使用CAS + Spring Security实现SSO
[英]Implement SSO using CAS + Spring Security
问题描述
I'm trying to implement SSO across several web applications using CAS and Spring Security. 
我正在尝试使用CAS和Spring Security在多个Web应用程序中实现SSO。 Expected case: 预期案例:
CAS - http:// localhost:8080/cas/ CAS - http:// localhost:8080 / cas /
App A protected content - http: //localhost:8081/cas-client1/secure/index.html 应用程序受保护的内容 - http://localhost:8081/cas-client1/secure/index.html
App B protected content - http: //localhost:8081/cas-client2/secure/index.html 应用B受保护的内容 - http://localhost:8081/cas-client2/secure/index.html
1) When user access cas-client1, CAS login form will be prompted and trigger authentication. 1)当用户访问cas-client1时,将提示CAS登录表单并触发认证。
2) The same user access cas-client2, previous login should be recognized and no login form will be prompted 2)相同的用户访问cas-client2,应该识别以前的登录,并且不会提示登录表单
However, I am failed to implement step 2. CAS login form still prompted to user and therefore requires double login. 但是,我未能执行第2步.CAS登录表单仍然提示用户,因此需要双重登录。 Is there any wrong setting in my Spring Security configuration: 我的Spring Security配置中是否有任何错误设置:
<security:http entry-point-ref="casAuthenticationEntryPoint" auto-config="true">
<security:intercept-url pattern="/secure/**" access="ROLE_USER" />
<security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter" />
</security:http>
<bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="http://localhost:8080/cas/login" />
<property name="serviceProperties" ref="serviceProperties" />
</bean>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<!-- http://localhost:8081/cas-client2 for app 2-->
<property name="service" value="http://localhost:8081/cas-client1/j_spring_cas_security_check" />
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="casAuthenticationProvider" />
</security:authentication-manager>
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/casfailed.jsp" />
</bean>
</property>
</bean>
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="userDetailsService" ref="userService" />
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="http://localhost:8080/cas" />
</bean>
</property>
<property name="key" value="an_id_for_this_auth_provider_only" />
</bean>
<security:user-service id="userService">
<security:user name="wilson" password="wilson" authorities="ROLE_USER" />
</security:user-service>
1 个解决方案
解决方案1
9 已采纳 2010-07-21 04:28:04
The problem is finally solved. 问题终于解决了。 My CAS is using HTTP and therefore need to set secure cookies to false. 我的CAS使用HTTP,因此需要将安全cookie设置为false。
Modify ticketGrantingTicketCookieGenerator.xml 修改ticketGrantingTicketCookieGenerator.xml
p:cookieSecure="false"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.