如何防止JA-SIG CAS弹簧安全重定向循环？ [英] How to prevent JA-SIG CAS spring security redirect loop?

问题描述

我使用带有spring security的JRE和JA-SIG CAS spring安全插件。

我遇到这个问题的一种方式是当我登录到CAS服务器并重新启动我的应用程序时。另一种方法是，如果我通过相同的CAS服务器登录到另一个应用程序，然后当我访问我的应用程序时，则弹簧报告我正在注销。如果我尝试访问受保护的页面，则登录控制器会将浏览器发送到相同的重定向循环中。

我可以观察到一系列获取请求到cas服务器，然后重定向到应用程序。

基本上问题是春季安全并没有意识到我已经登录到CAS服务器，因此反弹回到CAS服务器，该服务器说我已登录并反弹回应用程序。

我也在使用单一登录。一种解决方法是在应用程序认为某人未登录时强制进行续订登录，但这不是一个令人满意的解决方案。 解决方案

基本上问题在于，spring安全并不知道我已经登录到CAS服务器，因此会跳回到CAS服务器，该服务器说我已登录并弹回到应用程序

检查 PreAuthentication 文档。你必须实现一个pre-auth过滤器让Spring知道外部认证。

I'm using grails with spring security and the JA-SIG CAS spring security plugin.

One way I get this problem is when I have logged into the CAS server and I restart my application.

Another way is if I log into another application via the same CAS server and then when I access my application then spring reports me as being logged out. If I try and go to a secured page then the login controller sends the browser into the same redirect loop.

I can observer a stream of get requests to the cas server which is redirecting back to the application.

Basically the problem is that spring security isn't aware that I've already logged in to the CAS server, so bounces back to CAS server which says I'm logged in and bounces back to the app

I'm also using the single sign out. One workaround is to force a renew login when the application thinks someone is not logged in but it's not really a satisfactory solution.

解决方案

Basically the problem is that spring security isn't aware that I've already logged in to the CAS server, so bounces back to CAS server which says I'm logged in and bounces back to the app

Check PreAuthentication docs. You'd have to implement a pre-auth-filter to let Spring know of an external authentication.

这篇关于如何防止JA-SIG CAS弹簧安全重定向循环？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！