0

我已经设法通过 CAS 进行身份验证。但我想对其进行调整以授权角色针对丢失的数据库。

一个实际的例子会有所帮助。那是我目前的配置:

安全.xml

<?xml version="1.0" encoding="UTF-8"?>
<bean:beans xmlns:bean="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <http pattern="/resources/**" security="none"/>
    <http use-expressions="true" entry-point-ref="casEntryPoint">
        <intercept-url pattern="/"
                access="permitAll"/>
        <intercept-url pattern="/login/*"
                access="permitAll"/>
        <intercept-url pattern="/logout"
                access="permitAll"/>
        <intercept-url pattern="/errors/**"
                access="permitAll"/>
        <intercept-url pattern="/events/"
                access="hasRole('ROLE_ADMIN')"/>
        <intercept-url pattern="/admin/**"
                access="hasRole('ROLE_ADMIN')"/>
        <intercept-url pattern="/**"
                access="hasRole('ROLE_USER')"/>
        <access-denied-handler error-page="/errors/403"/>

        <custom-filter ref="casFilter" position="CAS_FILTER"/>

        <logout logout-url="/logout"
                logout-success-url="/login/form?logout"/>
    </http>
    <authentication-manager alias="authenticationManager">
        <authentication-provider ref="casAuthProvider" />
    </authentication-manager>
    <user-service id="userDetailsService">
        <user name="user1@example.com"
                password="user1"
                authorities="ROLE_USER"/>
        <user name="admin1@example.com"
                password="admin1"
                authorities="ROLE_USER,ROLE_ADMIN"/>
        <user name="ifridman"
              password="idan"
              authorities="ROLE_USER,ROLE_ADMIN"/>
    </user-service>
</bean:beans>

安全-cas.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:util="http://www.springframework.org/schema/util"
    xmlns:task="http://www.springframework.org/schema/task"
    xsi:schemaLocation="http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.1.xsd
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">

    <bean id="serviceProperties"
            class="org.springframework.security.cas.ServiceProperties">
        <property name="service"
                value="http://${cas.service.host}/calendar/login"/>
    </bean>
    <!--
        Allows changing where the CAS Server and CAS Service are easily
        by specifying System Arguments or replacing the values only in one place.
        Could also use external properties file -->
    <context:property-placeholder
            system-properties-mode="OVERRIDE" properties-ref="environment"/>
    <util:properties id="environment">
        <prop key="cas.service.host">192.168.108.195:8080</prop>
        <prop key="cas.server.host">192.168.2.101:8443</prop>
    </util:properties>

    <!-- sends to the CAS Server, must be in entry-point-ref of security.xml -->
    <bean id="casEntryPoint"
        class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
        <property name="serviceProperties" ref="serviceProperties"/>
        <property name="loginUrl" value="http://${cas.server.host}/cas/login" />
    </bean>

    <!-- authenticates CAS tickets, must be in custom-filter of security.xml -->
    <bean id="casFilter"
        class="org.springframework.security.cas.web.CasAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="filterProcessesUrl" value="/login"/>
    </bean>

    <bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
        <property name="ticketValidator" ref="ticketValidator"/>
        <property name="serviceProperties" ref="serviceProperties"/>
        <property name="key" value="casJbcpCalendar"/>
        <property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/>
    </bean>

    <bean id="ticketValidator" class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator">
        <constructor-arg value="http://${cas.server.host}/cas" />
    </bean>
    <bean id="authenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
        <constructor-arg ref="userDetailsService" />
    </bean>
</beans>

谢谢,雷。

4

1 回答 1

-1

我设法通过实现 UserDetailsS​​ervice 并管理我自己的授权逻辑来做到这一点。

于 2013-10-24T14:14:34.400 回答