spring security 集成cas ,设置首页和login/cas允许匿名通过过滤链,首页可进,login/cas 报401错误
spring security 集成cas ,设置首页和login/cas允许匿名通过过滤链,首页可进,login/cas 报401错误
security配置如下
http
//仅针对/oauth/authorize,/login进行配置,其他按默认配置
.requestMatchers()
//这边若配置上,则会自动跳转授权登录页面
.antMatchers("/**")
.and()
.authorizeRequests()
// .antMatchers("/user/**")
// .hasRole("user")
// .antMatchers("/login/cas")
.antMatchers("/*","login/cas","/document/**","/category/**")
.permitAll()
.anyRequest().authenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.addFilter(casAuthenticationFilter)
.addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class)
.addFilterBefore(logoutFilter, LogoutFilter.class);
cas 配置如下
@Configuration
public class CasSecurityConfig {
@Autowired
CASClientProperties casClientProperties;
@Autowired
CASServerProperties casServerProperties;
@Autowired
UserDetailsService userDetailService;
@Bean
ServiceProperties serviceProperties() {
ServiceProperties serviceProperties = new ServiceProperties();
serviceProperties.setService(casClientProperties.getLogin());
return serviceProperties;
}
@Bean
@Primary
AuthenticationEntryPoint authenticationEntryPoint() {
CasAuthenticationEntryPoint entryPoint = new CasAuthenticationEntryPoint();
entryPoint.setLoginUrl(casServerProperties.getLogin());
entryPoint.setServiceProperties(serviceProperties());
return entryPoint;
}
@Bean
TicketValidator ticketValidator() {
return new Cas20ProxyTicketValidator(casServerProperties.getPrefix());
}
@Bean
@Primary
CasAuthenticationProvider casAuthenticationProvider() {
CasAuthenticationProvider provider = new CasAuthenticationProvider();
provider.setServiceProperties(serviceProperties());
provider.setTicketValidator(ticketValidator());
provider.setUserDetailsService(userDetailService);
provider.setKey("dddd");
return provider;
}
@Bean
CasAuthenticationFilter casAuthenticationFilter(AuthenticationProvider authenticationProvider) {
CasAuthenticationFilter filter = new CasAuthenticationFilter();
filter.setServiceProperties(serviceProperties());
List<AuthenticationProvider> dd= Arrays.asList(authenticationProvider);
filter.setAuthenticationManager(new ProviderManager(dd));
return filter;
}
@Bean
SingleSignOutFilter singleSignOutFilter() {
SingleSignOutFilter sign = new SingleSignOutFilter();
sign.setIgnoreInitConfiguration(true);
return sign;
}
@Bean
LogoutFilter logoutFilter() {
LogoutFilter filter = new LogoutFilter(casServerProperties.getLogout(), new SecurityContextLogoutHandler());
filter.setFilterProcessesUrl(casClientProperties.getLogoutRelative());
return filter;
}
}