1

我正在编写一个应用程序,该应用程序需要对员工使用 CAS 身份验证,并为客户使用用户名/密码表单登录(根据数据库表进行验证)。

这个想法是首页会有一个链接,可以将它们发送给员工的 CAS(“如果您是员工,请单击此处”),并且在该用户名和密码框下方供非员工使用。

我有这两个在单独的测试应用程序中工作 - 基于 Spring Security 中的示例应用程序 - 但不清楚如何将两个 AuthenticationProviders 合并为一个。

当前配置 - 主要来自添加了表单配置的 CAS 配置:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"

       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                           http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">



  <!--Set up the url based security features-->
    <security:http entry-point-ref="casEntryPoint" use-expressions="true" >
        <security:custom-filter position="FORM_LOGIN_FILTER" ref="casFilter" />
        <security:logout logout-success-url="${cas.sso}/logout" />
        <security:access-denied-handler ref="accessDeniedHandler" />

<!-- Set up the form login -->
        <security:form-login login-page="/login.jsp" authentication-failure-     url="/login.jsp?login_error=1"/>

    </security:http>

    <!-- Specify a destinatation for 403 errors raised by the above URL patterns
        this is performed as a 'forward' internally    -->
    <bean id="accessDeniedHandler"
          class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
        <property name="errorPage" value="/error/403.html"/>
    </bean>

    <!--Hook in the properties for the CAS-->
    <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
        <property name="service" value="${cas.service}"/>
        <property name="sendRenew" value="true"/>
    </bean>

    <!--Set up the CAS filter-->
    <bean id="casFilter"
          class="org.springframework.security.cas.web.CasAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationFailureHandler" ref="accessFailureHandler" />
    </bean>

    <!-- Specify a destinatation for 401 errors raised by casFilter (and UserService) -->
    <bean id='accessFailureHandler'
          class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
        <property name="defaultFailureUrl" value="/error/401.html" />
        <property name="useForward" value='true' />
        <property name="allowSessionCreation" value="false" />
    </bean>

    <!--Set up the entry point for CAS-->
    <bean id="casEntryPoint"
          class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
        <property name="loginUrl" value="${cas.sso}"/>
        <property name="serviceProperties" ref="serviceProperties"/>
        <property name="encodeServiceUrlWithSessionId" value="false"/>
    </bean>

    <!--Setup authentication managers-->
    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider ref="casAuthenticationProvider"/>
        <security:authentication-provider ref="customAuthenticationProvider"/>
    </security:authentication-manager>

    <!-- Our own user details service, which hooks in to the database -->
    <bean id='userService' class='test.security.UserDetailsServiceImpl' />

    <!-- Enable annotations -->
     <security:global-method-security pre-post-annotations="enabled"/>

    <!--    Customise an auth provider with the local specifics-->
    <bean id="casAuthenticationProvider"
          class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
        <property name="userDetailsService" ref="userService"/>
        <property name="serviceProperties" ref="serviceProperties"/>
        <property name="ticketValidator">
            <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                <constructor-arg index="0" value="${cas.sso}"/>
            </bean>
        </property>
        <property name="key" value="testSSO"/>
    </bean>

<!-- Custom auth provider that validates usernames&pwds against DB -->
    <bean id="customAuthenticationProvider" class="test.security.CustomAuthenticationProvider" />    

</beans>

这给出了错误消息:

Filter beans '<casFilter>' and '<org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0>' have the same 'order' value.

如何将两个过滤器都放入链中?还是我需要编写自己的过滤器(不知何故?)知道正在选择哪种方法,然后委托相关的特定过滤器?

我是 Spring Security 的新手,所以有没有更好的方法来完全做到这一点?

谢谢!

4

1 回答 1

0

casFilter 必须放在 position=CAS_FILTER

于 2014-11-26T06:34:45.107 回答