Spring Boot Security上的Cas auth导致Glassfish服务器上的重定向循环

Question

我正在使用

开发Spring Boot（2.0.5）应用程序

• spring-boot-starter-security（2.0.5）
• spring-security-cas（5.0.8）。

应用程序是使用 tomcat 开发的，并且一切正常进行，但是当我们在 payara glassfish 5.0 上部署应用程序时，会出现重定向循环错误。

发生的事情是，当某人连接到我的应用程序时，他被未经授权并重定向到cas服务器，当他回来时，我的应用程序会识别出该用户已通过身份验证，并让他进入应用程序的安全部分。 （这就是 tomcat 上的工作方式）

但是在 glassfish 上，我的应用程序无法识别出用户已成功通过身份验证，因此将其重定向回cas服务器。

Spring安全性是以Java方式配置的，代码在下面，隐藏了某些部分以保护隐私。

@Override
        protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
            return application.sources(applicationClass);
        }

        private static Class<UserPortalApplication> applicationClass = UserPortalApplication.class;

    @Bean
    public ServiceProperties serviceProperties() {
        ServiceProperties serviceProperties = new ServiceProperties();
        serviceProperties.setService("https://some-url/login/cas");
        serviceProperties.setSendRenew(false);
        return serviceProperties;
    }

    @Bean
    @Primary
    public AuthenticationEntryPoint authenticationEntryPoint(
      ServiceProperties sP) {

        CasAuthenticationEntryPoint entryPoint
          = new CasAuthenticationEntryPoint();
        entryPoint.setLoginUrl("https://some-url/cas/login");
        entryPoint.setServiceProperties(sP);
        return entryPoint;
    }

    @Bean
    public TicketValidator ticketValidator() {
        return new Cas20ServiceTicketValidator(
          "https://some-url/cas");
    }

    @Bean
    public CasAuthenticationProvider casAuthenticationProvider() {
      CasAuthenticationProvider provider = new CasAuthenticationProvider();
      provider.setServiceProperties(serviceProperties());
      provider.setTicketValidator(ticketValidator());
          provider.setAuthenticationUserDetailsService(new CasUserDetailService());
      provider.setKey("CAS_PROVIDER_LOCALHOST_9000");
      return provider;
    }

    @Bean
    public SecurityContextLogoutHandler securityContextLogoutHandler() {
      return new SecurityContextLogoutHandler();
    }

    @Bean
    public LogoutFilter logoutFilter() {
      LogoutFilter logoutFilter = new LogoutFilter(
        "https://some-url/cas/logout", securityContextLogoutHandler());
      logoutFilter.setFilterProcessesUrl("/logout/cas");
      return logoutFilter;
    }

    @Bean
    public SingleSignOutFilter singleSignOutFilter() {
      SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
      singleSignOutFilter.setCasServerUrlPrefix("https://some-url/cas");
      singleSignOutFilter.setIgnoreInitConfiguration(true);
      return singleSignOutFilter;
    }

    @EventListener
    public SingleSignOutHttpSessionListener singleSignOutHttpSessionListener(HttpSessionEvent event) {
      return new SingleSignOutHttpSessionListener();
    }

SecurityConfig

    @EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private AuthenticationProvider authenticationProvider;
    private AuthenticationEntryPoint authenticationEntryPoint;
    private SingleSignOutFilter singleSignOutFilter;
    private LogoutFilter logoutFilter;

    @Autowired
    public SecurityConfig(CasAuthenticationProvider casAuthenticationProvider, AuthenticationEntryPoint eP,
                          LogoutFilter lF
                          , SingleSignOutFilter ssF
    ) {
        this.authenticationProvider = casAuthenticationProvider;
        this.authenticationEntryPoint = eP;

        this.logoutFilter = lF;
        this.singleSignOutFilter = ssF;

    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
        .csrf().disable().cors().disable()
        //.requiresChannel().anyRequest().requiresSecure()
        //.and()
        .authorizeRequests()
        .antMatchers("/login.*")
        .permitAll()
        .and()
        .authorizeRequests() 
        .regexMatchers("/secured.*", "/login")
        .authenticated()
        .and()
        .authorizeRequests() 
        .regexMatchers("/controllers.*", "/login")
        .authenticated()
        .and()
        .authorizeRequests()
        .regexMatchers("/")
        .permitAll()
        .and()
        .httpBasic()
        .authenticationEntryPoint(authenticationEntryPoint)
        .and()
        .logout().logoutSuccessUrl("/logout")
        .and()
        .addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class)
        .addFilterBefore(logoutFilter, LogoutFilter.class);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
      auth.authenticationProvider(authenticationProvider);
    }

    @Override
    protected AuthenticationManager authenticationManager() throws Exception {
      return new ProviderManager(Arrays.asList(authenticationProvider));
    }

    @Bean
    public CasAuthenticationFilter casAuthenticationFilter(ServiceProperties sP) throws Exception {
      CasAuthenticationFilter filter = new CasAuthenticationFilter();
      filter.setServiceProperties(sP);
      filter.setAuthenticationManager(authenticationManager());
      return filter;
    }


}