Spring Security整合CAS的示例代码
程序员文章站
2023-12-20 19:15:58
这里使用的是spring-security和原生的jasig cas包来进行整合,为什么没有直接使用spring提供的spring-security-cas,后面会进行解释...
这里使用的是spring-security和原生的jasig cas包来进行整合,为什么没有直接使用spring提供的spring-security-cas,后面会进行解释。
配置
web.xml
<filter> <filter-name>casfilterchain</filter-name> <filter-class>org.springframework.web.filter.delegatingfilterproxy</filter-class> </filter> <filter-mapping> <filter-name>casfilterchain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.jasig.cas.client.session.singlesignouthttpsessionlistener</listener-class> </listener>
applicationcontext-security.xml
<?xml version="1.0" encoding="utf-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:security="http://www.springframework.org/schema/security" xmlns:util="http://www.springframework.org/schema/util" xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"> <bean id="casfilterchain" class="org.springframework.security.web.filterchainproxy"> <constructor-arg> <util:list> <security:filter-chain pattern="/**" filters="singlesignoutfilter, cas20proxyreceivingticketvalidationfilter, authenticationfilter, httpservletrequestwrapperfilter, assertionthreadlocalfilter"/> </util:list> </constructor-arg> </bean> <bean id="singlesignoutfilter" class="org.jasig.cas.client.session.singlesignoutfilter"/> <bean id="cas20proxyreceivingticketvalidationfilter" class="org.jasig.cas.client.validation.cas20proxyreceivingticketvalidationfilter"> <property name="servername" value="${client.url}"/> <property name="ticketvalidator" ref="cas20serviceticketvalidator"/> </bean> <bean id="cas20serviceticketvalidator" class="org.jasig.cas.client.validation.cas20serviceticketvalidator"> <constructor-arg value="${cas.url}"/> <property name="renew" value="false"/> </bean> <bean id="authenticationfilter" class="org.jasig.cas.client.authentication.authenticationfilter"> <property name="renew" value="false"/> <property name="casserverloginurl" value="${cas.url}"/> <property name="servername" value="${client.url}"/> </bean> <bean id="httpservletrequestwrapperfilter" class="org.jasig.cas.client.util.httpservletrequestwrapperfilter"/> <bean id="assertionthreadlocalfilter" class="org.jasig.cas.client.util.assertionthreadlocalfilter"/> </beans>
properties
#cas服务地址 cas.url=https://cas.example.com:8443 #cas客户端地址,就是本应用的地址 client.url=http://localhost:8080
分析
在applicationcontext-security.xml中的security filter chain中,我们使用了5个filter,分别是:singlesignoutfilter、cas20proxyreceivingticketvalidationfilter、authenticationfilter、httpservletrequestwrapperfilter、assertionthreadlocalfilter。
为什么不用spring-security-cas
spring-security-cas
在spring-security-cas中负责ticket validator filter使用的是org.springframework.security.cas.authentication.casauthenticationprovider。
private casauthenticationtoken authenticatenow(final authentication authentication) throws authenticationexception { try { final assertion assertion = this.ticketvalidator.validate(authentication.getcredentials().tostring(), getserviceurl(authentication)); ...
在构建validator的validator方法的第二个参数时
private string getserviceurl(authentication authentication) { string serviceurl; if(authentication.getdetails() instanceof serviceauthenticationdetails) { serviceurl = ((serviceauthenticationdetails)authentication.getdetails()).getserviceurl(); }else if(serviceproperties == null){ throw new illegalstateexception("serviceproperties cannot be null unless authentication.getdetails() implements serviceauthenticationdetails."); }else if(serviceproperties.getservice() == null){ throw new illegalstateexception("serviceproperties.getservice() cannot be null unless authentication.getdetails() implements serviceauthenticationdetails."); }else { serviceurl = serviceproperties.getservice(); } if(logger.isdebugenabled()) { logger.debug("serviceurl = "+serviceurl); } return serviceurl; }
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。