我已经成功设置了CAS服务器。我想验证用户的安全服务(在spring应用程序中),因此使用RESTful API来获取用户的票证。我可以通过两步调用cas / v1 / ticket和cas / v1 / tickets / {TGT}获得安全服务的票证,但是当我尝试使用生成的票证调用该服务时
localhost:8080 / secure1?ticket?ST-ttyyy ...“它返回cas登录页面的响应内容。
我想,我的配置中缺少一点
我的spring应用程序的“services.xml”或cas配置。
Spring app settings.xml
<bean id="pgtStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl"/>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="http://localhost:8080/EFormRestServer/business/user/10000007" />
<property name="sendRenew" value="false" />
<property name="artifactParameter" value="ticket"/>
</bean>
<security:http create-session="stateless" use-expressions="true" entry-point-ref="casEntryPoint">
<security:anonymous enabled="true" />
<security:custom-filter position="CAS_FILTER" ref="casFilter" />
</security:http>
<bean id="casFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="proxyGrantingTicketStorage" ref="pgtStorage"/>
<property name="proxyReceptorUrl" value="/business/test"/>
<property name="serviceProperties" ref="serviceProperties"/>
<property name="authenticationDetailsSource">
<bean class=
"org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource"/>
</property>
</bean>
<bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl"
value="http://localhost:8080/cas/login" />
<property name="serviceProperties" ref="serviceProperties" />
</bean>
<!-- To delegate authorization to method calls rather than to urls -->
<!-- (Thus, we don't need to set any url-interceptor in this conf) -->
<security:global-method-security pre-post-annotations="enabled" />
<bean id="restAuthenticationEntryPoint" class="com.eform.rest.service.RESTAuthenticationEntryPoint" />
<bean id="myFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="userDetailsService" ref="userService" />
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator">
<constructor-arg value="https://localhost:8443/cas"/>
<property name="proxyCallbackUrl"
value="localhost:8080/EFormRestServer/business"/>
<property name="proxyGrantingTicketStorage" ref="pgtStorage"/>
</bean>
</property>
<property name="statelessTicketCache">
<bean class="org.springframework.security.cas.authentication.EhCacheBasedTicketCache">
<property name="cache">
<bean class="net.sf.ehcache.Cache"
init-method="initialise" destroy-method="dispose">
<constructor-arg value="casTickets"/>
<constructor-arg value="50"/>
<constructor-arg value="true"/>
<constructor-arg value="false"/>
<constructor-arg value="3600"/>
<constructor-arg value="900"/>
</bean>
</property>
</bean>
</property>
<property name="key" value="an_id_for_this_auth_provider_only" />
</bean>
<bean name="http403ForbiddenEntryPoint"
class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="casAuthenticationProvider" />
</security:authentication-manager>
<security:jdbc-user-service id="userService"
data-source-ref="dataSource"
users-by-username-query="select user_name, password, true from user where user_name = ?"
authorities-by-username-query="select u.user_name, r.role from user u,user_role r where u.role_id=r.role and user_name = ?" />
请帮我解决这个问题。
由于
答案 0 :(得分:1)
在与我的研究demo进行比较后,我认为你错过了以下配置:
<bean id="serviceProperties"
class="org.springframework.security.cas.ServiceProperties">
...
<property name="authenticateAllArtifacts" value="true"/>
</bean>
请参阅Spring Security参考文档22.3.4 Proxy Ticket Authentication。