Spring Security配置文件
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
<b:bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
<b:property name="driverClassName" value="com.mysql.jdbc.Driver" />
<b:property name="url" value="jdbc:mysql://localhost:3306/phpbb3" />
<b:property name="username" value="root" />
<b:property name="password" value="123" />
</b:bean>
<http entry-point-ref="casProcessingFilterEntryPoint"
access-denied-page="/accessDenied.jsp">
<intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/welcome.jsp" access="ROLE_ADMIN"/>
<intercept-url pattern="/other.jsp" access="ROLE_ADMIN"/>
<logout logout-success-url="http://localhost:8080/cas/logout" />
<remember-me data-source-ref="dataSource" />
<anonymous />
<concurrent-session-control max-sessions="1" />
</http>
<authentication-provider>
<password-encoder hash="md5" />
<jdbc-user-service id="jdbcUserService" cache-ref="userCache"
data-source-ref="dataSource"
users-by-username-query="select username,user_password,user_enable
from phpbb_users
where username=?"
authorities-by-username-query="select username,user_role
from phpbb_users
where username=?" />
</authentication-provider>
<authentication-manager alias="authenticationManager" />
<b:bean id="casProcessingFilter"
class="org.springframework.security.ui.cas.CasProcessingFilter">
<custom-filter after="CAS_PROCESSING_FILTER" />
<b:property name="authenticationManager" ref="authenticationManager" />
<b:property name="defaultTargetUrl" value="http://localhost:8080/TestSSO/index.jsp" />
</b:bean>
<b:bean id="casProcessingFilterEntryPoint"
class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">
<b:property name="loginUrl" value="http://localhost:8080/cas" />
<b:property name="serviceProperties" ref="casServiceProperties" />
</b:bean>
<b:bean id="casServiceProperties"
class="org.springframework.security.ui.cas.ServiceProperties">
<b:property name="service"
value="http://localhost:8080/TestSSO/j_spring_cas_security_check" />
<b:property name="sendRenew" value="false" />
</b:bean>
<b:bean id="casAuthenticationProvider"
class="org.springframework.security.providers.cas.CasAuthenticationProvider">
<custom-authentication-provider />
<b:property name="userDetailsService" ref="jdbcUserService" />
<b:property name="serviceProperties" ref="casServiceProperties" />
<b:property name="ticketValidator">
<b:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<b:constructor-arg index="0"
value="http://localhost:8080/cas" />
</b:bean>
</b:property>
<b:property name="key" value="TestSSO" />
</b:bean>
<!-- cacher for userinfo -->
<b:bean id="userCache"
class="org.springframework.security.providers.dao.cache.EhCacheBasedUserCache">
<b:property name="cache" ref="userEhCache" />
</b:bean>
<b:bean id="userEhCache"
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<b:property name="cacheManager" ref="cacheManager" />
<b:property name="cacheName" value="userCache" />
</b:bean>
<b:bean id="cacheManager"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
</b:beans>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
<b:bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
<b:property name="driverClassName" value="com.mysql.jdbc.Driver" />
<b:property name="url" value="jdbc:mysql://localhost:3306/phpbb3" />
<b:property name="username" value="root" />
<b:property name="password" value="123" />
</b:bean>
<http entry-point-ref="casProcessingFilterEntryPoint"
access-denied-page="/accessDenied.jsp">
<intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/welcome.jsp" access="ROLE_ADMIN"/>
<intercept-url pattern="/other.jsp" access="ROLE_ADMIN"/>
<logout logout-success-url="http://localhost:8080/cas/logout" />
<remember-me data-source-ref="dataSource" />
<anonymous />
<concurrent-session-control max-sessions="1" />
</http>
<authentication-provider>
<password-encoder hash="md5" />
<jdbc-user-service id="jdbcUserService" cache-ref="userCache"
data-source-ref="dataSource"
users-by-username-query="select username,user_password,user_enable
from phpbb_users
where username=?"
authorities-by-username-query="select username,user_role
from phpbb_users
where username=?" />
</authentication-provider>
<authentication-manager alias="authenticationManager" />
<b:bean id="casProcessingFilter"
class="org.springframework.security.ui.cas.CasProcessingFilter">
<custom-filter after="CAS_PROCESSING_FILTER" />
<b:property name="authenticationManager" ref="authenticationManager" />
<b:property name="defaultTargetUrl" value="http://localhost:8080/TestSSO/index.jsp" />
</b:bean>
<b:bean id="casProcessingFilterEntryPoint"
class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">
<b:property name="loginUrl" value="http://localhost:8080/cas" />
<b:property name="serviceProperties" ref="casServiceProperties" />
</b:bean>
<b:bean id="casServiceProperties"
class="org.springframework.security.ui.cas.ServiceProperties">
<b:property name="service"
value="http://localhost:8080/TestSSO/j_spring_cas_security_check" />
<b:property name="sendRenew" value="false" />
</b:bean>
<b:bean id="casAuthenticationProvider"
class="org.springframework.security.providers.cas.CasAuthenticationProvider">
<custom-authentication-provider />
<b:property name="userDetailsService" ref="jdbcUserService" />
<b:property name="serviceProperties" ref="casServiceProperties" />
<b:property name="ticketValidator">
<b:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<b:constructor-arg index="0"
value="http://localhost:8080/cas" />
</b:bean>
</b:property>
<b:property name="key" value="TestSSO" />
</b:bean>
<!-- cacher for userinfo -->
<b:bean id="userCache"
class="org.springframework.security.providers.dao.cache.EhCacheBasedUserCache">
<b:property name="cache" ref="userEhCache" />
</b:bean>
<b:bean id="userEhCache"
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<b:property name="cacheManager" ref="cacheManager" />
<b:property name="cacheName" value="userCache" />
</b:bean>
<b:bean id="cacheManager"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
</b:beans>
Spring Security为CAS提供了支持, Spring Security 通过<%= request.getContextPath() %>/j_spring_cas_security_check
来提交表单 在结合CAS 该链接何以作为登录成功后service作为成功后跳转到哪里。
<%= request.getContextPath() %>/j_spring_security_logout 来退出某个用户的权限登录,结合cas后在XML中配置了
<http entry-point-ref="casProcessingFilterEntryPoint"
access-denied-page="/accessDenied.jsp">
<intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/welcome.jsp" access="ROLE_ADMIN"/>
<intercept-url pattern="/other.jsp" access="ROLE_ADMIN"/>
<logout logout-success-url="http://localhost:8080/cas/logout" />
<remember-me data-source-ref="dataSource" />
<anonymous />
<concurrent-session-control max-sessions="1" />
</http>
access-denied-page="/accessDenied.jsp">
<intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/welcome.jsp" access="ROLE_ADMIN"/>
<intercept-url pattern="/other.jsp" access="ROLE_ADMIN"/>
<logout logout-success-url="http://localhost:8080/cas/logout" />
<remember-me data-source-ref="dataSource" />
<anonymous />
<concurrent-session-control max-sessions="1" />
</http>
其中原本的<logout logout-success-url="http://localhost:8080/cas/logout" />是注销后跳转的页面,现在变成了注销后并且把我在CAS中的身份注销。