当故障单为SERVICE_TICKET_CREATED时,CAS重定向出错

时间:2015-06-05 22:29:38

标签: java spring spring-security spring-boot cas

Spring Boot中的一个客户端应用程序(Spring Security + Tomcat)尝试对JBoss 7.1中运行的CAS(Central aunthencation Service)进行身份验证,在检测到用户未经过身份验证后,应用程序被重定向到CAS登录页面,因此他们的凭据插入并从CAS生成GRANT_SERVICE_TICKET。因此,在CAS之后,CAS向Spring Boot应用程序客户端发送一个重定向链接,包括令牌,但出乎意料的是发生了一些事情,并且多次重定向被发送到显示消息的浏览器:"该页面没有正确地重定向"。

CAS接收并生成故障单,但Spring Boot无法确认该故障单已被接受。如log bellow中所述:

=============================================================
17:45:53,009 INFO  [stdout] (http--0.0.0.0-9022-1) WHO: user123
17:45:53,009 INFO  [stdout] (http--0.0.0.0-9022-1) WHAT: ST-87-TCHz2sQeio0bR5gB2TZt-localhost for https://localhost:9043/useraccess/login/cas
17:45:53,009 INFO  [stdout] (http--0.0.0.0-9022-1) ACTION: SERVICE_TICKET_CREATED
17:45:53,009 INFO  [stdout] (http--0.0.0.0-9022-1) APPLICATION: CAS
17:45:53,024 INFO  [stdout] (http--0.0.0.0-9022-1) WHEN: Fri Jun 05 17:45:53 BRT 2015
17:45:53,024 INFO  [stdout] (http--0.0.0.0-9022-1) CLIENT IP ADDRESS: 127.0.0.1
17:45:53,024 INFO  [stdout] (http--0.0.0.0-9022-1) SERVER IP ADDRESS: 127.0.0.1
17:45:53,024 INFO  [stdout] (http--0.0.0.0-9022-1) =============================================================

我的CAS服务器在https://localhost:9022/cas的JBoss 7.1服务器上运行 我的Spring Boot运行在https://localhost:9043/useraccess/

有人有任何想法吗?看来Spring Boot无法处理不同服务器之间的交叉重定向。目前,我的CAS身份验证适用于Web应用程序,我正在尝试转换为Spring Boot。

谢谢!

1 个答案:

答案 0 :(得分:1)

看一下我当前的CAS配置,因为JBoss 7.1中的WAR应用程序工作正常,但是当在Spring Boot中使用某些东西不起作用时,似乎无法在重定向到应用程序主页时收到CAS授予的票证。

@Configuration
@EnableWebSecurity
public class CasConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private WebAppProperty webAppProperty; 

    @Override
    public void configure(final HttpSecurity http) throws Exception {
        // Main configurations
        http.csrf().disable();
        http.headers().frameOptions().disable();

        // Authorize sub-folders permissions
        http.authorizeRequests().antMatchers("/*").authenticated();

        http.addFilter(logoutFilter());
        http.addFilter(casAuthenticationFilter());

        final ServiceProperties serviceProperties = serviceProperties();
        http.authenticationProvider(casAuthenticationProvider(serviceProperties));
        http.exceptionHandling().authenticationEntryPoint(casProcessingFilterEntryPoint(serviceProperties));
    }

    private CasAuthenticationEntryPoint casProcessingFilterEntryPoint(final ServiceProperties serviceProperties)
            throws IOException {
        final String casLoginUrl = securityProperty().getCASLoginURL();
        final CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
        casAuthenticationEntryPoint.setLoginUrl(casLoginUrl);
        casAuthenticationEntryPoint.setServiceProperties(serviceProperties);

        return casAuthenticationEntryPoint;
    }

    private CasAuthenticationFilter casAuthenticationFilter() throws Exception {
        final String webappLocation = webAppProperty.getContextLocation();
        final SavedRequestAwareAuthenticationSuccessHandler savedRequestAwareAuthenticationSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        savedRequestAwareAuthenticationSuccessHandler.setDefaultTargetUrl(webappLocation);

        final String casLogoutUrl = securityProperty().getCASLogoutURL();
        final SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler = new SimpleUrlAuthenticationFailureHandler(
                casLogoutUrl);

        final CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
        casAuthenticationFilter.setAuthenticationFailureHandler(simpleUrlAuthenticationFailureHandler);
        casAuthenticationFilter.setAuthenticationSuccessHandler(savedRequestAwareAuthenticationSuccessHandler);
        casAuthenticationFilter.setAuthenticationManager(super.authenticationManagerBean());

        return casAuthenticationFilter;
    }

    private LogoutFilter logoutFilter() throws IOException {
        final String logoutURL = securityProperty().getCASLogoutURL();
        final LogoutFilter logoutFilter = new LogoutFilter(logoutURL, new SecurityContextLogoutHandler());

        return logoutFilter;
    }

    private CasAuthenticationProvider casAuthenticationProvider(final ServiceProperties serviceProperties)
            throws IOException, NamingException {
        final String casServerLocationSSL = securityProperty().getCASServer();
        final Cas20ServiceTicketValidator ticketValidator = new Cas20ServiceTicketValidator(casServerLocationSSL);

        final CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
        casAuthenticationProvider
                .setAuthenticationUserDetailsService(new UserDetailsByNameServiceWrapper<CasAssertionAuthenticationToken>(
                        userDetailsService()));
        casAuthenticationProvider.setServiceProperties(serviceProperties);
        casAuthenticationProvider.setTicketValidator(ticketValidator);
        casAuthenticationProvider.setKey("an_id_for_this_auth_provider_only");

        return casAuthenticationProvider;
    }

    private ServiceProperties serviceProperties() throws IOException {
        final String casServiceLocationSSL = securityProperty().getCASService();
        final ServiceProperties serviceProperties = new ServiceProperties();
        serviceProperties.setService(casServiceLocationSSL);

        return serviceProperties;
    }

    @Bean
    @Override
    public UserDetailsService userDetailsService() {
        return new CustomUserDetailsService();
    }

    @Bean
    public SecurityProperty securityProperty() {
        return new SecurityPropertyImpl();
    }
}