6
我试图在使用CAS和Spring Security的几个Web应用程序中实现SSO。预期的情况下:
CAS - HTTP://本地主机:8080/CAS/
应用程序的受保护内容 - HTTP://localhost:8081/cas-client1/secure/index.html
应用B保护的内容 - HTTP: //localhost:8081/cas-client2/secure/index.html
使用CAS + Spring Security实现SSO
1)当用户访问cas-client1时,会提示CAS登录表单并触发认证。
2)相同的用户访问CAS-客户机程序,以前的登录应该得到承认和没有登录表单会提示
不过,我没能实现,系统仍提示用户步骤2 CAS登录表单,并因此需要双登录。在我的Spring Security配置中是否有任何错误设置:
<security:http entry-point-ref="casAuthenticationEntryPoint" auto-config="true">
<security:intercept-url pattern="/secure/**" access="ROLE_USER" />
<security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter" />
</security:http>
<bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="http://localhost:8080/cas/login" />
<property name="serviceProperties" ref="serviceProperties" />
</bean>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<!-- http://localhost:8081/cas-client2 for app 2-->
<property name="service" value="http://localhost:8081/cas-client1/j_spring_cas_security_check" />
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="casAuthenticationProvider" />
</security:authentication-manager>
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/casfailed.jsp" />
</bean>
</property>
</bean>
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="userDetailsService" ref="userService" />
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="http://localhost:8080/cas" />
</bean>
</property>
<property name="key" value="an_id_for_this_auth_provider_only" />
</bean>
<security:user-service id="userService">
<security:user name="wilson" password="wilson" authorities="ROLE_USER" />
</security:user-service>
很好的了解来进行测试,但我想每个人都应该对https- – chrismarx 2011-02-21 20:39:52
运行此谢谢!一年前,我第一次偶然发现了这个答案,并开始再次潜入CAS。另一个可能在QA环境中存在问题的参数是p:cookieDomain。如果生产与QA之间的域名不同,则需要对此设置进行调整或完全删除。删除p:cookieDomain并将p:cookieSecure =“false”设置为在QA中启动并运行CAS的最宽松设置。 – AndreiM 2013-06-03 18:42:19
终于我知道了+1 .. – edaklij 2013-08-02 09:23:30