本文档详细介绍了如何在Spring Security中集成CAS(Central Authentication Service)以实现单点登录功能。配置包括在pom.xml中引入相关依赖,如spring-security-cas和cas-client-core,并在security.xml中设置登录入口、认证过滤器、登出过滤器以及相关Bean的配置。登录认证流程涉及CasAuthenticationEntryPoint、CasAuthenticationFilter、CasAuthenticationManager和CasAuthenticationProvider等组件,同时配置了服务属性和服务Ticket验证。此外,还展示了web.xml中配置的单点登出监听器。整个配置过程旨在确保用户能够通过CAS Server进行统一认证并实现单点登出功能。
pom.xml增加
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
</dependency>
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.4.1</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency>
security.xml
<!-- 指定登录入口为casEntryPoint --> <http auto-config="true" use-expressions="true" entry-point-ref="casEntryPoint">
<custom-filter ref="casAuthenticationFilter" position="CAS_FILTER"/>
<!-- 请求登出Cas Server的过滤器,放在Spring Security的登出过滤器之前 -->
<!-- <custom-filter ref="requestCasLogoutFilter" before="LOGOUT_FILTER"/>-->
<!-- SingleSignOutFilter放在CAS_FILTER之前 -->
<custom-filter ref="casLogoutFilter" before="CAS_FILTER"/>
<!-- 认证入口开始-->
<b:bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<!-- Cas Server的登录地址 -->
<b:property name="loginUrl" value="https://signinuat.midea.com/login"/>
<!-- service相关的属性 -->
<b:property name="serviceProperties" ref="serviceProperties"/>
</b:bean>
<!-- 指定service相关信息 -->
<b:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<!-- Cas Server认证成功后的跳转地址,这里要跳转到我们的Spring Security应用,之后会由CasAuthenticationFilter处理,默认处理地址为/j_spring_cas_security_check -->
<b:property name="service" value="http://localhost:8080/dam/j_spring_cas_security_check"/>
</b:bean>
<b:bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<b:property name="authenticationManager" ref="casAuthenticationManager" />
<!-- 指定处理地址,不指定时默认将会是“/j_spring_cas_security_check” -->
<b:property name="filterProcessesUrl" value="/j_spring_cas_security_check" />
<b:property name="authenticationSuccessHandler" ref="loginSuccessHandler" />
<b:property name="authenticationFailureHandler" ref="loginFailureHandler" />
</b:bean>
<b:bean id="casAuthenticationManager" class="org.springframework.security.authentication.ProviderManager">
<b:constructor-arg index="0">
<b:list>
<b:ref bean="casAuthenticationProvider"/>
</b:list>
</b:constructor-arg>
</b:bean>
<b:bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<!-- 通过username来加载UserDetails -->
<b:property name="authenticationUserDetailsService">
<b:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<!-- 真正加载UserDetails的UserDetailsService实现 -->
<b:constructor-arg ref="datablauUserDetailsService"/>
</b:bean>
</b:property>
<b:property name="serviceProperties" ref="serviceProperties"/>
<!-- 配置TicketValidator在登录认证成功后验证ticket -->
<b:property name="ticketValidator">
<b:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<!-- Cas Server访问地址的前缀,即根路径-->
<b:constructor-arg index="0" value="https://signinuat.midea.com"/>
</b:bean>
</b:property>
<b:property name="key" value="abcdefg"/>
</b:bean>
<!-- 登录认证结束-->
<!-- 单点登出 开始 -->
<b:bean id="casLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
在web.xml
<listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener>
扫一扫
4046
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
