Coin163

首页 > acegi 作为 yale cas认证服务器的客户端在springside项目中的应用

acegi 作为 yale cas认证服务器的客户端在springside项目中的应用

相关标签: acegi cas springside

2020腾讯云10周年活动,优惠非常大!(领取2860元代金券),
地址https://cloud.tencent.com/act/cps/redirect?redirect=1040

2020阿里云最低价产品入口,含代金券(新老用户有优惠),
入口地址https://www.aliyun.com/minisite/goods

First,  Set SpringSide's web.xml,  we use Acegi CAS Filter:

     < filter-mapping >
         < filter-name > hibernateFilter filter-name >
         < url-pattern > /j_acegi_cas_security_check url-pattern >
     filter-mapping >

We Should Set Main ACEGI application Context:
1) filterChainProxy should add a cas filter as Acegi's Sample, but here, we reuse
authenticationProcessingFilter, which we act as cas client filter.

     < bean  id ="filterChainProxy"
          class ="org.acegisecurity.util.FilterChainProxy" >
         < property  name ="filterInvocationDefinitionSource" >
             < value >
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /**=httpSessionContextIntegrationFilter,anonymousProcessingFilter,authenticationProcessingFilter,rememberMeProcessingFilter,logoutFilter,channelProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor
             value >
         property >
     bean >


2) authenticationProcessingFilter, of course, play the most important role in this
applicationContext_acegi.xml.
In SpringSide,  /admin  is protected resource, so defaultTargetUrl protected it
and all those request to the target url must be authenticated by authenticationManager.

     < bean  id ="authenticationProcessingFilter"  class ="org.acegisecurity.ui.cas.CasProcessingFilter" >
         < property  name ="authenticationManager"  ref ="authenticationManager" />
         < property  name ="authenticationFailureUrl" >
             < value > /security/login.jsp?login_error=1 value>
         property>
        <property name="defaultTargetUrl">
            <value>/admin/ value>
         property>
        <property name="filterProcessesUrl">
            <value>/j_acegi_cas_security_check value>
         property>
        <property name="rememberMeServices" ref="rememberMeServices"/>
        <property name="exceptionMappings">
            <value>
                org.acegisecurity.userdetails.UsernameNotFoundException=/security/login.jsp?login_error=user_not_found_error
                org.acegisecurity.BadCredentialsException=/security/login.jsp?login_error=user_psw_error
                org.acegisecurity.concurrent.ConcurrentLoginException=/security/login.jsp?login_error=too_many_user_error
             value>
         property>
     bean>



3) Then, we set all the needed beans in CAS Filter

      
     < bean  id ="exceptionTranslationFilter"  class ="org.acegisecurity.ui.ExceptionTranslationFilter" >
         < property  name ="authenticationEntryPoint" >
             < ref  local ="casProcessingFilterEntryPoint" />
         property>
     bean>
    
   
    <bean id="casProcessingFilterEntryPoint" class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint">
        <property name="loginUrl"><value>https://sourcesite:8443/cas/login value> property>
        <property name="serviceProperties"><ref local="serviceProperties"/> property>
     bean>
    
    <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
        <property name="providers">
            <list>
                <ref local="casAuthenticationProvider"/>
             list>
         property>
     bean>
    
    <bean id="casAuthenticationProvider" class="org.acegisecurity.providers.cas.CasAuthenticationProvider">
        <property name="casAuthoritiesPopulator"><ref bean="casAuthoritiesPopulator"/> property>
        <property name="casProxyDecider"><ref local="casProxyDecider"/> property>
        <property name="ticketValidator"><ref local="casProxyTicketValidator"/> property>
        <property name="statelessTicketCache"><ref local="statelessTicketCache"/> property>
        <property name="key"><value>my_password_for_this_auth_provider_only value> property>
     bean>
    <bean id="casProxyTicketValidator" class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">
        <property name="casValidate"><value>https://sourcesite:8443/cas/proxyValidate value> property>
        <property name="serviceProperties"><ref local="serviceProperties"/> property>
     bean>
    
    <bean id="casProxyDecider" class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets" />
    
    <bean id="serviceProperties" class="org.acegisecurity.ui.cas.ServiceProperties">
        <property name="service">
            <value>http://gzug:8080/springside/j_acegi_cas_security_check value>
         property>
        <property name="sendRenew">
            <value>false value>
         property>
     bean>
    
    <bean id="statelessTicketCache" class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache">
        <property name="cache">
            <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
                <property name="cacheManager">
                    <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
                 property>
                <property name="cacheName" value="userCache"/>
             bean>
         property>
     bean>
    
    <bean id="casAuthoritiesPopulator" class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator">
        <property name="userDetailsService"><ref local="jdbcDaoImpl"/> property>
     bean>

    <bean id="casProcessingFilter" class="org.acegisecurity.ui.cas.CasProcessingFilter">
        <property name="authenticationManager"><ref local="authenticationManager"/> property>
        <property name="authenticationFailureUrl"><value>/casfailed.jsp value> property>
        <property name="defaultTargetUrl"><value>/ value> property>
        <property name="filterProcessesUrl"><value>/j_acegi_cas_security_check value> property>
     bean>


casProcessingFilterEntryPoint is very critical,
loginUrl is the CAS Server's /login url, you should set up your CAS Server(2.0 or 3.0) and config for
those JKS keystore after enable SSL in Tomcat(Tomcat 5.5/conf/server.xml) and place the cacerts that
have the CAS Server's public cert to Acegi Client's JDK/jre/lib/security/
Check serviceProperties to make sure that SpringSide Service url is config as /j_acegi_cas_security_check

because Yale CAS use ticket cache for SSO impl, so we should config for statelessTicketCache
Just use springframework's ehcache for cacheManager.

SpringSide use jdbcDaoImpl which perform database authentication. So I am very happy to use it
as casAuthoritiesPopulator , which will set use detail for the user. And these info are very useful for
application authorization.

     < bean  id ="jdbcDaoImpl"
          class ="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl" >
         < property  name ="dataSource"  ref ="dataSource" />
         < property  name ="usersByUsernameQuery" >
             < value >
                select loginid,passwd,1 from ss_users where status='1' and loginid = ?
             value>
         property>
        <property name="authoritiesByUsernameQuery">
            <value>
                select u.loginid,p.name from ss_users u,ss_roles r,ss_permissions
                p,ss_user_role ur,ss_role_permis rp where u.id=ur.user_id and
                r.id=ur.role_id and p.id=rp.permis_id and
                r.id=rp.role_id and p.status='1' and u.loginid=?
             value>
         property>
     bean>


There is little difference between casclient 2.0.12 and Acegi, right?

Note that in my env, gzug:8080/springside is bookstore webapp
and sourcesite:8443 is the CAS 3 Server.

Hope for suggestion.....

 



Trackback: http://tb.blog.csdn.net/TrackBack.aspx?PostId=1503506


原文

First,  Set SpringSide's web.xml,  we use Acegi CAS Filter:      < filter-mapping >          < filter-name > hibernateFilter filter-name >          < url-pattern > /j_acegi_cas_sec

------分隔线----------------------------
相关推荐