我正在使用涉及CAS服务器的项目与使用单点登录(SSO)的其他基于Spring的项目一起工作,但我收到一个涉及Grails spring-security-cas插件的重定向循环(版本:“:spring -security-CAS:2.0-RC1" )。我看过plugin's documentation。我知道CAS重定向问题看起来很常见,但我还没有找到与此类情况相关的帖子。我是Grails和CAS世界的新手,所以我们提前感谢您向正确的方向发展。
访问grails应用程序上的安全页面最初使用适当的服务参数正确地重定向到CAS服务器登录页面:https:// example.com:8443/cas/login?service = http:// example.com :8080 / grailsapp / j_spring_cas_security_check
问题在用户成功登录并且CAS重定向回服务后发生。 grails应用程序中的j_spring_cas_security_check将重定向回https://example.com:8443/cas登录页面,该页面会看到TGC并重定向回服务j_spring_cas_security_check页面,该页面无限制地重定向[直到浏览器发出重定向循环错误]。看起来每次迭代都会创建新的服务票据。
我的Config.groovy有:
grails.plugin.springsecurity.cas.loginUri = /login
grails.plugin.springsecurity.cas.serviceUrl = http://example.com:8080/grailsapp/j_spring_cas_security_check
grails.plugin.springsecurity.cas.serverUrlPrefix = https://example.com:8443/cas
# we aren't using cas with proxy
# logout details not shown here
根据其他问题/答案尝试了不成功的尝试:
cas服务器的日志包括:
=============================================================
WHO: [username: sampleuser]
WHAT: supplied credentials: [username: sampleuser]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Fri Jan 03 23:52:41 GMT 2014
CLIENT IP ADDRESS: XXX.XXX.XXX.XXX
SERVER IP ADDRESS: example.com
=============================================================
=============================================================
WHO: [username: sampleuser]
WHAT: TGT-24-Rttmt5i5raWcV1Z5wZavVopigQc4xeIckEUfMKdG3EwEzI3LUI-cas.service
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Fri Jan 03 23:52:41 GMT 2014
CLIENT IP ADDRESS: XXX.XXX.XXX.XXX
SERVER IP ADDRESS: example.com
=============================================================
INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-77-cneJOIwmnoOdKqkscaiy-cas.service] for service [http://example.com:8080/grailsapp/j_spring_cas_security_check] for user [sampleuser]>
####### FIRST ITERATION OF LOOP BELOW #############
=============================================================
WHO: sampleuser
WHAT: ST-77-cneJOIwmnoOdKqkscaiy-cas.service for http://example.com:8080/grailsapp/j_spring_cas_security_check
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Fri Jan 03 23:52:41 GMT 2014
CLIENT IP ADDRESS: XXX.XXX.XXX.XXX
SERVER IP ADDRESS: example.com
=============================================================
=============================================================
WHO: audit:unknown
WHAT: ST-77-cneJOIwmnoOdKqkscaiy-cas.service
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Fri Jan 03 23:52:41 GMT 2014
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: example.com
=============================================================
DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in FlowScope: http://example.com:8080/grailsapp/j_spring_cas_security_check>
INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-78-6qsbaVNNOess4VhGOQE4-cas.service] for service [http://example.com:8080/grailsapp/j_spring_cas_security_check] for user [sampleuser]>
####### SERVICE_TICKET_CREATED and SERVICE_TICKET_VALIDATED LOOP CONTINUES A FEW MORE TIMES BEFORE BROWSER GIVES UP #############
答案 0 :(得分:2)
问题是在Grails客户端我没有创建userDetailsService。我在Grails的services文件夹中实现了一个自定义类(参见http://grails-plugins.github.io/grails-spring-security-core/guide/userDetailsService.html):
public class MyUserDetailsService implements UserDetailsService {
// Required methods here
}
然后在resources.groovy中引用它:
beans = {
userDetailsService(MyUserDetailsService)
}
答案 1 :(得分:2)
除了覆盖UserDetailsService我必须在filterProcessesUrl
Config.groovy
grails.plugin.springsecurity.cas.filterProcessesUrl = "/user/login" // same as uri part of serviceUrl
grails.plugin.springsecurity.cas.serviceUrl = "http://yoursite.com/user/login"
CasAuthenticationFilter在CAS上进行身份验证后启动。以下是源代码参考链接:
您还可以查看CasAuthenticationFilter.java
的来源,查看serviceTicketRequest和super.requiresAuthentication方法。