代码之家 › 专栏 › 技术社区 › Yuri-M-Dias

无法使CAS单一注销与Spring Security一起工作

cas spring-security spring java

Yuri-M-Dias · 技术社区 · 9 年前

我没有找到在我的应用程序上实现单一注销CAS功能的任何实际指南。我在SO上尝试了很多答案,但都没有成功(比如 this 和 this ). 此外,还没有找到使用Java配置的Spring Security+CAS的示例,所以我对此也有点困惑。我甚至无法确定这是否是我应该使用的实际URL,因为文档告诉我使用“/j_spring_security_logout”,这只是将我重定向到一个空白的索引页,因为如果我正常访问它,我的索引页可以工作(尽管控制台显示了所有正确的请求,如JS和CSS)。非常感谢您的指导,因为我找不到使用Java注释的文档。提前感谢!

我的WebSecurityConfig:

@Configuration

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private static String CAS_URL = "https://localhost:8443/cas";
    private static String APP_URL = "https://localhost:8443/i9t-YM";

    @Bean
    public ServiceProperties serviceProperties() {
        ServiceProperties serviceProperties = new ServiceProperties();
        serviceProperties.setService(APP_URL+"/j_spring_cas_security_check");
        serviceProperties.setSendRenew(false);
        return serviceProperties;
    }

    @Bean
    public CasAuthenticationProvider casAuthenticationProvider() {
        CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
        casAuthenticationProvider.setAuthenticationUserDetailsService(authenticationUserDetailsService());
        casAuthenticationProvider.setServiceProperties(serviceProperties());
        casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
        casAuthenticationProvider.setKey("an_id_for_this_auth_provider_only");
        return casAuthenticationProvider;
    }

    @Bean
    public AuthenticationUserDetailsService authenticationUserDetailsService() {
        return new TestCasAuthenticationUserDetailsService();
    }

    @Bean
    public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
        return new Cas20ServiceTicketValidator(CAS_URL);
    }

    @Bean
    public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
        CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
        casAuthenticationFilter.setAuthenticationManager(authenticationManager());
        return casAuthenticationFilter;
    }

    @Bean
    public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
        CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
        casAuthenticationEntryPoint.setLoginUrl(CAS_URL+"/login");
        casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
        return casAuthenticationEntryPoint;
    }

    @Bean
    public SingleSignOutFilter SingleSignOutFilter(){
        return new SingleSignOutFilter();
    }

    @Bean
    public LogoutFilter requestLogoutFilter(){
        SecurityContextLogoutHandler handler = new SecurityContextLogoutHandler();
        handler.setClearAuthentication(true);
        handler.setInvalidateHttpSession(true);
        LogoutFilter logoutFilter = new LogoutFilter(APP_URL, handler);
        return logoutFilter;
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(casAuthenticationProvider());
        auth.inMemoryAuthentication().withUser("joe").password("joe").roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.addFilter(casAuthenticationFilter());
        http.exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint());
        http.addFilterBefore(requestLogoutFilter(), LogoutFilter.class);
        http.addFilterBefore(SingleSignOutFilter(), CasAuthenticationFilter.class);
        http.httpBasic().and().authorizeRequests().antMatchers("/index.html", "/home.html", "/login.html", "/")
                .permitAll().anyRequest().authenticated()
        .and().addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
                .csrf().csrfTokenRepository(csrfTokenRepository())
                ;
        http.logout()
        .deleteCookies("remove").invalidateHttpSession(true).logoutUrl("cas/logout")
        .logoutSuccessUrl("/");
        //http.exceptionHandling().accessDeniedPage("/403.html");
    }

    private CsrfTokenRepository csrfTokenRepository() {
        HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
        repository.setHeaderName("X-XSRF-TOKEN");
        return repository;
    }

}

我的网站上的SSOut筛选器。xml,不知道我为什么要添加它:

<filter>
  <filter-name>characterEncodingFilter</filter-name>
  <filter-class>
    org.springframework.web.filter.CharacterEncodingFilter
  </filter-class>
  <init-param>
    <param-name>encoding</param-name>
    <param-value>UTF-8</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>characterEncodingFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
  <listener-class>
    org.jasig.cas.client.session.SingleSignOutHttpSessionListener
  </listener-class>
</listener>

1 回复 | 直到 7 年前

Mohsen 5 年前

这是我使用cas集成的春季安全单次注销配置:

<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />

<bean id="requestSingleLogoutFilter"
    class="org.springframework.security.web.authentication.logout.LogoutFilter">
    <constructor-arg
        value="${cas.server.address}/logout?service=${cas.server.address}" />
    <constructor-arg>
        <bean
            class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
    </constructor-arg>
    <property name="filterProcessesUrl" value="/j_spring_cas_security_logout" />
</bean>

您应该将这些过滤器添加到 springSecurityFilterChain :

<sec:filter-chain pattern="/logout*" 
    filters="securityContextPersistenceFilter,singleLogoutFilter,casAuthenticationFilter" />
<sec:filter-chain pattern="/j_spring_cas_security_logout*"
    filters="requestSingleLogoutFilter" />