我是Spring安全和CAS的新手。客户端Web应用程序是Spring 3.0 mvc +(Tomcat6 + apache2.2 + jk_module),没有受限制的页面或目录访问。 每个网页有两个部分受保护(登录可以看到它)和不受保护(匿名),并且页面顶部还有一个登录链接(到CAS远程服务器)。我们的应用程序工作正常,我没有得到任何错误,但是身份验证部分不起作用。 问题是当单击登录链接时页面转到CAS服务器,并且在成功验证后,CAS远程服务器不会将页面返回到Web应用程序页面,并保留在CAS服务器页面上,并显示“登录成功”消息。 我的安全配置有什么问题? 谢谢你的帮助, MK
的web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
WEB-INF/security.xml
</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/dispatcher-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>120</session-timeout>
</session-config>
的security.xml
<http entry-point-ref="casEntryPoint" auto-config="true">
<intercept-url pattern="/*.html" filters="none"/>
<intercept-url pattern="/login.jsp" filters="none"/>
<custom-filter ref="casFilter" position="CAS_FILTER" />
<logout logout-success-url="https://remote-cas.com/cas/logout"/>
</http>
<user-service id="userService">
<user name="myapp_ca" authorities="ROLE_USER"/>
</user-service>
<authentication-manager alias="authManager">
<authentication-provider ref="casAuthProvider" />
</authentication-manager>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="https://myIpaddress/myapp/homePage.htm"/>
<property name="sendRenew" value="false"/>
</bean>
<bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="https://remote-cas.com/cas/login"/>
<property name="serviceProperties" ref="serviceProperties"/>
</bean>
<bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authManager"/>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/myapp/homePage.html" />
</bean>
</property>
</bean>
<bean id="ticketValidator" class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg value="https://remote-cas.com/cas/login" />
</bean>
<bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="ticketValidator" ref="ticketValidator"/>
<property name="serviceProperties" ref="serviceProperties"/>
<property name="authenticationUserDetailsService">
<bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<constructor-arg ref="userService" />
</bean>
</property>
<property name="key" value="cas"></property>
</bean>
答案 0 :(得分:0)
调用CAS登录URL时,您需要提供要返回的URL作为参数。该参数也是您要保护的资源的名称。
https://my.domain.com/cas/login?service=https://my.protected-service.com/path/to/page/
为了使票证对my.protected-service.com上的所有资源有效,您需要通过将CAS范围设置为my.protected-service.com /
来扩大票证的范围。但是,我不知道如何通过您的设置实现这一目标。