使用LDAP身份驗證和授權以Spring和CAS移動Spring Web項目

我正在嘗試將使用LDAP進行身份驗證和授權的Spring Web項目移到Spring和CAS。我的項目使用LDAP工作得很好，但現在我必須使用CAS。一旦我更改了XML文件，一切都停止了。使用LDAP身份驗證和授權以Spring和CAS移動Spring Web項目

XML使用LDAP：

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jdbc="http://www.springframework.org/schema/jdbc" 
    xmlns:jee="http://www.springframework.org/schema/jee" 

    xsi:schemaLocation="http://www.springframework.org/schema/beans 
      http://www.springframework.org/schema/beans/spring-beans-3.1.xsd 
      http://www.springframework.org/schema/jdbc 
      http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd 
      http://www.springframework.org/schema/security 
      http://www.springframework.org/schema/security/spring-security-3.1.xsd 
      http://www.springframework.org/schema/jee 
      http://www.springframework.org/schema/jee/spring-jee-3.1.xsd 
      " 
    xmlns="http://www.springframework.org/schema/security"> 

    <http auto-config="true" use-expressions="true"> 



     <intercept-url access="hasRole('ROLE_MEMBER_INQUIRY')" 
      pattern="/requests/**" /> 

     <form-login default-target-url="/requests/add.html" /> 

    </http> 

    <authentication-manager> 

     <ldap-authentication-provider 
      user-search-base="ou=webusers" user-search-filter="(uid={0})"> 

      <password-compare> 

       <password-encoder ref="passwordEncoder"> 
       </password-encoder> 
      </password-compare> 
     </ldap-authentication-provider> 
    </authentication-manager> 

    <beans:bean id="passwordEncoder" 
     class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"> 
    </beans:bean> 

    <beans:bean id="contextSource" 
     class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> 

     <beans:constructor-arg 
      value="ldaps://dvldap01.uftwf.dev:636/dc=uftwf,dc=dev" /> 

     <beans:property name="userDn" value="cn=Manager,dc=uftwf,dc=dev" /> 

     <beans:property name="password" value="uftwf" /> 
    </beans:bean> 

    <beans:bean id="ldapAuthProvider" 
     class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> 

     <beans:constructor-arg> 

      <beans:bean 
       class="org.springframework.security.ldap.authentication.BindAuthenticator"> 
       <beans:constructor-arg ref="contextSource" /> 
       <beans:property name="userDnPatterns"> 
        <beans:list> 
         <beans:value> 
          uid={0},ou=webusers 
         </beans:value> 
        </beans:list> 
       </beans:property> 
      </beans:bean> 
     </beans:constructor-arg> 
     <beans:constructor-arg> 
      <beans:bean 
       class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator"> 
       <beans:constructor-arg ref="contextSource" /> 
       <beans:constructor-arg value="ou=groups" /> 
       <beans:property name="groupRoleAttribute" value="ou" /> 
      </beans:bean> 
     </beans:constructor-arg> 
    </beans:bean> 
    <ldap-server url="ldaps://dvldap01.uftwf.dev:636/dc=uftwf,dc=dev" /> 
    <beans:bean id="propertyConfigurer" 
     class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> 
     <beans:property name="location" value="classpath:jdbc.properties2" /> 
    </beans:bean> 

    <beans:bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" 
     > <beans:property name="driverClassName" value="${database.driver}" /> <beans:property 
     name="url" value="${database.url}" /> <beans:property name="username" value="${database.user}" 
     /> <beans:property name="password" value="${database.password}" /> <beans:property 
     name="initialSize" value="5" /> <beans:property name="maxActive" value="10" 
     /> </beans:bean> 

    <!-- 
     <beans:bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" 
     > <beans:property name="driverClassName" value="${database.driver}" /> <beans:property 
     name="url" value="${database.url}" /> <beans:property name="username" value="${database.user}" 
     /> <beans:property name="password" value="${database.password}" /> <beans:property 
     name="initialSize" value="5" /> <beans:property name="maxActive" value="10" 
     /> </beans:bean> 



    <jee:jndi-lookup id="dataSourcejndi" jndi-name="dataSourcejndi" 
     lookup-on-startup="false" proxy-interface="javax.sql.DataSource" 
     cache="true" resource-ref="true" /> 



    <beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean" 
     lazy-init="true"> 
     <beans:property name="dataSource" ref="dataSourcejndi" /> 
    </beans:bean> 




    <beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean"> 
    <beans:property name="jndiName" value="java:dataSourcejndi" /> 
</beans:bean> 



    <beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean"> 
     <beans:property name="jndiName" value="java:comp/env/jdbc/mi"/> 
    </beans:bean> 

     <mvc:annotation-driven /> 

--> 


    <!-- <beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean"> 
    <beans:property name="jndiName" value="java:dataSourcejndi" /> 
</beans:bean> 
--> 


</beans:beans>

XML使用CAS：

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
     xmlns:sec="http://www.springframework.org/schema/security" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xmlns:util="http://www.springframework.org/schema/util" 
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd 
         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd 
         http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd"> 


         <http auto-config="true" use-expressions="true"> 



     <intercept-url access="hasRole('ROLE_MEMBER_INQUIRY')" 
      pattern="/requests/**" /> 

     <form-login default-target-url="/requests/add.html" /> 

    </http> 

    <bean id="securityFilter" class="org.springframework.security.util.FilterChainProxy"> 
     <sec:filter-chain-map path-type="ant"> 
      <sec:filter-chain pattern="/images/**" filters="channelProcessingFilter"/> 
      <sec:filter-chain pattern="/css/**" filters="channelProcessingFilter"/> 
      <sec:filter-chain pattern="/js/**" filters="channelProcessingFilter"/> 
      <sec:filter-chain pattern="/403.jsp" filters="channelProcessingFilter"/> 
      <sec:filter-chain pattern="/404.jsp" filters="channelProcessingFilter"/> 
      <sec:filter-chain pattern="/error.jsp" filters="channelProcessingFilter"/> 
      <sec:filter-chain pattern="/**/cas/changePassword.htm*" filters="channelProcessingFilter"/> 
      <sec:filter-chain pattern="/**/cas/login.htm*" filters="channelProcessingFilter"/> 
      <sec:filter-chain pattern="/**/cas/passwordExpired.htm*" filters="channelProcessingFilter"/> 
      <sec:filter-chain pattern="/**/*.html*" filters="channelProcessingFilter"/> 
      <sec:filter-chain pattern="/**" 
           filters="channelProcessingFilter,httpSessionContextIntegrationFilter,logoutFilter,casSingleSignOutFilter,casProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor"/> 
     </sec:filter-chain-map> 
    </bean> 

    <!-- this is what hooks up the CAS entry point --> 
    <bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter"> 
     <property name="authenticationEntryPoint"> 
      <ref local="casProcessingFilterEntryPoint"/> 
     </property> 
    </bean> 

    <!-- where do I go when I need authentication from CAS--> 
    <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint"> 
     <property name="loginUrl" value="https://dvjvm11.uftwf.dev:8443/cas-server-webapp/login"/> 
     <property name="serviceProperties" ref="serviceProperties"/> 
    </bean> 

    <!-- defines which roles are allowed to access http resources --> 
    <bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor"> 
     <property name="authenticationManager" ref="authenticationManager"/> 
     <property name="accessDecisionManager" ref="accessDecisionManager"/> 
     <property name="objectDefinitionSource"> 
      <value> 
       PATTERN_TYPE_APACHE_ANT 
       **=ROLE_ALLOWED_ROLES_HERE 
      </value> 
     </property> 
    </bean> 

    <!-- hooks up CAS ticket validator and user details loader --> 
    <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager"> 
     <property name="providers"> 
      <list> 
       <ref bean="casAuthenticationProvider"/> 
      </list> 
     </property> 
    </bean> 

    <!-- supporting class for filterInvocationInterceptor --> 
    <bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased"> 
     <property name="allowIfAllAbstainDecisions" value="false"/> 
     <property name="decisionVoters"> 
      <list> 
       <ref local="roleVoter"/> 
      </list> 
     </property> 
    </bean> 

    <bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"> 
     <property name="rolePrefix" value=""/> 
    </bean> 

    <!-- setup method level security using annotations --> 
    <sec:global-method-security jsr250-annotations="enabled" secured-annotations="enabled"/> 
    <alias name="authenticationManager" alias="_authenticationManager"/> 

    <bean id="passwordEncoder" class="org.springframework.security.providers.encoding.ShaPasswordEncoder"/> 

    <!-- which service (application) am I authenticating --> 
    <bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties"> 
     <property name="service" value="https://dvjvm11.uftwf.dev:8443/cas-server-webapp/j_spring_cas_security_check"/> 
     <property name="sendRenew" value="false"/> 
    </bean> 

    <!-- handles a logout request from the CAS server --> 
    <bean id="casSingleSignOutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/> 

    <!-- performs CAS authentication --> 
    <bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter"> 
     <property name="authenticationManager" ref="authenticationManager"/> 
     <property name="authenticationFailureUrl" value="/403.jsp"/> 
     <property name="alwaysUseDefaultTargetUrl" value="false"/> 
     <property name="defaultTargetUrl" value="/"/> 
    </bean> 

    <!-- Does the CAS ticket validation and user details loading --> 
    <bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider"> 
     <property name="userDetailsService" ref="pickYourUserDetailsServiceImplementation"/> 
     <property name="serviceProperties" ref="serviceProperties"/> 
     <property name="ticketValidator"> 
      <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> 
       <constructor-arg index="0" value="https://dvjvm11.uftwf.dev:8443/cas-server-webapp/"/> 
      </bean> 
     </property> 
     <property name="key" value="my_password_for_this_auth_provider_only"/> 
    </bean> 

    <!-- Log failed authentication attempts to commons-logging --> 
    <bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/> 

    <bean id="httpSessionContextIntegrationFilter" 
      class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/> 

    <bean id="securityContextHolderAwareRequestFilter" 
      class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/> 

    <!-- ===================== SSL SWITCHING ==================== --> 
    <bean id="channelProcessingFilter" class="org.springframework.security.securechannel.ChannelProcessingFilter"> 
     <property name="channelDecisionManager" ref="channelDecisionManager"/> 
     <property name="filterInvocationDefinitionSource"> 
      <value> 
       PATTERN_TYPE_APACHE_ANT 
       **=REQUIRES_SECURE_CHANNEL 
      </value> 
     </property> 
    </bean> 

    <bean id="channelDecisionManager" class="org.springframework.security.securechannel.ChannelDecisionManagerImpl"> 
     <property name="channelProcessors"> 
      <list> 
       <bean class="org.springframework.security.securechannel.SecureChannelProcessor"> 
        <property name="entryPoint" ref="channelEntryPoint"/> 
       </bean> 
       <bean class="org.springframework.security.securechannel.InsecureChannelProcessor"> 
        <property name="entryPoint" ref="channelEntryPoint"/> 
       </bean> 
      </list> 
     </property> 
    </bean> 

    <bean id="channelEntryPoint" class="org.springframework.security.securechannel.RetryWithHttpsEntryPoint"> 
     <property name="portMapper" ref="portMapper"/> 
    </bean> 

    <bean id="portMapper" class="org.springframework.security.util.PortMapperImpl"> 
     <property name="portMappings"> 
      <map> 
       <entry key="80" value="443"/> 
       <entry key="8080" value="8443"/> 
       <entry key="5580" value="5543"/> 
      </map> 
     </property> 
    </bean> 

    <!-- Invoked when the user clicks logout --> 
    <bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter"> 
     <!-- URL redirected to after logout success --> 
     <constructor-arg value="https://dvjvm11.uftwf.dev:8443/cas-server-webapp/logout"/> 
     <constructor-arg> 
      <list> 
       <bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"> 
        <property name="invalidateHttpSession" value="false"/> 
       </bean> 
      </list> 
     </constructor-arg> 
    </bean> 

    <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"> <property name="driverClassName" value="${database.driver}" /> <property 
     name="url" value="${database.url}" /> <property name="username" value="${database.user}" 
     /> <property name="password" value="${database.password}" /> <property 
     name="initialSize" value="5" /> <property name="maxActive" value="10" 
     /> </bean> 

</beans>

有人可以告訴我爲什麼一切都停止了工作

來源

2012-06-18 SJS

我真的不知道爲什麼你使用SecurityFilter類和http標記。我們使用這樣的

<http use-expressions="true" 
    request-matcher="ciRegex" 
    auto-config="false" 
    disable-url-rewriting="true" 
    access-denied-page="/denied.page" 
    entry-point-ref="casProcessingFilterEntryPoint"> 
    [..] 
    <intercept-url 
     pattern="/.*" 
     access="isAuthenticated()" /> 
    [..] 
    <custom-filter ref="casSingleSignOutFilter" before="CAS_FILTER" /> 
    <custom-filter ref="casAuthenticationFilter" after="CAS_FILTER" /> 
    <custom-filter ref="sessionRegistryFixFilter" after="SESSION_MANAGEMENT_FILTER" /> 

    <logout invalidate-session="true" 
     logout-success-url="{cas.url}/logout?service=[..]" /> 

</http>

和D這重定向您的通話（如果您請求somethig實際上是後面的「isAuthenticated（）」條款）到CAS服務器。

從這一點起它就像描述的那樣工作here

來源

2012-07-10 08:11:55 Hons

使用LDAP身份驗證和授權以Spring和CAS移動Spring Web項目

回答

相關問題