor-arg value="3600"/>
                        <b:constructor-arg value="900"/>
                    </b:bean>
                </b:property>
            </b:bean>
        </b:property>
    </b:bean>

    <!-- Configuration for the environment can be overriden by system properties -->
    <context:property-placeholder system-properties-mode="OVERRIDE" properties-ref="environment"/>

    <util:properties id="environment">
        <b:prop key="cas.service.host">wcmisdlin07.uftmasterad.org:8443</b:prop>
        <b:prop key="cas.server.host">wcmisdlin07.uftmasterad.org:8443</b:prop>
    </util:properties>


</b:beans>

1 个答案:

答案 0 :(得分:4)

只需将一个SavedRequestAwareAuthenticationSuccessHandler添加到您的casFilter,它会在发生身份验证之前将请求保存在请求缓存中,然后重定向到原始目标。如果没有找到DefaultSavedRequest,它会重定向到defaultTargetUrl,它是应用程序的根目录。

 <b:bean id="casFilter"
    class="org.springframework.security.cas.web.CasAuthenticationFilter"
    p:authenticationManager-ref="authManager"
    p:serviceProperties-ref="serviceProperties"
    p:proxyGrantingTicketStorage-ref="pgtStorage"
    p:proxyReceptorUrl="/j_spring_cas_security_proxyreceptor">
    <b:property name="authenticationDetailsSource">
        <b:bean class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource"/>
    </b:property>

    <b:property name="authenticationFailureHandler">
        <b:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
            p:defaultFailureUrl="/casfailed.jsp"/>
    </b:property>

    <b:property name="authenticationSuccessHandler">
       <b:bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"
            p:defaultTargetUrl="/"/>
   </b:property>

</b:bean>