[英]Authentication integration issue between wicket-auth-roles and spring-security-cas-client
I have an issue on one of my Wicket projects. 我的一个Wicket项目有一个问题。 The version of wicket I use is the 1.5.7 release, with wicket-auth-roles (same version). 我使用的wicket版本是1.5.7版本,带有wicket-auth-roles(相同版本)。
I'm trying to get a CAS server integration; 我正在尝试与CAS服务器集成。 for that, I'm trying to use the spring-security-cas-client (3.0.7.RELEASE) but the CAS authentication isn't working at all. 为此,我正在尝试使用spring-security-cas-client(3.0.7.RELEASE),但是CAS身份验证根本不起作用。 On this project, I am already using spring-security-core (3.1.0.RELEASE), spring-security-config, & spring-security-ldap and that works fine. 在这个项目中,我已经在使用spring-security-core(3.1.0.RELEASE),spring-security-config和spring-security-ldap,并且工作正常。
The issue I'm getting is when I first access a Wicket page. 我遇到的问题是第一次访问Wicket页面时。 Usually I must have a CAS interrogation; 通常我必须接受CAS审讯; but despite that, the method "getSignInPageClass" (wicket-auth-roles) of my custom authenticatedWebApplication is called and I'm automatically forwarded to my login page (and I'm not getting any CAS call at all). 但是尽管如此,我的自定义authenticatedWebApplication的方法“ getSignInPageClass”(wicket-auth-roles)被调用,并且我自动转发到登录页面(根本没有得到任何CAS调用)。
Has someone already met this type of issue? 有人已经遇到过这类问题吗?
I just went through the same issue. 我只是遇到了同样的问题。 To get it working, I let Wicket do the redirection to CAS and then the CasAuthenticationFilter validate the token and handle authentication. 为了使其正常工作,我让Wicket重定向到CAS,然后CasAuthenticationFilter验证令牌并处理身份验证。 I dont know if it is the best solution, but I used a RequestMapper to handle the AuthenticatedWebSession sign-in. 我不知道这是否是最好的解决方案,但我使用RequestMapper来处理AuthenticatedWebSession登录。
Spring Security Configuration Spring安全配置
<!-- https://cwiki.apache.org/WICKET/spring-security-and-wicket-auth-roles.html -->
<http use-expressions="true" auto-config="true" entry-point-ref="casEntryPoint">
<intercept-url pattern="/**" />
<custom-filter ref="casFilter" position="CAS_FILTER"/>
</http>
Override restartResponseAtSignInPage in your AuthenticatedApplication 覆盖AuthenticatedApplication中的restartResponseAtSignInPage
/**
* Stores original Url and redirects to CAS login for authentication. CAS will redirect back to this
* service using the service parameter.
*/
@Override
public void restartResponseAtSignInPage() {
Session.get().setAttribute("originalUrl", RequestCycle.get().getRequest().getOriginalUrl());
// This will be the URL back to the Spring CAS filter
String service = "service=https%3A%2F%2F" + casServiceHost + "%2Fapp%2Flogin";
throw new RedirectToUrlException("https://" + casServerHost + "/cas/login?" + service);
}
Make a IRequestMapper to handle the AuthenticatedWebSession sign in and redirection. 创建一个IRequestMapper来处理AuthenticatedWebSession登录和重定向。
@Override
public IRequestHandler mapRequest(Request request) {
logger.info("CasAuthMapper mapping {}", request.getUrl());
// The authentication will have been handled by Spring's CasAuthenticationFilter
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
// ... Do whatever you need to do here. I added a simple method to my web session to delegate to signIn(boolean).
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.