Question

我已将spring security集成到我的项目中，之前我使用hibernate对用户详细信息进行了身份验证。现在我必须使用CAS。这是我目前的Spring security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="
        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
        http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
        http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
        http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security 
        http://www.springframework.org/schema/security/spring-security-3.1.xsd
        ">



    <global-method-security pre-post-annotations="enabled" />

    <http pattern="/css/**" security="none"/>
    <http pattern="/images/**" security="none"/>
    <http pattern="/js/**" security="none"/>
    <http pattern="/index.jsp" security="none"/>
    <http pattern="/app/addNewUser.json" security="none"/>
    <http pattern="/dbcomplogin.jsp" security="none"/>
    <http pattern="/loggedout.jsp" security="none"/>

    <http use-expressions="true">
        <!--
             Allow all other requests. In a real application you should
             adopt a whitelisting approach where access is not allowed by default
          -->
        <intercept-url pattern="/**" access="isAuthenticated()" />
        <form-login login-page='/dbcomplogin.jsp'
          authentication-failure-url="/dbcomplogin.jsp?login_error=1"
          default-target-url="/index.jsp" />
        <logout logout-success-url="/loggedout.jsp" delete-cookies="JSESSIONID"/>
        <remember-me />

    </http>

    <beans:bean id="myUserService" class="com.tcs.ceg.services.impl.UserServiceImpl" />
    <authentication-manager>
    <authentication-provider user-service-ref="myUserService" />
    </authentication-manager>

</beans:beans>

在UserServiceImpl类中的

“loadUserByUsername”方法我正在使用Hibernate调用从DB获取用户详细信息，如果它们存在于DB中，我将返回用户名，密码。

但现在我必须使用CAS服务器。请告诉我在spring-security.xml中需要更改的内容，这样，如果用户未经过身份验证，将打开CAS服务器的登录页面，点击注销将发生单次注销并退出CAS的注销页面服务器将打开。我是CAS和春天安全的新手，所以请帮助我。

Answer 1

您是否有机会查看此链接：http://static.springsource.org/spring-security/site/docs/3.0.x/reference/cas.html？

本文档将指导您如何使用Spring Security配置CAS客户端。

Answer 2

查看用于导入beans命名空间的别名。如果您的xml配置为xmlns：beans =“http://www.springframework.org/schema/beans”xmlns：xsi =“http://www.w3.org/2001/XMLSchema-instance”将其与别名为bean：bean

如何将CAS认证与Spring安全性集成？

2 个答案: