SpringSecurity3整合CAS实现单点登录
程序员文章站
2022-07-12 19:27:26
...
http://tonyaction.blog.51cto.com/227462/898173
SpringSecurity本身已经做好了与CAS的集成工作,只需要我们做简单配置就可以了
步骤1 spring-cas.xml配置文件内容如下(完整版)
- <?xml version="1.0" encoding="UTF-8"?>
- <beans:beans xmlns="http://www.springframework.org/schema/security"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
- xmlns:beans="http://www.springframework.org/schema/beans"
- xsi:schemaLocation=" http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"
- default-lazy-init="true">
- <context:component-scan base-package="com.itec.core" />
- <!--SSO -->
- <http auto-config="false" entry-point-ref="casEntryPoint" servlet-api-provision="true">
- <intercept-url pattern="/login.do" filters="none" />
- <intercept-url pattern="/image.do" filters="none" />
- <intercept-url pattern="/admin/*.do*" access="ROLE_LOGIN" />
- <!-- logout-success-url="/login.html" -->
- <!-- <logout logout-url="/login.do" success-handler-ref="casLogoutSuccessHandler"/> -->
- <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
- <custom-filter position="FORM_LOGIN_FILTER" ref="casFilter"/>
- <custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />
- </http>
- <beans:bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
- <beans:property name="loginUrl" value="http://172.19.50.21:9083/HASLSSO/login"/>
- <beans:property name="serviceProperties" ref="serviceProperties"/>
- </beans:bean>
- <beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
- <beans:property name="service" value="http://172.19.4.225:8080/HACMS/j_spring_cas_security_check"/>
- <beans:property name="sendRenew" value="false"/>
- </beans:bean>
- <beans:bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
- <beans:property name="authenticationManager" ref="authenticationManager"/>
- </beans:bean>
- <authentication-manager alias="authenticationManager">
- <authentication-provider ref="casAuthenticationProvider"/>
- </authentication-manager>
- <beans:bean id="casAuthenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
- <beans:property name="userDetailsService" >
- <beans:ref bean="userDetailsManager" />
- </beans:property>
- </beans:bean>
- <beans:bean id="casAuthenticationProvider"
- class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
- <beans:property name="authenticationUserDetailsService" ref="casAuthenticationUserDetailsService"/>
- <beans:property name="serviceProperties" ref="serviceProperties" />
- <beans:property name="ticketValidator">
- <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
- <beans:constructor-arg index="0" value="http://172.19.50.21:9083/HASLSSO" />
- </beans:bean>
- </beans:property>
- <beans:property name="key" value="an_id_for_this_auth_provider_only"/>
- </beans:bean>
- <!-- 注销客户端 -->
- <beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />
- <!-- 注销服务器端 -->
- <beans:bean id="requestSingleLogoutFilter"
- class="org.springframework.security.web.authentication.logout.LogoutFilter">
- <beans:constructor-arg
- value="http://172.19.50.21:9083/HASLSSO/logout" />
- <beans:constructor-arg>
- <beans:bean
- class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
- </beans:constructor-arg>
- <beans:property name="filterProcessesUrl" value="/j_spring_cas_security_logout" />
- </beans:bean>
- </beans:beans>
步骤2 之前的UserDetailsManager不需要改任何代码
- @Service
- public class UserDetailsManager implements UserDetailsService {
步骤3 web.xml需要修改一点东西,不加载Security的配置文件就行了
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <!-- 使用工程本身验证 -->
- <param-value>/WEB-INF/spring-config.xml,/WEB-INF/spring-freemarker.xml,/WEB-INF/spring-jpa.xml,/WEB-INF/spring-security.xml</param-value>
- <!-- 使用 SSO 验证 -->
- <!-- <param-value>/WEB-INF/spring-config.xml,/WEB-INF/spring-freemarker.xml,/WEB-INF/spring-jpa.xml,/WEB-INF/spring-cas.xml</param-value> -->
- </context-param>
大功告成~!
本文出自 “绝缘材料” 博客,请务必保留此出处http://tonyaction.blog.51cto.com/227462/898173
上一篇: oracle数据泵导入导出
下一篇: Java之线程基础与并发同步
推荐阅读
-
详解可跨域的单点登录(SSO)实现方案【附.net代码】
-
PHPwind整合最土系统用户同步登录实现方法
-
关于Apache shiro实现一个账户同一时刻只有一个人登录(shiro 单点登录)
-
JQuery+Ajax+Struts2+Hibernate框架整合实现完整的登录注册
-
浅谈谁都能看懂的单点登录(SSO)实现方式(附源码)
-
Springboot整合微信小程序实现登录与增删改查
-
使用Spring Security OAuth2实现单点登录
-
Android端“被挤下线”功能的单点登录实现
-
Asp.Net Core基于Cookie实现同域单点登录(SSO)
-
php实现多站点共用session实现单点登录的方法详解