将属性从CAS释放到Spring Security [英] Release the attribute from CAS to Spring security

查看:90
本文介绍了将属性从CAS释放到Spring Security的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在客户端使用Spring Security 3.X,在服务器上使用CAS 4.0。

I am using a Spring security 3.X on the client side and CAS 4.0 on the server.

我在进行CAS + Spring安全集成时,

When i am doing CAS+Spring security integration, I am able to reach the level of ticket validation success and able to get the proper roles at the client side.

但是我已经在casServiceValidationSuccess.jsp中添加了以下几行来进行迭代并在我的响应中发送属性,因为我的属性未正确释放:

But I have added the following lines in my casServiceValidationSuccess.jsp to iterate and send the attributes in my response as my attributes are not released properly: 

    <cas:attributes>
<cas:user>${fn:escapeXml(assertion.primaryAuthentication.principal.id)}</cas:user>
    <c:forEach var="attr" items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}">
         <cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
    </c:forEach>
</cas:attributes>

所以想知道在CAS服务器端的deployerConfigContext.xml中还有其他更改吗在我的情况下发布特定的属性权限,并在SPRING客户端获得相同的权限。

So wants to know is there any other alternative changes to do in deployerConfigContext.xml in the CAS server side to release particular attribute-"authorities" in my case and to get the same in SPRING client side.

查找现有的deployerConfigContext.xml的片段,以尝试释放权限 属性:

Find the snippets of existing deployerConfigContext.xml where trying to release "authorities" attributes:

    <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
        <constructor-arg>
            <map>
                <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
                <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />
            </map>
        </constructor-arg>

    <bean id="primaryAuthenticationHandler" class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
  <property name="dataSource" ref="dataSource" />
  <property name="sql" value="SELECT EMAIL FROM USER_DATA WHERE UserID = ?" />
</bean>
   <bean id="primaryPrincipalResolver"
          class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" >
        <property name="attributeRepository" ref="attributeRepository" />
    </bean>
   <bean id="attributeRepository"
    class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
    <constructor-arg index="0" ref="dataSource" />
    <constructor-arg index="1" value="SELECT UserID, UserROLES FROM USER_DATA WHERE {0}" />
    <property name="queryAttributeMapping">
        <map>
            <entry key="username" value="UserID" />
        </map>
    </property>
    <property name="resultAttributeMapping">
        <map>
            <entry key="UserID" value="username" />
            <entry key="UserROLES" value="UserROLES" />
        </map>
</property>     
</bean>
    <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
        <property name="registeredServices">
            <list>
                <bean class="org.jasig.cas.services.RegisteredServiceImpl">
                    <property name="id" value="0"></property>
                    <property name="name" value="HTTP"></property>
                    <property name="description" value="Only Allows HTTP Urls"></property>
                    <property name="serviceId" value="http://**" />
                    <property name="usernameAttribute" value="username" />
                    <property name="ignoreAttributes" value="false" />
                    <property name="allowedAttributes">
                        <list>
                            <value>UserROLES</value>
                        </list>
                    </property>
                </bean>

            </list>
        </property>
    </bean>

还可以在spring客户端找到security-context.xml:

Also find the security-context.xml at the spring client side:

    <security:http use-expressions="true" entry-point-ref="casAuthenticationEntryPoint"
        auto-config="true">     
        <security:custom-filter position="CAS_FILTER"
            ref="casAuthenticationFilter"></security:custom-filter>
        <security:intercept-url pattern="/home" access="hasRole('ROLE_TEST')"></security:intercept-url>
        <security:intercept-url pattern="/**" access="hasRole('ROLE_ANONYMOUS')"></security:intercept-url>
    </security:http>

    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider
            ref="casAuthenticationProvider"></security:authentication-provider>
    </security:authentication-manager>

    <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
        <property name="service"
            value="http://localhost:7080/test/j_spring_cas_security_check"></property>
        <property name="sendRenew" value="false"></property>
    </bean>

    <bean id="casAuthenticationFilter"
        class="org.springframework.security.cas.web.CasAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager"></property>
        <property name="authenticationFailureHandler">
        <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
            <property name="defaultFailureUrl" value="http://localhost:8090/cas-server-webapp-4.0.0/login"/>
        </bean>
    </property>
    <property name="authenticationSuccessHandler">
        <bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
            <property name="defaultTargetUrl" value="/home.jsp"/>
        </bean>
    </property>
    </bean>

    <bean id="casAuthenticationEntryPoint"
        class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
        <property name="loginUrl"
            value="http://localhost:8090/cas-server-webapp-4.0.0/login"></property>
        <property name="serviceProperties" ref="serviceProperties"></property>
    </bean>

    <!-- Handles the CAS ticket processing. -->
    <bean id="casAuthenticationProvider"
        class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
        <!-- <property name="userDetailsService" ref="userService"></property>  -->
    <property name="authenticationUserDetailsService" ref="authenticationUserDetailsService" />
        <property name="serviceProperties" ref="serviceProperties"></property>
        <property name="ticketValidator">
            <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                <constructor-arg index="0"
                    value="http://localhost:8090/cas-server-webapp-4.0.0">
                </constructor-arg>
            </bean>
        </property>
        <property name="key" value="cas"></property>
    </bean>

    <bean id="authenticationUserDetailsService"
        class="org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService">
        <constructor-arg>
            <list>
                <value>UserROLES</value>
            </list>
        </constructor-arg>
    </bean>
</beans>


推荐答案

免责声明:我是CAS董事长兼创始人云中CAS的数量( https://www.casinthecloud.com )。

Disclaimer: I'm the Chairman of CAS and founder of CAS in the cloud (https://www.casinthecloud.com).

身份验证处理程序是否引用了您的属性人DAO?如果没有Spring Security进行手动服务票证验证,是否可以工作?

Is your attribute person DAO referenced by your authentication handler? Does it work without Spring security doing a manual service ticket validation?

这篇关于将属性从CAS释放到Spring Security的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆