stackoom
  简体   繁体   中英

CAS Authentication with custom external form and spring security

 原文  2015-09-10 11:45:22       java/ spring/ spring-security/ cas

Question

Currently we are using jasig CAS server for SSO solution. We have two web application that is using same CAS server. We are using spring security for configuring CAS client. Sample code is like : 

<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
    <sec:filter-chain-map path-type="ant" >
        <sec:filter-chain pattern="/j_spring_security_logout(.jsp)*" filters="appLogoutFilter,exceptionTranslationFilter,filterSecurityInterceptor"/>
        <sec:filter-chain pattern="/**"
                          filters="securityContextPersistenceFilter,requestSingleLogoutFilter,appLogoutFilter,casAuthenticationFilter,requestCacheFilter,contextAwareFilter,exceptionTranslationFilter,filterSecurityInterceptor" />
    </sec:filter-chain-map>
</bean>

<sec:authentication-manager alias="authenticationManager">
    <sec:authentication-provider ref="casAuthenticationProvider" />
</sec:authentication-manager>


<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
    <property name="authenticationUserDetailsService" ref="userDetailsServiceWrapper"/>
    <property name="serviceProperties" ref="serviceProperties" />
    <property name="ticketValidator" ref="ticketValidator"/>
    <property name="key" value="an_id_for_this_auth_provider_only"/>
</bean>


<bean id="userDetailsServiceWrapper" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
    <property name="userDetailsService" ref="lormsSecurityUserDetailsService"/>
</bean>

<bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
    <constructor-arg ref="casEntryPoint"/>
    <property name="accessDeniedHandler" ref="accessDeniedHandler"/>
</bean>

<bean id="appLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
    <constructor-arg value="/j_spring_cas_security_logout"/>
    <constructor-arg>
        <list>
            <ref bean="lormsLogOutHandler"/>
        </list>
    </constructor-arg>
    <property name="logoutRequestMatcher">
        <bean class="org.springframework.security.web.util.matcher.RegexRequestMatcher">
            <constructor-arg name="pattern" value="/j_spring_security_logout(.jsp)*" />
            <constructor-arg name="httpMethod">
                <null/>
            </constructor-arg>
        </bean>
    </property>
</bean>

<!-- This filter redirects to the CAS Server to signal Single Logout should be performed ?service=${singleSignOn.cas.app.url}/LORMS -->
<bean id="requestSingleLogoutFilter"  class="org.springframework.security.web.authentication.logout.LogoutFilter">
    <constructor-arg value="${singleSignOn.cas.server.url}/logout?service=${singleSignOn.cas.app.url}/LORMS"/>
    <constructor-arg>
        <bean class= "org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
    </constructor-arg>
    <property name="logoutRequestMatcher">
        <bean class="org.springframework.security.web.util.matcher.RegexRequestMatcher">
            <constructor-arg name="pattern" value="/j_spring_cas_security_logout(.jsp)*" />
            <constructor-arg name="httpMethod">
                <null/>
            </constructor-arg>
        </bean>
    </property>
</bean>

<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator" id="ticketValidator">
    <constructor-arg index="0" value="${singleSignOn.cas.server.url}" />
</bean>

<bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />

<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/>
</bean>

<bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
    <property name="loginUrl" value="${singleSignOn.cas.server.url}/login"/>
    <property name="serviceProperties" ref="serviceProperties"/>
</bean>

<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
    <property name="service"  value="${singleSignOn.cas.app.url}/LORMS/j_spring_cas_security_check"/>
    <property name="sendRenew" value="false"/>
</bean>

Now I have existing form based login UI. I want to use same instead of using jasig web login screen. I found this link " Using CAS from external link or custom external form " using which I can use my login UI. Can anybody help me to integrate same with spring security in my application ?

1 answers

solution1
 0  2015-09-10 12:04:08

集成应用程序后,可以更改和编辑casviewpage.jsp。可以更改所有UI。您可以使用默认的casview.jsp进行编辑。为什么不想编辑casview.jsp?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring Security and Custom External Authentication Spring Boot Security CAS Authentication Integration How to integrate CAS authentication with spring security? Spring security Authentication with cas but Authorization with database Spring Security forgets authentication with custom login form Using CAS server with two different Spring Security authentication flows Spring-security using a custom form - authentication does not work Implementing CAS with Spring Security 3 CAS + Spring security Spring Security and CAS Integration
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM