Spring Security整合CAS的示例代码

Spring Security整合CAS的示例代码

这里使用的是spring-security和原生的jasig cas包来进行整合，为什么没有直接使用spring提供的spring-security-cas，后面会进行解释。

配置

web.xml

casFilterChain

org.springframework.web.filter.DelegatingFilterProxy

&ltMyWwPd;filter-mapping>

casFilterChain

/*

org.jasig.cas.client.session.SingleSignOutHttpSessionListener

applicationContext-security.xml

xmlns:xsi="http://w3.org/2001/XMLSchema-instance"

xmlns:security="http://springframework.org/schema/security"

xmlns:util="http://springframework.org/schema/util"

xsi:schemaLocation="http://springframework.org/schema/beans http://springframework.org/schema/beans/spring-beans.xsd

http://springframework.org/schema/security

http://springframework.org/schema/security/spring-security-3.2.xsd http://springframework.org/schema/util http://springframework.org/MyWwPdschema/util/spring-util.xsd">

<bean id="cas20ProxyReceivingTicketValidationFilter"

class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter">

xmlns:xsi="http://w3.org/2001/XMLSchema-instance"

xmlns:security="http://springframework.org/schema/security"

xmlns:util="http://springframework.org/schema/util"

xsi:schemaLocation="http://springframework.org/schema/beans http://springframework.org/schema/beans/spring-beans.xsd

http://springframework.org/schema/security

http://springframework.org/schema/security/spring-security-3.2.xsd http://springframework.org/schema/util http://springframework.org/MyWwPdschema/util/spring-util.xsd">

<bean id="cas20ProxyReceivingTicketValidationFilter"

class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter">

properties

#CAS服务地址

cas.url=https://cas.example.com:8443

#CAS客户端地址，就是本应用的地址

client.url=http://localhost:8080

分析

在applicationContext-security.xml中的security filter chain中，我们使用了5个filter，分别是：singleSignOutFilter、cas20ProxyReceivingTicketValidationFilter、authenticationFilter、httpServletRequestWrapperFilter、assertionThreadLocalFilter。

为什么不用spring-security-cas

spring-security-cas

在spring-security-cas中负责ticket validator filter使用的是org.springframework.security.cas.authentication.CasAuthenticationProvider。

private CasAuthenticationToken authenticateNow(final Authentication authentication) throws AuthenticationException {

try {

final Assertion assertion = this.ticketValidator.validate(authentication.getCredentials().toString(), getServiceUrl(authentication));

...

在构建validator的validator方法的第二个参数时

private String getServiceUrl(Authentication authentication) {

String serviceUrl;

if(authentication.getDetails() instanceof ServiceAuthenticationDetails) {

serviceUrl = ((ServiceAuthenticationDetails)authentication.getDetails()).getServiceUrl();

}else if(serviceProperties == null){

throw new IllegalStateException("serviceProperties cannot be null unless Authentication.getDetails() implements ServiceAuthenticationDetails.");

}else if(serviceProperties.getService() == null){

throw new IllegalStateException("serviceProperties.getService() cannot be null unless Authentication.getDetails() implements ServiceAuthenticationDetails.");

}else {

serviceUrl = serviceProperties.getService();

}

if(logger.isDebugEnabled()) {

logger.debug("serviceUrl = "+serviceUrl);

}

return serviceUrl;

}

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。