[英]Spring security Authentication with cas but Authorization with database
I already managed to authenticate against CAS. 我已经设法通过CAS进行身份验证。 But I want to adjust it to authorize the roles against lost DB. 但是我想对其进行调整以授权角色针对丢失的数据库。
A practical example would help. 一个实际的例子会有所帮助。 Thats my current configuration: 那就是我当前的配置:
Security.xml Security.xml
<?xml version="1.0" encoding="UTF-8"?>
<bean:beans xmlns:bean="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http pattern="/resources/**" security="none"/>
<http use-expressions="true" entry-point-ref="casEntryPoint">
<intercept-url pattern="/"
access="permitAll"/>
<intercept-url pattern="/login/*"
access="permitAll"/>
<intercept-url pattern="/logout"
access="permitAll"/>
<intercept-url pattern="/errors/**"
access="permitAll"/>
<intercept-url pattern="/events/"
access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/admin/**"
access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/**"
access="hasRole('ROLE_USER')"/>
<access-denied-handler error-page="/errors/403"/>
<custom-filter ref="casFilter" position="CAS_FILTER"/>
<logout logout-url="/logout"
logout-success-url="/login/form?logout"/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthProvider" />
</authentication-manager>
<user-service id="userDetailsService">
<user name="user1@example.com"
password="user1"
authorities="ROLE_USER"/>
<user name="admin1@example.com"
password="admin1"
authorities="ROLE_USER,ROLE_ADMIN"/>
<user name="ifridman"
password="idan"
authorities="ROLE_USER,ROLE_ADMIN"/>
</user-service>
</bean:beans>
Security-cas.xml: 安全性cas.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:task="http://www.springframework.org/schema/task"
xsi:schemaLocation="http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
<bean id="serviceProperties"
class="org.springframework.security.cas.ServiceProperties">
<property name="service"
value="http://${cas.service.host}/calendar/login"/>
</bean>
<!--
Allows changing where the CAS Server and CAS Service are easily
by specifying System Arguments or replacing the values only in one place.
Could also use external properties file -->
<context:property-placeholder
system-properties-mode="OVERRIDE" properties-ref="environment"/>
<util:properties id="environment">
<prop key="cas.service.host">192.168.108.195:8080</prop>
<prop key="cas.server.host">192.168.2.101:8443</prop>
</util:properties>
<!-- sends to the CAS Server, must be in entry-point-ref of security.xml -->
<bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="serviceProperties" ref="serviceProperties"/>
<property name="loginUrl" value="http://${cas.server.host}/cas/login" />
</bean>
<!-- authenticates CAS tickets, must be in custom-filter of security.xml -->
<bean id="casFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="filterProcessesUrl" value="/login"/>
</bean>
<bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="ticketValidator" ref="ticketValidator"/>
<property name="serviceProperties" ref="serviceProperties"/>
<property name="key" value="casJbcpCalendar"/>
<property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/>
</bean>
<bean id="ticketValidator" class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator">
<constructor-arg value="http://${cas.server.host}/cas" />
</bean>
<bean id="authenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<constructor-arg ref="userDetailsService" />
</bean>
</beans>
thanks, ray. 谢谢,雷。
我通过实现UserDetailsService并管理自己的授权逻辑来做到这一点。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.