欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

Spring Security集成Cas后页面跳转问题 springjavaauthenticationcasspringframework 

程序员文章站 2024-02-24 21:26:04
...
问题描述:在集成cas后,如果在A应用里面直接调用B应用的某个页面,第一次点击的时候总是会跳转到B应用设置的默认页面,然后再点击的时候,才能跳转到正确的页面。

后来通过查看源码,发现
类:org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
        if (isAlwaysUseDefaultTargetUrl()) {
            return defaultTargetUrl;
        }

        // Check for the parameter and use that if available
        String targetUrl = request.getParameter(targetUrlParameter);
        ......
}

这个方法首先会判断是否设置了一直访问默认页面,如果false,则先获取request里面是否存在spring-security-redirect的参数,这个地址就是真正要跳转的URL;
	<!-- cas 认证成功控制器 -->
	<beans:bean id="authenticationSuccessHandler"
		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
		<beans:property name="alwaysUseDefaultTargetUrl" value="false" />
		<beans:property name="defaultTargetUrl" value="/index.htm" />
	</beans:bean>

这个配置改好后,接下这是怎么把spring-security-redirect带到url后面了,再看这个类CasAuthenticationEntryPoint
类:org.springframework.security.cas.web.CasAuthenticationEntryPoint
 public final void commence(final HttpServletRequest servletRequest, final HttpServletResponse response,
		final AuthenticationException authenticationException) throws IOException, ServletException {

	final String urlEncodedService = createServiceUrl(servletRequest, response);
	final String redirectUrl = createRedirectUrl(urlEncodedService);

	preCommence(servletRequest, response);

	response.sendRedirect(redirectUrl);
}

protected String createServiceUrl(final HttpServletRequest request, final HttpServletResponse response) {
	return CommonUtils.constructServiceUrl(null, response, this.serviceProperties.getService(), null,      this.serviceProperties.getArtifactParameter(), this.encodeServiceUrlWithSessionId);
}

这是验证未登录后,构建跳转的页面和参数(也就是登录页面)的处理方法,那在这里可以写一个类继承CasAuthenticationEntryPoint,重写createServiceUrl方法,spring-security-redirect的参数拼到redirectUrl后面,并且将当前请求url获取到;
自定义类:CasAuthenticationRedirect
public class CasAuthenticationRedirect extends CasAuthenticationEntryPoint{
	
	private String serviceUrlBak=null;
	
	@Override
	protected String createServiceUrl(final HttpServletRequest request, final HttpServletResponse response) {
		if(serviceUrlBak==null)
			serviceUrlBak=getServiceProperties().getService();
		if(serviceUrlBak!=null){
			String ctx=request.getContextPath();
			String queryString=request.getQueryString();
			String requestURI=request.getRequestURI();
			requestURI=requestURI.substring(requestURI.indexOf(ctx)+ctx.length(),requestURI.length());
			String serviceUrl="";
			if(!requestURI.equals("/") && requestURI.length()>0){
				serviceUrl="?"+AbstractAuthenticationTargetUrlRequestHandler.DEFAULT_TARGET_PARAMETER;
				serviceUrl+="="+requestURI;
				if(StringUtils.isNotBlank(queryString)){
					serviceUrl+="?"+queryString;
				}
			}
			getServiceProperties().setService(serviceUrlBak+serviceUrl);
		}
		return super.createServiceUrl(request, response);
    }	
}

最后再将配置改一下:
<beans:bean id="casEntryPoint" class="net.assertion.CasAuthenticationRedirect">
    ......
</beans:bean>

这样就OK了,   这是目前找到最简单的解决方法了,不过,感觉既然spring提供了spring-security-redirect这个参数,应该会有相应的配置可以实现这个功能吧,哎...,主要是英文文档看不懂......