Spring security Authentication with cas but Authorization with database
Question
I already managed to authenticate against CAS. But I want to adjust it to authorize the roles against lost DB.
A practical example would help. Thats my current configuration:
Security.xml
<?xml version="1.0" encoding="UTF-8"?>
<bean:beans xmlns:bean="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http pattern="/resources/**" security="none"/>
<http use-expressions="true" entry-point-ref="casEntryPoint">
<intercept-url pattern="/"
access="permitAll"/>
<intercept-url pattern="/login/*"
access="permitAll"/>
<intercept-url pattern="/logout"
access="permitAll"/>
<intercept-url pattern="/errors/**"
access="permitAll"/>
<intercept-url pattern="/events/"
access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/admin/**"
access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/**"
access="hasRole('ROLE_USER')"/>
<access-denied-handler error-page="/errors/403"/>
<custom-filter ref="casFilter" position="CAS_FILTER"/>
<logout logout-url="/logout"
logout-success-url="/login/form?logout"/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthProvider" />
</authentication-manager>
<user-service id="userDetailsService">
<user name="user1@example.com"
password="user1"
authorities="ROLE_USER"/>
<user name="admin1@example.com"
password="admin1"
authorities="ROLE_USER,ROLE_ADMIN"/>
<user name="ifridman"
password="idan"
authorities="ROLE_USER,ROLE_ADMIN"/>
</user-service>
</bean:beans>
Security-cas.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:task="http://www.springframework.org/schema/task"
xsi:schemaLocation="http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
<bean id="serviceProperties"
class="org.springframework.security.cas.ServiceProperties">
<property name="service"
value="http://${cas.service.host}/calendar/login"/>
</bean>
<!--
Allows changing where the CAS Server and CAS Service are easily
by specifying System Arguments or replacing the values only in one place.
Could also use external properties file -->
<context:property-placeholder
system-properties-mode="OVERRIDE" properties-ref="environment"/>
<util:properties id="environment">
<prop key="cas.service.host">192.168.108.195:8080</prop>
<prop key="cas.server.host">192.168.2.101:8443</prop>
</util:properties>
<!-- sends to the CAS Server, must be in entry-point-ref of security.xml -->
<bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="serviceProperties" ref="serviceProperties"/>
<property name="loginUrl" value="http://${cas.server.host}/cas/login" />
</bean>
<!-- authenticates CAS tickets, must be in custom-filter of security.xml -->
<bean id="casFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="filterProcessesUrl" value="/login"/>
</bean>
<bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="ticketValidator" ref="ticketValidator"/>
<property name="serviceProperties" ref="serviceProperties"/>
<property name="key" value="casJbcpCalendar"/>
<property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/>
</bean>
<bean id="ticketValidator" class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator">
<constructor-arg value="http://${cas.server.host}/cas" />
</bean>
<bean id="authenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<constructor-arg ref="userDetailsService" />
</bean>
</beans>
thanks, ray.
1 answers
solution1
-1 ACCPTED 2013-10-24 14:14:34
我通过实现UserDetailsService并管理自己的授权逻辑来做到这一点。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Authorization and Authentication with Spring Security
Spring Boot Security CAS Authentication Integration
CAS Authentication with custom external form and spring security
How to integrate CAS authentication with spring security?
How to do LDAP authentication and database Authorization in Spring security?
How to create register Spring Security Authentication and Authorization with database
Spring security authorization without authentication
No Authentication and authorization using Spring Security
Spring Security : Authentication with Database
Using CAS server with two different Spring Security authentication flows
Related Tags