我在localhost上设置了一个简单的Grails站点(使用SSL),配置了spring security并使用s2-quickstart设置用户。然后我将其配置为使用CAS服务器身份验证。根据CAS日志,它似乎确实进行了身份验证,但在身份验证之后,继续返回到grails应用程序的index.gsp页面,而不是请求的URL。这是application.groovy中的配置。
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.helloworld.SecUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.helloworld.SecUserSecRole'
grails.plugin.springsecurity.authority.className = 'com.helloworld.SecRole'
grails.plugin.springsecurity.providerNames = ['casAuthenticationProvider']
grails.plugin.springsecurity.cas.active = true
grails.plugin.springsecurity.cas.sendRenew = false
grails.plugin.springsecurity.cas.loginUri = '/login'
grails.plugin.springsecurity.cas.serviceUrl = 'https://localhost:8080/'
grails.plugin.springsecurity.cas.serverUrlPrefix = 'https://localhost:8443/cas'
grails.plugin.springsecurity.cas.serverUrlEncoding = 'UTF-8'
grails.plugin.springsecurity.cas.key = 'grails-spring-security-cas'
grails.plugin.springsecurity.cas.artifactParameter = 'ticket'
grails.plugin.springsecurity.cas.serviceParameter = 'service'
grails.plugin.springsecurity.cas.filterProcessesUrl = '/j_spring_cas_security_check'
grails.plugin.springsecurity.cas.proxyCallbackUrl = 'https://localhost:8080/secure/receptor'
grails.plugin.springsecurity.cas.proxyReceptorUrl = '/secure/receptor'
grails.plugin.springsecurity.cas.useSingleSignout = true
grails.plugin.springsecurity.cas.logout.afterLogoutUrl = 'https://localhost:8443/cas/logout?url=https://localhost:8080/logout'
grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.successHandler.alwaysUseDefaultTargetUrl = false
grails.plugin.springsecurity.interceptUrlMap = [
'/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/logout/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/secure/receptor': ['IS_AUTHENTICATED_ANONYMOUSLY'], // <- allows CAS to contact the receptor
'/**': ['IS_AUTHENTICATED_FULLY']
]
你能说出什么问题吗?
答案 0 :(得分:0)
嗯,grails.plugin.springsecurity.cas.serviceUrl值应该以/ j_spring_cas_security_check结尾。
我们使用:
grails.plugin.springsecurity.cas.active = true
grails.plugin.springsecurity.cas.loginUri = "/login"
grails.plugin.springsecurity.cas.serverUrlPrefix = "<cas server url>"
grails.plugin.springsecurity.cas.serviceUrl = "<grails server url>/j_spring_cas_security_check"
grails.plugin.springsecurity.cas.proxyCallbackUrl = null
grails.plugin.springsecurity.cas.proxyReceptorUrl = null
我还发现最初使用最小配置只是为了让事情有效。我已经通过过度配置不同的插件来锁定我的grails服务器,我认为这些插件很多次都是好的价值。