OpenJWeb平台Spring Security+CAS SSO的配置

迷途d书童 发布于 2012/03/09 12:19
阅读 1K+
收藏 0

CAS Server的搭建就不用介绍了,这里介绍一下OpenJWeb平台中Spring Security如何与CAS集成.Spring security集成CAS的官方例子可从https://src.springframework.org/svn/spring-security/trunk/samples/cas/client/src/main/webapp下载,但是这个例子过于简单,权限ID是配置在xml中,而本文介绍的配置,权限ID是存储在数据库中的.下面是配置的applicationContext-security.xml(这个配置已测通):

 

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:sec="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
  
    <sec:http entry-point-ref="casProcessingFilterEntryPoint">
        <sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR" requires-channel="https"/>
  <sec:intercept-url pattern="/secure/**" access="ROLE_USER" />  
        <sec:logout logout-success-url="/index.jsp"/>
    </sec:http>
 
    <sec:authentication-manager alias="authenticationManager"/>

    <bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">
        <sec:custom-filter after="CAS_PROCESSING_FILTER"/>
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationFailureUrl" value="/casfailed.jsp"/>
        <property name="defaultTargetUrl" value="/comm/index.action?operate=selectPageList"/>
        <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
        <property name="proxyReceptorUrl" value="/secure/receptor" />
       
    </bean>

    <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">
        <property name="loginUrl" value="https://casserver.haoyisheng.com:8443/cas/login"/>
        <property name="serviceProperties" ref="serviceProperties"/>
    </bean>

    <bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
        <sec:custom-authentication-provider />
        <property name="userDetailsService" ref="userDetailsService"/>
        <property name="serviceProperties" ref="serviceProperties" />
        <property name="ticketValidator">
         <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
          <constructor-arg index="0" value="https://casserver.haoyisheng.com:8443/cas" />
          <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
             <property name="proxyCallbackUrl" value="https://bzwang.haoyisheng.com:8443/crm/secure/receptor" /> 
           
            </bean>
        </property>
        <property name="key" value="an_id_for_this_auth_provider_only"/>
    </bean>
   
    <bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />

    <bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
        <property name="service" value="https://bzwang.haoyisheng.com:8443/crm/j_spring_cas_security_check"/>
        <property name="sendRenew" value="false"/>
    </bean>
 
   <bean id="daoAuthenticationProvider"
  class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
  <property name="userDetailsService" ref="userDetailsService" />
  <property name="userCache" ref="userCache" />
  <property name="passwordEncoder" ref="passwordEncoder" />
 </bean>
 <bean id="passwordEncoder"
  class="org.springframework.security.providers.encoding.Md5PasswordEncoder" />
 <bean id="userDetailsService"
  class="org.openjweb.core.springsecurity.UserDetailsServiceImpl">
  <constructor-arg>
   <ref bean="IBaseDao3" />
  </constructor-arg>
 </bean>

 <bean id="userCache"
  class="org.springframework.security.providers.dao.cache.EhCacheBasedUserCache">
  <property name="cache" ref="userCacheBacked" />
 </bean>

 <bean id="userCacheBacked"
  class="org.springframework.cache.ehcache.EhCacheFactoryBean">
  <property name="cacheManager" ref="cacheManager" />
  <property name="cacheName" value="userCache" />
 </bean>

 <bean id="cacheManager"
  class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
  <property name="configLocation"
   value="classpath:ehcache-security.xml" />
 </bean>
 <bean id="filterSecurityInterceptor"
  class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
  <sec:custom-filter before="FILTER_SECURITY_INTERCEPTOR" />
  <property name="authenticationManager"
   ref="authenticationManager" />
  <property name="accessDecisionManager"
   ref="accessDecisionManager" />
  <property name="alwaysReauthenticate" value="true" />
  <property name="objectDefinitionSource"
   ref="databaseFilterInvocationDefinitionSource" />
 </bean>
 <bean id="accessDecisionManager"
  class="org.springframework.security.vote.AffirmativeBased">
  <property name="decisionVoters">
   <list>
    <bean
     class="org.springframework.security.vote.RoleVoter">
     <property name="rolePrefix" value="" />
    </bean>
   </list>
  </property>
 </bean>
 <bean id="databaseFilterInvocationDefinitionSource"
  class="org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource">
  <constructor-arg
   type="org.springframework.security.util.UrlMatcher"
   ref="antUrlPathMatcher" />
  <constructor-arg type="java.util.LinkedHashMap" ref="requestMap" />
 </bean>

 <bean id="antUrlPathMatcher"
  class="org.springframework.security.util.AntUrlPathMatcher" />

 <bean id="requestMap"
  class="org.openjweb.core.springsecurity.RequestMapFactoryBean"
  init-method="init">
  
 </bean>

</beans>

 

说明:(1)SSO认证入口为/secure/index.jsp,这个文件有个重定向语句,作用是当SSO认证通过后跳转到系统主页面.在测试过程中发现只有访问/secure目录下jsp才自动到cas server认证,sec:intercept-url 配置其他的目录不跳转到cas server进行认证,不知道是什么原因.

(2) cas server采用3.3.2版本

(3)client端为cas-client-core-3.1.3.jar

 

作者QQ:29803446

Msn:baozhengw999@hotmail.com

 

 

 

 

 


原文链接:http://blog.csdn.net/baozhengw/article/details/4188972
加载中
返回顶部
顶部