1. 首页
  2. 问答
  3. 弹簧安全性使用cas进行身份验证但通过数据库授权

弹簧安全性使用cas进行身份验证但通过数据库授权

2013-10-23 89 views
0

我已经设法通过CAS进行身份验证。但我想调整它以授权对丢失的数据库的角色。弹簧安全性使用cas进行身份验证但通过数据库授权

一个实际的例子会有所帮助。 这就是我目前的配置:

的security.xml

<?xml version="1.0" encoding="UTF-8"?> 
<bean:beans xmlns:bean="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns="http://www.springframework.org/schema/security" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd 
     http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 

    <http pattern="/resources/**" security="none"/> 
    <http use-expressions="true" entry-point-ref="casEntryPoint"> 
     <intercept-url pattern="/" 
       access="permitAll"/> 
     <intercept-url pattern="/login/*" 
       access="permitAll"/> 
     <intercept-url pattern="/logout" 
       access="permitAll"/> 
     <intercept-url pattern="/errors/**" 
       access="permitAll"/> 
     <intercept-url pattern="/events/" 
       access="hasRole('ROLE_ADMIN')"/> 
     <intercept-url pattern="/admin/**" 
       access="hasRole('ROLE_ADMIN')"/> 
     <intercept-url pattern="/**" 
       access="hasRole('ROLE_USER')"/> 
     <access-denied-handler error-page="/errors/403"/> 

     <custom-filter ref="casFilter" position="CAS_FILTER"/> 

     <logout logout-url="/logout" 
       logout-success-url="/login/form?logout"/> 
    </http> 
    <authentication-manager alias="authenticationManager"> 
     <authentication-provider ref="casAuthProvider" /> 
    </authentication-manager> 
    <user-service id="userDetailsService"> 
     <user name="[email protected]" 
       password="user1" 
       authorities="ROLE_USER"/> 
     <user name="[email protected]" 
       password="admin1" 
       authorities="ROLE_USER,ROLE_ADMIN"/> 
     <user name="ifridman" 
       password="idan" 
       authorities="ROLE_USER,ROLE_ADMIN"/> 
    </user-service> 
</bean:beans>

安全-cas.xml:

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:context="http://www.springframework.org/schema/context" 
    xmlns:util="http://www.springframework.org/schema/util" 
    xmlns:task="http://www.springframework.org/schema/task" 
    xsi:schemaLocation="http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.1.xsd 
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 
    http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd 
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd"> 

    <bean id="serviceProperties" 
      class="org.springframework.security.cas.ServiceProperties"> 
     <property name="service" 
       value="http://${cas.service.host}/calendar/login"/> 
    </bean> 
    <!-- 
     Allows changing where the CAS Server and CAS Service are easily 
     by specifying System Arguments or replacing the values only in one place. 
     Could also use external properties file --> 
    <context:property-placeholder 
      system-properties-mode="OVERRIDE" properties-ref="environment"/> 
    <util:properties id="environment"> 
     <prop key="cas.service.host">192.168.108.195:8080</prop> 
     <prop key="cas.server.host">192.168.2.101:8443</prop> 
    </util:properties> 

    <!-- sends to the CAS Server, must be in entry-point-ref of security.xml --> 
    <bean id="casEntryPoint" 
     class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"> 
     <property name="serviceProperties" ref="serviceProperties"/> 
     <property name="loginUrl" value="http://${cas.server.host}/cas/login" /> 
    </bean> 

    <!-- authenticates CAS tickets, must be in custom-filter of security.xml --> 
    <bean id="casFilter" 
     class="org.springframework.security.cas.web.CasAuthenticationFilter"> 
     <property name="authenticationManager" ref="authenticationManager"/> 
     <property name="filterProcessesUrl" value="/login"/> 
    </bean> 

    <bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> 
     <property name="ticketValidator" ref="ticketValidator"/> 
     <property name="serviceProperties" ref="serviceProperties"/> 
     <property name="key" value="casJbcpCalendar"/> 
     <property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/> 
    </bean> 

    <bean id="ticketValidator" class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"> 
     <constructor-arg value="http://${cas.server.host}/cas" /> 
    </bean> 
    <bean id="authenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper"> 
     <constructor-arg ref="userDetailsService" /> 
    </bean> 
</beans>

感谢, 射线。

来源

2013-10-23 rayman

回答

-1

我设法通过实现UserDetailsS​​ervice并管理我自己的授权逻辑。

来源

2013-10-24 14:14:34 rayman

相关问题

 相关问题