使用CAS RESTful API票证验证用户的安全弹簧服务

时间:2013-08-10 10:11:01

标签: cas

我已经成功设置了CAS服务器。我想验证用户的安全服务(在spring应用程序中),因此使用RESTful API来获取用户的票证。我可以通过两步调用cas / v1 / ticket和cas / v1 / tickets / {TGT}获得安全服务的票证,但是当我尝试使用生成的票证调用该服务时

localhost:8080 / secure1?ticket?ST-ttyyy ...“它返回cas登录页面的响应内容。

我想,我的配置中缺少一点

我的spring应用程序的“services.xml”或cas配置。

Spring app settings.xml

<bean id="pgtStorage"     class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl"/>

    <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
        <property name="service" value="http://localhost:8080/EFormRestServer/business/user/10000007" />
        <property name="sendRenew" value="false" />
        <property name="artifactParameter" value="ticket"/>
    </bean>
 <security:http create-session="stateless" use-expressions="true" entry-point-ref="casEntryPoint">        
            <security:anonymous enabled="true" />
            <security:custom-filter position="CAS_FILTER" ref="casFilter" />
        </security:http> 

        <bean id="casFilter"
        class="org.springframework.security.cas.web.CasAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="proxyGrantingTicketStorage" ref="pgtStorage"/>
    <property name="proxyReceptorUrl" value="/business/test"/>
    <property name="serviceProperties" ref="serviceProperties"/>
    <property name="authenticationDetailsSource">
      <bean class=
        "org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource"/>
    </property>
    </bean>
<bean id="casEntryPoint"
        class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
        <property name="loginUrl"
            value="http://localhost:8080/cas/login" />
            <property name="serviceProperties" ref="serviceProperties" />
    </bean>
 <!-- To delegate authorization to method calls rather than to urls -->
 <!-- (Thus, we don't need to set any url-interceptor in this conf) -->
 <security:global-method-security pre-post-annotations="enabled" />
    <bean id="restAuthenticationEntryPoint" class="com.eform.rest.service.RESTAuthenticationEntryPoint" />
    <bean id="myFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager" />
    </bean> 


    <bean id="casAuthenticationProvider"
        class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
        <property name="userDetailsService" ref="userService" />
        <property name="serviceProperties" ref="serviceProperties" />
        <property name="ticketValidator">
      <bean class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator">
        <constructor-arg value="https://localhost:8443/cas"/>
        <property name="proxyCallbackUrl"
            value="localhost:8080/EFormRestServer/business"/>
        <property name="proxyGrantingTicketStorage" ref="pgtStorage"/>
      </bean>
    </property>
    <property name="statelessTicketCache">
      <bean class="org.springframework.security.cas.authentication.EhCacheBasedTicketCache">
        <property name="cache">
          <bean class="net.sf.ehcache.Cache"
              init-method="initialise" destroy-method="dispose">
            <constructor-arg value="casTickets"/>
            <constructor-arg value="50"/>
            <constructor-arg value="true"/>
            <constructor-arg value="false"/>
            <constructor-arg value="3600"/>
            <constructor-arg value="900"/>
          </bean>
        </property>
      </bean>
    </property>
        <property name="key" value="an_id_for_this_auth_provider_only" />
    </bean>
    <bean name="http403ForbiddenEntryPoint"
        class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider
            ref="casAuthenticationProvider" />
    </security:authentication-manager>
    <security:jdbc-user-service id="userService"
        data-source-ref="dataSource"
        users-by-username-query="select user_name, password, true from user where user_name = ?"
        authorities-by-username-query="select u.user_name, r.role from user u,user_role r where u.role_id=r.role and user_name = ?" />

请帮我解决这个问题。

由于

1 个答案:

答案 0 :(得分:1)

在与我的研究demo进行比较后,我认为你错过了以下配置:

<bean id="serviceProperties"
      class="org.springframework.security.cas.ServiceProperties">
  ...
  <property name="authenticateAllArtifacts"       value="true"/>
</bean>

请参阅Spring Security参考文档22.3.4 Proxy Ticket Authentication