码迷,mamicode.com
首页 > 编程语言 > 详细

spring security与cas client集成(无http标签方式)

时间:2014-08-04 21:51:38      阅读:489      评论:0      收藏:0      [点我收藏+]

标签:http   os   io   for   ar   html   new   htm   

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p"
	xmlns:security="http://www.springframework.org/schema/security"
	xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.0.xsd">
 
	<bean id="securityFilter" class="org.springframework.security.web.FilterChainProxy">
		<constructor-arg>
			<util:list>
				<!-- <security:filter-chain pattern="/" filters="casValidationFilter, wrappingFilter" />
				<security:filter-chain pattern="/secure/receptor" filters="casValidationFilter" />
				<security:filter-chain pattern="/index.xhtml" filters="requestSingleLogoutFilter,securityContextFilter,rememberMeFilter" />
				<security:filter-chain pattern="/j_spring_security_logout" filters="requestSingleLogoutFilter,exceptionTranslationFilter,filterSecurityInterceptor" /> -->
				<security:filter-chain pattern="/**"
					filters="securityContextFilter,testFilter,casFilter,sessionManagementFilter,
					exceptionTranslationFilter,filterSecurityInterceptor" />
			</util:list>
		</constructor-arg>
	</bean>
    <bean id="sessionManagementFilter" class="org.springframework.security.web.session.SessionManagementFilter">
        <constructor-arg index="0" ref="httpSessionSecurityContextRepository"/>
    </bean>
    <bean id="httpSessionSecurityContextRepository" class="org.springframework.security.web.context.HttpSessionSecurityContextRepository"/>

	<bean id="securityContextFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>

	<bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="accessDecisionManager" ref="accessDecisionManager"/>
        <property name="securityMetadataSource">
            <security:filter-invocation-definition-source>
                <security:intercept-url pattern="/admin" access="ROLE_ADMIN"/>
                <security:intercept-url pattern="/index" access="ROLE_USER"/>
            </security:filter-invocation-definition-source>
        </property>
    </bean>

    <bean id="testFilter" class="test.TestFilter"/>

	<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
	  <property name="service"
	      value="http://test.eteams.cn:9088/j_spring_cas_security_check"/>
	  <property name="sendRenew" value="false"/>
	</bean>

	<bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
  		<property name="authenticationManager" ref="authenticationManager"/>
	</bean>

	<!--<bean id="casValidationFilter" class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter">
        <property name="serverName" value="https://test.eteams.cn:9082" />
        <property name="exceptionOnValidationFailure" value="true" />
        <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
        <property name="redirectAfterValidation" value="true" />
        <property name="ticketValidator" ref="ticketValidator" />
        <property name="proxyReceptorUrl" value="/secure/receptor" />
    </bean>
    -->
    <bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />

	<bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
	    <property name="loginUrl" value="https://test.eteams.cn:9082/login"/>
	    <property name="serviceProperties" ref="serviceProperties"/>
	</bean>
	
	<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator" id="ticketValidator">
        <constructor-arg index="0" value="https://test.eteams.cn:9082" />
        <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
        <property name="proxyCallbackUrl" value="https://test.eteams.cn:9082/secure/receptor" />
    </bean>

	<security:authentication-manager alias="authenticationManager">  
    	<security:authentication-provider ref="casAuthenticationProvider"/>
	</security:authentication-manager>

	<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
        <property name="authenticationUserDetailsService" ref="casAuthenticationUserDetailsService"/>
        <property name="serviceProperties" ref="serviceProperties" />
  		<property name="ticketValidator" ref="ticketValidator" />
  		<property name="key" value="an_id_for_this_auth_provider_only"/>
	</bean>

    <bean id="casAuthenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
        <property name="userDetailsService" >
            <ref bean="userDetailsManager" />
        </property>
    </bean>

    <bean id="userDetailsManager" class="test.UserDetailsManager" />
    
    <security:user-service id="userService">
	    <security:user name="1111" password="1111" authorities="ROLE_USER" />
	</security:user-service>

	<bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
    	<constructor-arg value="https://test.eteams.cn:9082/logout"/>
    	<constructor-arg>
    		<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
  		</constructor-arg>
  		<property name="filterProcessesUrl" value="/j_spring_cas_security_logout"/>
	</bean>
	
	<bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter"
		p:authenticationEntryPoint-ref="casEntryPoint" p:accessDeniedHandler-ref="accessDeniedHandler" />

	<bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl"/>

	<bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"
		p:allowIfAllAbstainDecisions="false" p:decisionVoters-ref="decisionVoters" />

	<util:list id="decisionVoters">
		<bean class="org.springframework.security.access.vote.RoleVoter" p:rolePrefix="ROLE_" />
		<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
	</util:list>
</beans>

自定义了一个testfilter用于测试,可以删掉,usermanager是实现的UserDetailsService接口,至于为什么不用http标签方式配置,因为这个灵活度高,可扩展性强,这个还没有配好单点登出功能,后面配好会更新,后面还会实现动态验证码等等功能!

spring security与cas client集成(无http标签方式),布布扣,bubuko.com

spring security与cas client集成(无http标签方式)

标签:http   os   io   for   ar   html   new   htm   

原文地址:http://my.oschina.net/u/1160609/blog/297910
(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
分享档案
更多>
2021年07月29日 (22)
2021年07月28日 (40)
2021年07月27日 (32)
2021年07月26日 (79)
2021年07月23日 (29)
2021年07月22日 (30)
2021年07月21日 (42)
2021年07月20日 (16)
2021年07月19日 (90)
2021年07月16日 (35)
周排行
mamicode.com排行更多图片
更多
友情链接
兰亭集智   国之画   百度统计   站长统计   阿里云   chrome插件   新版天听网
关于我们 - 联系我们 - 留言反馈
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!