0

我们正在尝试将现有的 Web 应用程序从 Spring 2.x 升级到 Spring 3,并相信在一切恢复正常之前我们已经解决了最后一个问题。我们使用 CAS,可以访问 JASIG CAS 登录,但是登录时出现 404 错误。我们让服务器管理员从 CAS 服务器中提取 Catalina 日志,它指出登录成功并且正在返回到应用程序。然而,在来自 tomcat 服务器的调试输出中,它声明匿名用户的访问被拒绝,我不是。

Web.xml 片段

<context-param>
    <param-name>log4jConfigLocation</param-name> 
    <param-value>/WEB-INF/classes/log4j.properties</param-value> 
</context-param>
<filter>
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

应用程序上下文.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:task="http://www.springframework.org/schema/task"
xsi:schemaLocation="
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <import resource="classpath:edu/umt/brp/spring/run-env.xml"/>


<!-- NEW SECURITY (Begin) -->
<security:http access-denied-page="/myAccessDeniedPage" entry-point-ref="casProcessingFilterEntryPoint">
    <security:port-mappings>
    <!--<security:port-mapping http="8080" https="8081"/> -->
    <security:port-mapping http="8080" https="443"/> 
    </security:port-mappings>


    <security:intercept-url pattern="/infoGriz.html*" access="ROLE_EMPLOYEE" />
    <security:intercept-url pattern="/**/frameset**" access="ROLE_EMPLOYEE" />
<!--        <security:logout logout-url="/logout" logout-success-url="https://logintest.umt.edu/cas/logout" invalidate-session="true"/> -->
    <!--  next line may fix problem --> 
    <security:logout logout-url="/logout" logout-success-url="${casLogoutUrl}" invalidate-session="true"/>
</security:http>     
<security:global-method-security secured-annotations="enabled" jsr250-annotations="enabled" />

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="casAuthenticationProvider" />
</security:authentication-manager>

<security:ldap-server id="ldapServer" url="${ldapUrl}"/>

<bean id="userService" class="org.springframework.security.ldap.userdetails.LdapUserDetailsService">
    <constructor-arg>
        <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
            <constructor-arg index="0" value="cn=users,dc=umt,dc=edu"/>
            <constructor-arg index="1" value="(uid={0})"/>
            <constructor-arg index="2" ref="ldapServer" />
        </bean>     
    </constructor-arg>
    <constructor-arg>
        <bean class="edu.umt.brp.security.AuthoritiesPopulator">
            <constructor-arg ref="ldapServer" />
            <constructor-arg value="cn=groups,dc=umt,dc=edu" />
            <property name="groupSearchFilter" value="(uniqueMember={0})"/>
            <property name="searchSubtree" value="true"/>

            <property name="grouperServiceUrl" value="${grouperServiceUrl}"/>
            <property name="grouperUser" value="${grouperUser}"/>
            <property name="grouperPass" value="${grouperPass}"/>

        </bean>
    </constructor-arg>
    <property name="userDetailsMapper">
        <bean class="org.springframework.security.ldap.userdetails.PersonContextMapper"/>
    </property>
</bean>

<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
    <property name="service" value="${applicationHost}/infoGriz/j_spring_cas_security_check"/> 
    <property name="sendRenew" value="false"/>
</bean> 

<bean id="casProcessingFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationFailureHandler">
        <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
            <property name="defaultFailureUrl" value="http://www.google.com"/>
        </bean>
    </property>
</bean>

<bean id="casProcessingFilterEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
    <property name="loginUrl" value="${casLoginUrl}"/>
    <property name="serviceProperties" ref="serviceProperties"/>
</bean>

<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider" >
    <property name="userDetailsService" ref="userService"/>
    <property name="serviceProperties" ref="serviceProperties" />

    <property name="ticketValidator">
        <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
            <constructor-arg index="0" value="${casValidateUrl}" />
        </bean>
    </property>
    <property name="key" value="an_id_for_this_auth_provider_only"/>
</bean>
<!-- NEW SECURITY (End) -->

我们有另一个 Web 应用程序已经在 Spring 3 上,我们正在使用 spring security 3.0.2 作为模型,但两者之间似乎没有什么不同。让我知道是否有任何其他文件会有所帮助。

谢谢,

伊恩

4

2 回答 2

0

基于 Spring Security 3参考,您还需要将CAS auth 过滤器添加到安全配置中:

<security:http ... >
    <security:custom-filter position="CAS_FILTER" ref="casProcessingFilter" />
</security:http>

/infoGriz.html*我有一个问题是和之间的关系是什么/infoGriz/j_spring_cas_security_check?如果您希望intercept-url标签捕获第二个标签,它不会!

于 2012-04-28T07:39:16.987 回答
-1

如果您使用的是 Spring Security 4,请将其添加到 xml

<csrf disabled="true"/>
于 2016-02-27T16:12:53.593 回答