2

我正在使用 Spring MVC 编写一个客户端应用程序,该应用程序将对 Spring Security CAS 服务器进行身份验证。

我遇到的问题是,用户认证成功后,浏览器显示 404 错误。我不确定如何在我的应用程序中设置“成功”页面。还是我需要在 CAS 服务器属性中的某处定义回调 url?到目前为止,这是我的代码:

网页.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

<!-- The definition of the Root Spring Container shared by all Servlets 
    and Filters -->
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/spring/applicationContext-security.xml</param-value>
</context-param>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<welcome-file-list>
    <welcome-file>index.html</welcome-file>
    <welcome-file>index.jsp</welcome-file>
</welcome-file-list>

applicationContext-security.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<!-- Enable security, let the casAuthenticationEntryPoint handle all intercepted 
    urls. The CAS_FILTER needs to be in the right position within the filter 
    chain. -->
<security:http entry-point-ref="casAuthenticationEntryPoint"
    auto-config="true">
    <security:intercept-url pattern="/**" access="ROLE_USER"></security:intercept-url>
    <security:custom-filter position="CAS_FILTER"
        ref="casAuthenticationFilter"></security:custom-filter>
</security:http>

<!-- Required for the casProcessingFilter, so define it explicitly set and 
    specify an Id Even though the authenticationManager is created by default 
    when namespace based config is used. -->
<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider
        ref="casAuthenticationProvider"></security:authentication-provider>
</security:authentication-manager>

<!-- This section is used to configure CAS. The service is the actual redirect 
    that will be triggered after the CAS login sequence. -->
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
    <property name="service"
        value="https://localhost:8443/cas/j_spring_cas_security_check"></property>
    <property name="sendRenew" value="false"></property>
</bean>

<!-- The CAS filter handles the redirect from the CAS server and starts 
    the ticket validation. -->
<bean id="casAuthenticationFilter"
    class="org.springframework.security.cas.web.CasAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager"></property>
</bean>

<!-- The entryPoint intercepts all the CAS authentication requests. It redirects 
    to the CAS loginUrl for the CAS login page. -->
<bean id="casAuthenticationEntryPoint"
    class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
    <property name="loginUrl" value="https://localhost:8443/cas/login"></property>
    <property name="serviceProperties" ref="serviceProperties"></property>
</bean>

<!-- Handles the CAS ticket processing. -->
<bean id="casAuthenticationProvider"
    class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
    <property name="userDetailsService" ref="userService"></property>
    <property name="serviceProperties" ref="serviceProperties"></property>
    <property name="ticketValidator">
        <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
            <constructor-arg index="0" value="https://localhost:8443/cas">
            </constructor-arg>
        </bean>
    </property>
    <property name="key" value="cas"></property>
</bean>

<!-- The users available for this application. -->
<security:user-service id="userService">
    <security:user name="user" password="user" authorities="ROLE_USER"></security:user>
</security:user-service>

我将不胜感激任何帮助!

以上代码来自以下教程:http ://www.oudmaijer.com/2009/12/28/spring-3-spring-security-3-cas-3-3-4-integration/

更新:这是网络流(取自 Firebug):

  1. 用户点击https://localhost:8443/SpringMVC_CAS/secure/index.jsp

  2. 浏览器执行“302 临时移动”/myapp/secure/index.jsp

  3. CAS 提示登录https://localhost:8443/cas/login?service=https%3A%2F%2Flocalhost%3A8443%2Fcas%2Fj_spring_cas_security_check

  4. https://localhost:8443/cas/j_spring_cas_security_check?ticket=ST-17-RHf3OTJXAWePgzVGP2nc-cas

  5. 浏览器显示https://localhost:8443/cas/login?ticket=ST-17-RHf3OTJXAWePgzVGP2nc-cas

4

1 回答 1

4

你可以通过添加AuthenticationSuccessHandler这样的来做到这一点:

<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationFailureHandler">
        <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
            <property name="defaultFailureUrl" value="/casfailed.jsp"/>
        </bean>
    </property>
    <property name="authenticationSuccessHandler">
        <bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
            <property name="defaultTargetUrl" value="/"/>
        </bean>
    </property>
</bean>

如果您也将 alwaysUseDefaultTargetUrl 属性设置为 true,则 defaultTargetUrl 将用于目标,否则将在身份验证过程开始之前重定向到原始目标。

也可以看看:

于 2012-11-21T16:35:31.677 回答