JSP + Spring将忽略CAS Single Sign Out请求
[英]CAS Single Sign Out requests being ignored by JSP+Spring
问题描述
I've set up CAS for single sign on with my Spring+JSP webapp, but now I've found out that single sign out isn't actually logging me out of the applications. 
我已经使用Spring + JSP Webapp为单点登录设置了CAS,但是现在我发现单点退出实际上并没有使我退出应用程序。 I've confirmed that if I go to the CAS logout page, I do receive a SAMLP logout request from CAS. 我已经确认,如果我转到CAS注销页面,则确实会收到来自CAS的SAMLP注销请求。 When I go back to a secured page in the app, however, I get in without logging back in to CAS. 但是,当我返回到应用程序中的安全页面时,我无需登录即可登录。 If I go to the local app logout page ( /j_spring_security_logout ), then I will get logged out and immediately redirected to the CAS login page. 如果我转到本地应用程序注销页面( /j_spring_security_logout ),那么我将注销并立即重定向到CAS登录页面。
In a nutshell, it appears that the local app isn't registering the logout request from CAS and calling its own logout procedure. 简而言之,似乎本地应用程序未在注册来自CAS的注销请求并调用其自己的注销过程。
Here's the CAS portion of my web.xml 这是我的web.xml的CAS部分
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>authenticationFilter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Ticket Validation Filter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>ticketValidationFilter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Ticket Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
Do I need a specific CAS bean created to handle logouts in my applicationContext.xml files? 我是否需要创建一个特定的CAS bean来处理applicationContext.xml文件中的注销? Or is configured completely through the web.xml file? 还是完全通过web.xml文件配置的?
1 个解决方案
解决方案1
1 2009-11-27 21:49:49
When you debug the SingleSignOutFilter does it invalidate the user session? 在调试SingleSignOutFilter时,它是否会使用户会话无效? Maybe the CAS Token is being held in it, or in the SecurityContextHolder so it doesn't ask for a new login. 也许CAS令牌被保留在其中,或者被保留在SecurityContextHolder中,因此它不需要新的登录名。 I have a similar issue and am sorry to not be able to fully understand SS + CAS. 我有类似的问题,很抱歉无法完全理解SS + CAS。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.