Spring Boot中的一个客户端应用程序(Spring Security + Tomcat)尝试对JBoss 7.1中运行的CAS(Central aunthencation Service)进行身份验证,在检测到用户未经过身份验证后,应用程序被重定向到CAS登录页面,因此他们的凭据插入并从CAS生成GRANT_SERVICE_TICKET。因此,在CAS之后,CAS向Spring Boot应用程序客户端发送一个重定向链接,包括令牌,但出乎意料的是发生了一些事情,并且多次重定向被发送到显示消息的浏览器:"该页面没有正确地重定向"。
CAS接收并生成故障单,但Spring Boot无法确认该故障单已被接受。如log bellow中所述:=============================================================
17:45:53,009 INFO [stdout] (http--0.0.0.0-9022-1) WHO: user123
17:45:53,009 INFO [stdout] (http--0.0.0.0-9022-1) WHAT: ST-87-TCHz2sQeio0bR5gB2TZt-localhost for https://localhost:9043/useraccess/login/cas
17:45:53,009 INFO [stdout] (http--0.0.0.0-9022-1) ACTION: SERVICE_TICKET_CREATED
17:45:53,009 INFO [stdout] (http--0.0.0.0-9022-1) APPLICATION: CAS
17:45:53,024 INFO [stdout] (http--0.0.0.0-9022-1) WHEN: Fri Jun 05 17:45:53 BRT 2015
17:45:53,024 INFO [stdout] (http--0.0.0.0-9022-1) CLIENT IP ADDRESS: 127.0.0.1
17:45:53,024 INFO [stdout] (http--0.0.0.0-9022-1) SERVER IP ADDRESS: 127.0.0.1
17:45:53,024 INFO [stdout] (http--0.0.0.0-9022-1) =============================================================
我的CAS服务器在https://localhost:9022/cas的JBoss 7.1服务器上运行
我的Spring Boot运行在https://localhost:9043/useraccess/
有人有任何想法吗?看来Spring Boot无法处理不同服务器之间的交叉重定向。目前,我的CAS身份验证适用于Web应用程序,我正在尝试转换为Spring Boot。
谢谢!
答案 0 :(得分:1)
看一下我当前的CAS配置,因为JBoss 7.1中的WAR应用程序工作正常,但是当在Spring Boot中使用某些东西不起作用时,似乎无法在重定向到应用程序主页时收到CAS授予的票证。
@Configuration
@EnableWebSecurity
public class CasConfig extends WebSecurityConfigurerAdapter {
@Autowired
private WebAppProperty webAppProperty;
@Override
public void configure(final HttpSecurity http) throws Exception {
// Main configurations
http.csrf().disable();
http.headers().frameOptions().disable();
// Authorize sub-folders permissions
http.authorizeRequests().antMatchers("/*").authenticated();
http.addFilter(logoutFilter());
http.addFilter(casAuthenticationFilter());
final ServiceProperties serviceProperties = serviceProperties();
http.authenticationProvider(casAuthenticationProvider(serviceProperties));
http.exceptionHandling().authenticationEntryPoint(casProcessingFilterEntryPoint(serviceProperties));
}
private CasAuthenticationEntryPoint casProcessingFilterEntryPoint(final ServiceProperties serviceProperties)
throws IOException {
final String casLoginUrl = securityProperty().getCASLoginURL();
final CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
casAuthenticationEntryPoint.setLoginUrl(casLoginUrl);
casAuthenticationEntryPoint.setServiceProperties(serviceProperties);
return casAuthenticationEntryPoint;
}
private CasAuthenticationFilter casAuthenticationFilter() throws Exception {
final String webappLocation = webAppProperty.getContextLocation();
final SavedRequestAwareAuthenticationSuccessHandler savedRequestAwareAuthenticationSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler();
savedRequestAwareAuthenticationSuccessHandler.setDefaultTargetUrl(webappLocation);
final String casLogoutUrl = securityProperty().getCASLogoutURL();
final SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler = new SimpleUrlAuthenticationFailureHandler(
casLogoutUrl);
final CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
casAuthenticationFilter.setAuthenticationFailureHandler(simpleUrlAuthenticationFailureHandler);
casAuthenticationFilter.setAuthenticationSuccessHandler(savedRequestAwareAuthenticationSuccessHandler);
casAuthenticationFilter.setAuthenticationManager(super.authenticationManagerBean());
return casAuthenticationFilter;
}
private LogoutFilter logoutFilter() throws IOException {
final String logoutURL = securityProperty().getCASLogoutURL();
final LogoutFilter logoutFilter = new LogoutFilter(logoutURL, new SecurityContextLogoutHandler());
return logoutFilter;
}
private CasAuthenticationProvider casAuthenticationProvider(final ServiceProperties serviceProperties)
throws IOException, NamingException {
final String casServerLocationSSL = securityProperty().getCASServer();
final Cas20ServiceTicketValidator ticketValidator = new Cas20ServiceTicketValidator(casServerLocationSSL);
final CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
casAuthenticationProvider
.setAuthenticationUserDetailsService(new UserDetailsByNameServiceWrapper<CasAssertionAuthenticationToken>(
userDetailsService()));
casAuthenticationProvider.setServiceProperties(serviceProperties);
casAuthenticationProvider.setTicketValidator(ticketValidator);
casAuthenticationProvider.setKey("an_id_for_this_auth_provider_only");
return casAuthenticationProvider;
}
private ServiceProperties serviceProperties() throws IOException {
final String casServiceLocationSSL = securityProperty().getCASService();
final ServiceProperties serviceProperties = new ServiceProperties();
serviceProperties.setService(casServiceLocationSSL);
return serviceProperties;
}
@Bean
@Override
public UserDetailsService userDetailsService() {
return new CustomUserDetailsService();
}
@Bean
public SecurityProperty securityProperty() {
return new SecurityPropertyImpl();
}
}