Spring Security CAS导致重定向循环

时间:2013-02-14 19:28:38

标签: spring-security

我正在使用CAS SSO为我的应用程序验证用户身份。但是在CAS登录页面登录后,我的应用程序网页会引发重定向循环错误。

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">

<security:http entry-point-ref="casEntryPoint"
    auto-config="true">
    <security:intercept-url pattern="/**" access="ROLE_USER" />     
    <security:custom-filter position="CAS_FILTER"
        ref="casFilter"></security:custom-filter>
</security:http>

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider
        ref="casAuthenticationProvider" />
</security:authentication-manager>

<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
    <property name="service" value="http://127.0.0.1:8888/pp.html?gwt.codesvr=127.0.0.1:9997" />
    <property name="sendRenew" value="false" />
</bean>

<bean id="casFilter"
    class="org.springframework.security.cas.web.CasAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager" />
</bean>

<bean id="casEntryPoint"
    class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
    <property name="loginUrl" value="https://seqdws1/cas/login" />
    <property name="serviceProperties" ref="serviceProperties" />
</bean>

<bean id="casAuthenticationProvider"
    class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
    <property name="userDetailsService" ref="userService" />
    <property name="serviceProperties" ref="serviceProperties" />
    <property name="ticketValidator">
        <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
            <constructor-arg index="0" value="https://seqdws1/cas" />
        </bean>
    </property>
    <property name="key" value="cas" />
</bean>

<security:user-service id="userService">
    <security:user name="joe" password="joe" authorities="ROLE_USER" />
</security:user-service>

</beans>

我是否必须实施pre auth方案。我对这个春天安全非常新。有人可以解释我在这里缺少的东西。

The error page after logging in

0 个答案:

没有答案