目录
SpringSecurity3.X--一个简单实现
SpringSecurity3.X--前台与后台登录认证
SpringSecurity3.X--remember-me
SpringSecurity3.X--验证码
最近参照springsecury3.x的官方帮助文档,对cas客户端进行了配置,确实与springsecurity2.X的配置方式有很大区别,
下面给出SpringSecurity3.X的Cas client配置。
applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd" default-lazy-init="true"> <http entry-point-ref="casEntryPoint" access-decision-manager-ref="accessDecisionManager" access-denied-page="/access/denied.do" auto-config="false"> <intercept-url pattern="/demo.do*" access="IS_AUTHENTICATED_REMEMBERED" /> <intercept-url pattern="/**/*.do*" access="HODLE" /> <session-management> <concurrency-control max-sessions="1" expired-url="/access/same_login.do" error-if-maximum-exceeded="false" /> </session-management> <custom-filter position="CAS_FILTER" ref="casFilter" /> <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" /> <custom-filter ref="singleLogoutFilter" before="CAS_FILTER" /> </http> <!-- cas 认证过滤器 --> <beans:bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"> <beans:property name="authenticationManager" ref="authenticationManager" /> <beans:property name="authenticationFailureHandler" ref="authenticationFailureHandler" /> <beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" /> <beans:property name="filterProcessesUrl" value="/j_spring_cas_security_check" /> </beans:bean> <!-- cas 认证失败控制器 --> <beans:bean id="authenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> <beans:property name="defaultFailureUrl" value="/fail.jsp" /> </beans:bean> <!-- cas 认证成功控制器 --> <beans:bean id="authenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"> <beans:property name="alwaysUseDefaultTargetUrl" value="true" /> <beans:property name="defaultTargetUrl" value="/frame.do" /> </beans:bean> <!-- 注销客户端 --> <beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" /> <!-- 注销服务器端 --> <beans:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <beans:constructor-arg value="https://hello.cas.server:8443/BOSS_CAS_SERVER/logout" /> <beans:constructor-arg> <beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" /> </beans:constructor-arg> <beans:property name="filterProcessesUrl" value="/j_spring_cas_security_logout" /> </beans:bean> <!-- 登录成功后的返回地址 --> <beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"> <beans:property name="service" value="http://hello.cas.server:8081/spring/j_spring_cas_security_check" /> <beans:property name="sendRenew" value="false" /> </beans:bean> <!-- CAS认证切入点,声明cas服务器端登录的地址 --> <beans:bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"> <beans:property name="loginUrl" value="https://hello.cas.server:8443/BOSS_CAS_SERVER/login" /> <beans:property name="serviceProperties" ref="serviceProperties" /> </beans:bean> <!-- cas认证提供器,定义客户端的验证方式 --> <beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> <!-- 客户端只验证用户名是否合法 --> <beans:property name="authenticationUserDetailsService"> <beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper"> <beans:constructor-arg ref="userService" /> </beans:bean> </beans:property> <beans:property name="serviceProperties" ref="serviceProperties" /> <beans:property name="ticketValidator"> <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <beans:constructor-arg index="0" value="https://hello.cas.server:8443/BOSS_CAS_SERVER" /> </beans:bean> </beans:property> <beans:property name="key" value="an_id_for_this_auth_provider_only" /> </beans:bean> <!-- 在认证管理器中注册cas认证提供器 --> <authentication-manager alias="authenticationManager"> <authentication-provider ref="casAuthenticationProvider" /> </authentication-manager> <!-- 事件日志 --> <beans:bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener" /> <!-- 获取客户端用户 --> <beans:bean id="userService" class="com.piaoyi.common.security.UserService" /> <!-- 认证拦截器,用于客户端权限验证 --> <beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> <beans:property name="decisionVoters"> <beans:list> <beans:bean class="org.springframework.security.access.vote.RoleVoter" /> <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter" /> <beans:bean class="com.piaoyi.common.security.DynamicRoleVoter" /> </beans:list> </beans:property> </beans:bean> </beans:beans>
除了自定义了UserService(客户端用户验证)和DynamicRoleVoter(客户端权限投票器)外,其它均是springsecurity自己的组件。
关于上面两个类的实现,可以参考
SpringSecurity3.X--一个简单实现
另外,为了使注销生效,需要在web.xml中增加一个cas注销监听器,如下:
web.xml
<listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener>
ok,完成。