我已经设法对CAS进行身份验证。但我想调整它来授权角色来防丢失数据库。
一个实际的例子会有所帮助。 这是我当前的配置:
的security.xml
<?xml version="1.0" encoding="UTF-8"?>
<bean:beans xmlns:bean="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http pattern="/resources/**" security="none"/>
<http use-expressions="true" entry-point-ref="casEntryPoint">
<intercept-url pattern="/"
access="permitAll"/>
<intercept-url pattern="/login/*"
access="permitAll"/>
<intercept-url pattern="/logout"
access="permitAll"/>
<intercept-url pattern="/errors/**"
access="permitAll"/>
<intercept-url pattern="/events/"
access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/admin/**"
access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/**"
access="hasRole('ROLE_USER')"/>
<access-denied-handler error-page="/errors/403"/>
<custom-filter ref="casFilter" position="CAS_FILTER"/>
<logout logout-url="/logout"
logout-success-url="/login/form?logout"/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthProvider" />
</authentication-manager>
<user-service id="userDetailsService">
<user name="user1@example.com"
password="user1"
authorities="ROLE_USER"/>
<user name="admin1@example.com"
password="admin1"
authorities="ROLE_USER,ROLE_ADMIN"/>
<user name="ifridman"
password="idan"
authorities="ROLE_USER,ROLE_ADMIN"/>
</user-service>
</bean:beans>
安全-cas.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:task="http://www.springframework.org/schema/task"
xsi:schemaLocation="http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
<bean id="serviceProperties"
class="org.springframework.security.cas.ServiceProperties">
<property name="service"
value="http://${cas.service.host}/calendar/login"/>
</bean>
<!--
Allows changing where the CAS Server and CAS Service are easily
by specifying System Arguments or replacing the values only in one place.
Could also use external properties file -->
<context:property-placeholder
system-properties-mode="OVERRIDE" properties-ref="environment"/>
<util:properties id="environment">
<prop key="cas.service.host">192.168.108.195:8080</prop>
<prop key="cas.server.host">192.168.2.101:8443</prop>
</util:properties>
<!-- sends to the CAS Server, must be in entry-point-ref of security.xml -->
<bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="serviceProperties" ref="serviceProperties"/>
<property name="loginUrl" value="http://${cas.server.host}/cas/login" />
</bean>
<!-- authenticates CAS tickets, must be in custom-filter of security.xml -->
<bean id="casFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="filterProcessesUrl" value="/login"/>
</bean>
<bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="ticketValidator" ref="ticketValidator"/>
<property name="serviceProperties" ref="serviceProperties"/>
<property name="key" value="casJbcpCalendar"/>
<property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/>
</bean>
<bean id="ticketValidator" class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator">
<constructor-arg value="http://${cas.server.host}/cas" />
</bean>
<bean id="authenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<constructor-arg ref="userDetailsService" />
</bean>
</beans>
感谢, 射线。
答案 0 :(得分:-1)
我设法通过实现UserDetailsService并管理我自己的授权逻辑来实现。