如何让Spring Security和cas使用指向同一服务器的Multiples网址

时间:2016-01-13 17:42:45

标签: java url dynamic spring-security cas

我在工作中面临着一个非常棘手的局面。用户可以使用2个不同的网址来访问我们的网站:

http://mycorporation.com/myapp/http://portal.mycorporation.com/myapp/

我面临的问题是spring security和cas配置似乎只适用于硬编码的单个URL:

<bean id="serviceProperties"
        class="org.springframework.security.cas.ServiceProperties">
        <property name="service" value="http://${myapp.hostname}/${myapp.appname}/j_spring_cas_security_check"/>
        <property name="sendRenew" value="false"/>
        <property name="setAuthenticateAllArtifacts" value= "true"/>
    </bean>

所以我的问题是,有没有办法检测运行时使用的url? 在我的研究期间,我遇到了这个answer,但是他似乎找回了当前网址的部分,我可以“因为我不使用HATEOAS而得到它。”

如果需要,我可以提供任何附加信息。另外,请原谅我的英语。我不是本地人。

这是整个spring security配置:

<security:global-method-security secured-annotations="enabled" />

    <security:http auto-config="true" use-expressions="true" entry-point-ref="casEntryPoint">
        <security:intercept-url pattern="/" access="permitAll" />
        <security:intercept-url pattern="/protected/**" access="isAuthenticated()" />
        <security:custom-filter position="CAS_FILTER" ref="casFilter"/>
        <security:custom-filter ref="ajaxTimeoutRedirectFilter" after="EXCEPTION_TRANSLATION_FILTER"/>
        <security:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
        <security:custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
    </security:http>

    <!-- Carrega configuracoes do Ambiente em Execucao -->          
    <context:property-placeholder location="classpath:environment.properties"/>

    <!-- Definicao da aplicacao, cuja autenticacao sera gerenciada pelo CAS -->
    <bean id="serviceProperties"
        class="org.springframework.security.cas.ServiceProperties">
        <property name="service" value="http://${example.hostname}/${example.appname}/j_spring_cas_security_check"/>
        <property name="sendRenew" value="false"/>
    </bean>

    <!-- Definicao da filtro das requisições ajax para verificar se a sessão expirou -->
    <bean id="ajaxTimeoutRedirectFilter" class="com.example.util.AjaxTimeoutRedirectFilter">
        <property name="customSessionExpiredErrorCode" value="901"/>
    </bean>

    <!-- Filtro de Autenticacao utilizado pelo CAS -->
    <bean id="casFilter"
        class="org.springframework.security.cas.web.CasAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
    </bean>

    <!-- Ponto de entrada do CAS - Pagina de Login -->
    <bean id="casEntryPoint"
        class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
        <property name="loginUrl" value="https://login.example.com/cas/login"/>
        <property name="serviceProperties" ref="serviceProperties"/>
    </bean>

    <!-- Definicao do Gerenciador de Autenticacao -->
    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider ref="casAuthenticationProvider" />
    </security:authentication-manager>

    <!-- Configuracao da Autenticacao realizada pelo CAS -->
    <bean id="casAuthenticationProvider"
        class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
        <property name="authenticationUserDetailsService">
        <bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">             
            <constructor-arg ref="userService" />
        </bean>
        </property>
        <property name="serviceProperties" ref="serviceProperties" />
        <property name="ticketValidator">
            <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                <constructor-arg index="0" value="https://login.example.mp.br/cas" />
            </bean>
        </property>
        <property name="key" value="an_id_for_this_auth_provider_only"/>
    </bean>

    <!-- Retorna o usuario do LDAP a partir do login e senha passado ao CAS -->
    <bean id="CustomLDAPUserContextMapper" class="com.example.util.CustomLDAPUserContextMapper"></bean>
    <security:ldap-server url="ldap://11.111.1.111:389/o=example"/>
    <security:ldap-user-service id="userService"
        user-search-filter="(&amp; (objectclass=person) (mail={0}) )" 
        group-search-filter="(uniqueMember={0})"
        user-context-mapper-ref="CustomLDAPUserContextMapper"
        />

    <!-- Este filtro lanca um requisicao de Single Sign-out a partir do servidor CAS -->
    <bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>

    <!-- Este filtro redireciona para o servidor CAS para que o Single Sign-out seja tratado -->
    <bean id="requestSingleLogoutFilter"
        class="org.springframework.security.web.authentication.logout.LogoutFilter">
        <constructor-arg value="https://example.com/cas/logout"/>
        <constructor-arg>
            <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
        </constructor-arg>
        <property name="filterProcessesUrl" value="/j_spring_cas_security_logout"/>
    </bean>

1 个答案:

答案 0 :(得分:0)

CasAuthenticationEntryPoint(casEntryPoint bean)有一个createServiceUrl()方法。
您可以覆盖它以选择正确的服务(通过使用适当的参数调用CommonUtils.constructServiceUrl())。

相关问题
最新问题