使用Grails Spring Security CAS插件重定向循环 [英] Redirect loop with Grails Spring Security CAS plugin
问题描述
我正在与一个涉及CAS服务器的项目合作,使用单点登录(SSO)与其他基于Spring的项目协作,但我收到一个涉及Grails spring-security-cas插件的重定向循环(版本::spring -security-CAS:2.0-RC1\" )。我看了插件的文档中。我知道CAS重定向问题似乎很常见,但我还没有找到与此类情况相关的帖子。我对于Grails和CAS世界是新的,所以先提前感谢你向正确的方向前进。
在grails应用程序上访问受保护的页面最初使用相应的服务参数正确重定向到CAS服务器登录页面:https:// example.com:8443/cas / login?service = http:// example.com:8080/grailsapp/j_spring_cas_security_check
问题在用户成功登录后发生, CAS重定向回服务。 grails应用程序中的j_spring_cas_security_check重定向到 https://example.com:8443/cas 登录页面,该页面会看到TGC并重定向到服务j_spring_cas_security_check页面,该页面将无限重定向到[直到浏览器发出重定向循环错误为止]。它也看起来像每个迭代创建新的服务票据。
My Config.groovy有:
grails.plugin.springsecurity.cas.loginUri = / login
grails.plugin.springsecurity.cas.serviceUrl = http://example.com:8080/grailsapp/j_spring_cas_security_check
grails.plugin.springsecurity.cas.serverUrlPrefix = https://example.com:8443/cas
#我们没有在代理中使用cas
#在此处未显示注销细节
不成功的尝试已根据其他问题/答案尝试过:
cas服务器的日志包括:
========== ================================================== =
WHO:[username:sampleuser]
什么:提供的凭证:[用户名:sampleuser]
操作:AUTHENTICATION_SUCCESS
应用程序:CAS
时间:星期五Jan 03 23 :格林尼治标准时间2014年52:41
客户端IP地址:XXX.XXX.XXX.XXX
服务器IP地址:example.com
============== ===============================================
================================================= ============
WHO:[username:sampleuser]
什么:TGT-24-Rttmt5i5raWcV1Z5wZavVopigQc4xeIckEUfMKdG3EwEzI3 LUI-cas.service
操作:TICKET_GRANTING_TICKET_CREATED
应用程序:CAS
时间:Fri Jan 03 23:52:41 GMT 2014
客户端IP地址:XXX.XXX.XXX.XXX
服务器IP地址:example.com
=================================== ==========================
INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <授权服务票据[用户]的服务[http://example.com:8080/grailsapp/j_spring_cas_security_check]的[ST-77-cneJOIwmnoOdKqkscaiy-cas.service]>
#######首先循环下面的循环#############
========= ================================================== ==
WHO:sampleuser
WHAT:ST-77-cneJOIwmnoOdKqkscaiy-cas.service for http://example.com:8080/grailsapp/j_spring_cas_security_check
操作:SERVICE_TICKET_CREATED
应用程序:CAS
时间:星期五1月03日23:52:41 GMT 2014
客户端IP地址:XXX.XXX.XXX.XXX
服务器IP地址:example.com
== ================================================== =========
===================================== ========================
WHO:审计:未知
什么:ST-77-cneJOIwmnoOdKqkscaiy-cas.service
ACTION:SERVICE_TICKET_VALIDATED
应用程序:CAS
时间:星期五1月03 23:52:41 GMT 2014
客户端IP地址:127.0.0.1
服务器IP地址:example.com
============================================== ===============
DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <在FlowScope中放置服务:http:// example.com:8080/grailsapp/j_spring_cas_security_check>
INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - 用于用户的服务[http://example.com:8080/grailsapp/j_spring_cas_security_check]的授予服务权证[ST-78-6qsbaVNNOess4VhGOQE4-cas.service] [sampleuser] GT;
####### SERVICE_TICKET_CREATED和SERVICE_TICKET_VALIDATED LOOP在浏览器启动前继续执行更多次#############
解决方案问题是,在Grails客户端中,我没有创建userDetailsService。我在Grails的服务文件夹中实现了一个自定义类(参见 http ://grails-plugins.github.io/grails-spring-security-core/guide/userDetailsService.html ):
public class MyUserDetailsService实现UserDetailsService {
//这里需要的方法
}
beans = {
userDetailsService(MyUserDetailsService)
}
I am working with a project involving CAS server works with other Spring-based projects using Single-Sign On (SSO), but I am receiving a redirect loop involving the Grails spring-security-cas plugin (version: ":spring-security-cas:2.0-RC1"). I've looked at the plugin's documentation. I know CAS redirect questions appear common, but I have yet to find a posting related to this type of situation. I am new-ish to the Grails and CAS worlds, so thank you in advance for any push in the right direction.
Accessing a secured page on the grails app initially redirects to the CAS server login page correctly, with the appropriate service parameter: https:// example.com:8443/cas/login?service=http:// example.com:8080/grailsapp/j_spring_cas_security_check
The problem occurs after the user logs in successfully and CAS redirects back to the service. The j_spring_cas_security_check in the grails app is redirecting back to the https://example.com:8443/cas login page, which sees the TGC and redirects back to the service j_spring_cas_security_check page, which redirects ad infinitum [until the browser gives the redirect loop error]. It also looks like new service tickets are getting created each iteration.
My Config.groovy has:
grails.plugin.springsecurity.cas.loginUri = /login
grails.plugin.springsecurity.cas.serviceUrl = http://example.com:8080/grailsapp/j_spring_cas_security_check
grails.plugin.springsecurity.cas.serverUrlPrefix = https://example.com:8443/cas
# we aren't using cas with proxy
# logout details not shown here
Unsuccessful attempts already tried based on other questions/answers:
- I don't think the issue is with the cas server: when I go directly to another of the projects already using CAS they detect the ticket cookie and login just fine without the user having to authenticate again.
- The SSL certificate is self-signed and already added to Java's cacert store. No SSLHandshake or Certificate-related exceptions, etc. occur.
- It's not a bad credentials or proxy situation like question 19710841, but I've tried adding the /j_spring_cas_security_check to the Annotation staticRules anyways but get the same loop.
The cas server's logs include:
=============================================================
WHO: [username: sampleuser]
WHAT: supplied credentials: [username: sampleuser]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Fri Jan 03 23:52:41 GMT 2014
CLIENT IP ADDRESS: XXX.XXX.XXX.XXX
SERVER IP ADDRESS: example.com
=============================================================
=============================================================
WHO: [username: sampleuser]
WHAT: TGT-24-Rttmt5i5raWcV1Z5wZavVopigQc4xeIckEUfMKdG3EwEzI3LUI-cas.service
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Fri Jan 03 23:52:41 GMT 2014
CLIENT IP ADDRESS: XXX.XXX.XXX.XXX
SERVER IP ADDRESS: example.com
=============================================================
INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-77-cneJOIwmnoOdKqkscaiy-cas.service] for service [http://example.com:8080/grailsapp/j_spring_cas_security_check] for user [sampleuser]>
####### FIRST ITERATION OF LOOP BELOW #############
=============================================================
WHO: sampleuser
WHAT: ST-77-cneJOIwmnoOdKqkscaiy-cas.service for http://example.com:8080/grailsapp/j_spring_cas_security_check
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Fri Jan 03 23:52:41 GMT 2014
CLIENT IP ADDRESS: XXX.XXX.XXX.XXX
SERVER IP ADDRESS: example.com
=============================================================
=============================================================
WHO: audit:unknown
WHAT: ST-77-cneJOIwmnoOdKqkscaiy-cas.service
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Fri Jan 03 23:52:41 GMT 2014
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: example.com
=============================================================
DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in FlowScope: http://example.com:8080/grailsapp/j_spring_cas_security_check>
INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-78-6qsbaVNNOess4VhGOQE4-cas.service] for service [http://example.com:8080/grailsapp/j_spring_cas_security_check] for user [sampleuser]>
####### SERVICE_TICKET_CREATED and SERVICE_TICKET_VALIDATED LOOP CONTINUES A FEW MORE TIMES BEFORE BROWSER GIVES UP #############
The issue was that in the Grails client I did not create a userDetailsService. I implemented a custom class within Grails' services folder (See http://grails-plugins.github.io/grails-spring-security-core/guide/userDetailsService.html):
public class MyUserDetailsService implements UserDetailsService {
// Required methods here
}
then referenced this in resources.groovy:
beans = {
userDetailsService(MyUserDetailsService)
}
这篇关于使用Grails Spring Security CAS插件重定向循环的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
