用Shiro for Zeppelin进行CAS认证

时间:2016-10-11 15:57:03

标签: cas shiro apache-zeppelin

我试图让Zeppelin中的shiro.ini使用cas是不成功的。 我遵循了这些指示 http://shiro.apache.org/cas.html 

casFilter = org.apache.shiro.cas.CasFilter
casFilter.failureUrl = /error.html

casRealm = org.apache.shiro.cas.CasRealm
casRealm.defaultRoles = USER
casRealm.casServerUrlPrefix = https://ticketserver.com
casRealm.casService = https://tickettranslater.com/j_spring_cas_security_check

casSubjectFactory = org.apache.shiro.cas.CasSubjectFactory
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.subjectFactory = $casSubjectFactory
securityManager.realms = $casRealm

### If caching of user is required then uncomment below lines
#cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
#securityManager.cacheManager = $cacheManager
securityManager.sessionManager = $sessionManager
# 86,400,000 milliseconds = 24 hour
#securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login


[urls]
# anon means the access is anonymous.
# authcBasic means Basic Auth Security
# authc means Form based Auth Security
# To enfore security, comment the line below and uncomment the next one
/api/interpreter/** = authc, roles[USER]
/api/configurations/** = authc, roles[USER]
/api/credential/** = authc, roles[SOMEOTHER]
/api/login = casFilter
/** = authc
#/** = anon
#/** = authc

casService是将票证转换为用户的内容。 casServerUrlPrefix是获取tickes的地方。 如果我提出shiro.loginUrl = https://ticketserver.com?service=https://tickettranslater.com/j_spring_cas_security_check 它的工作原理除了Origin头在路上失败并且登录失败的事实。

tickeserver.com和tickertranslater都在网络中,它们适用于许多其他应用程序。

如何设置shiro.ini以正确处理cas登录链?

1 个答案:

答案 0 :(得分:0)

此配置适用于Apache Zeppelin 0.6.2。

如果您已经针对CAS服务器进行了身份验证,则会自动对Apache Zeppelin进行身份验证。

您需要编译zeppelin-web,但首先需要将shiro-cas Maven依赖项添加到zeppelin-web / pom.xml:

<dependencies>
  <dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-cas</artifactId>
    <version>1.2.3</version>
  </dependency>
</dependencies>

然后使用以下命令配置文件conf / shiro.ini:

[main]
casFilter = org.apache.shiro.cas.CasFilter
casFilter.failureUrl = /404.html

casRealm = org.apache.shiro.cas.CasRealm
casRealm.defaultRoles = ROLE_USER

casRealm.casServerUrlPrefix = http://<cas-server>:<port>/cas/p3
casRealm.casService = http://localhost:8080/api/shiro-cas

casSubjectFactory = org.apache.shiro.cas.CasSubjectFactory
securityManager.subjectFactory = $casSubjectFactory
securityManager.realms = $casRealm

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager

securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000

[urls]
/api/shiro-cas = casFilter
/api/version = anon
/** = authc
相关问题
最新问题