81,091
社区成员
发帖
与我相关
我的任务
分享Springsecurity+CAS单点登录,循环重定向的问题
最近在弄springsecurity+cas实现单点登录,但配置完成测试,去发现在cas server端登录成功之后,重定向回客户端,cas_filter也捕捉到了,但还是出现了循环重定向问题,我springsecurity配置如下:
此问题困扰我多日!!
请大牛帮我看下,看我的配置哪有问题?谢谢!!
<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- Spring-Security 的配置 -->
<!-- 配置不过滤的资源(静态资源及登录相关) -->
<security:http pattern="/static/**" security="none"></security:http>
<!-- 注意use-expressions=true.表示开启表达式,否则表达式将不可用. /access-denied.htm , auto-config="true" use-expressions="true"-->
<security:http entry-point-ref="casAuthenticationEntryPoint" auto-config="true" use-expressions="true" access-denied-page="/user/index.htm">
<!--允许所有人访问 access="permitAll"-->
<security:intercept-url pattern="/login.htm" access="permitAll"/>
<security:intercept-url pattern="/regist*.htm" access="permitAll" />
<security:intercept-url pattern="/upload/**" access="permitAll" />
<!--允许IS_AUTHENTICATED_ANONYMOUSLY匿名访问
<security:intercept-url pattern="/index.htm" access="IS_AUTHENTICATED_ANONYMOUSLY" /> -->
<!--允许USER权限访问 hasRole('USER')-->
<security:intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" />
<!--允许USER权限访问-->
<security:intercept-url pattern="/exam/**" access="hasRole('ROLE_USER')" />
<!--允许ROLE权限访问-->
<security:intercept-url pattern="/auth/**" access="hasRole('ROLE_ROLE')" />
<!--允许ADMIN权限访问所有资源-->
<security:intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" />
<!--**** cas单点 .2015-06-23 ****-->
<security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></security:custom-filter>
<!--**** cas单点 .2015-06-23 ****-->
</security:http>
<!--***************************************** CAS TEST 2015-06-23 ***************************************** -->
<!--
The CAS filter handles the redirect from the CAS server and starts the ticket validation.
-->
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"></property>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<property name="alwaysUseDefaultTargetUrl">
<value>true</value>
</property>
<property name="defaultTargetUrl">
<value>http://localhost:8080/user/index.htm</value>
</property>
</bean>
</property>
</bean>
<!--**** 2015-06-23,CAS TEST ****-->
<security:authentication-manager alias="authenticationManager" erase-credentials="false">
<security:authentication-provider ref="casAuthenticationProvider">
</security:authentication-provider>
</security:authentication-manager>
<!--**** 2015-06-23,CAS TEST ****-->
<!--
Handles the CAS ticket processing.
-->
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/>
<property name="serviceProperties" ref="serviceProperties"></property>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="https://localhost:8443/cas-server" /> <!-- //SSO验证地址 -->
</bean>
</property>
<property name="key" value="cas123"></property>
</bean>
<!-- authorities对应 CAS server的 登录属性, 在此设置到spirng security中,用于spring security的验证
<bean id="authenticationUserDetailsService" class="org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService">
<constructor-arg>
<array>
<value>authorities</value>
</array>
</constructor-arg>
</bean>
-->
<bean id="authenticationUserDetailsService" class="com.bms.comm.cas.MyAuthenticationUserDetailsService">
<!-- <constructor-arg>
<array>
<value>authorities</value>
</array>
</constructor-arg> -->
<property name="attributes">
<array>
<value>authorities</value>
</array>
</property>
</bean>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="https://localhost:8447/j_spring_cas_security_check"></property>
<property name="sendRenew" value="false"></property>
</bean>
<bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="https://localhost:8443/cas-server/login"></property> <!-- //SSO登录地址 -->
<property name="serviceProperties" ref="serviceProperties"></property>
</bean>
</beans>
此问题困扰我多日!!
请大牛帮我看下,看我的配置哪有问题?谢谢!!
...全文
请发表友善的回复…
发表回复
林元慈 as 记 2017-03-20
- 打赏
- 举报
怎么解决的,改了什么东西
小营123 2016-11-09
- 打赏
- 举报
再贴一遍完整的web.xml代码:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>*.htm</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:*.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!--
Included to support Single Logout. Note that the SingleSignOutFilter is included in the
springSecurityFilterChain. However, it could also be placed as the first filter-mapping
in the web.xml
-->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:*.xml</param-value>
</context-param>
<welcome-file-list>
<welcome-file>index.htm</welcome-file>
</welcome-file-list>
<error-page>
<error-code>403</error-code>
<location>/WEB-INF/error/403.jsp</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/WEB-INF/error/404.jsp</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/WEB-INF/error/500.jsp</location>
</error-page>
</web-app>
小营123 2016-11-09
- 打赏
- 举报
我的问题解决了,就是这个springSecurityFilterChain过滤器和spring mvc 连接器互相拦截了,所以就循环重定向了。
完整web.xml代码,如下:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>*.htm</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:*.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!--
Included to support Single Logout. Note that the SingleSignOutFilter is included in the
springSecurityFilterChain. However, it could also be placed as the first filter-mapping
in the web.xml
-->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:*.xml</param-value>
</context-param>
<welcome-file-list>
<welcome-file>index.htm</welcome-file>
</welcome-file-list>
<error-page>
<error-code>403</error-code>
<location>/WEB-INF/error/403.jsp</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/WEB-INF/error/404.jsp</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/WEB-INF/error/500.jsp</location>
</error-page>
小营123 2016-10-31
- 打赏
- 举报
有解决的吗?QQ:342913415
qq_27383675 2016-07-21
- 打赏
- 举报
兄弟,求解决方案,求成功代码。
一起_风 2015-11-24
- 打赏
- 举报
怎么解决的啊,兄弟
