如何将CAS认证与Spring安全性集成? [英] How to integrate CAS authentication with spring security?
问题描述
我已将spring security集成到我的项目中,之前我使用hibernate对用户详细信息进行了身份验证。现在我必须使用CAS。
这是我当前的Spring security.xml
I have integrated spring security into my project and I was previously authenticating user details using hibernate. Now I have to do it using CAS. This is my current Spring security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
">
<global-method-security pre-post-annotations="enabled" />
<http pattern="/css/**" security="none"/>
<http pattern="/images/**" security="none"/>
<http pattern="/js/**" security="none"/>
<http pattern="/index.jsp" security="none"/>
<http pattern="/app/addNewUser.json" security="none"/>
<http pattern="/dbcomplogin.jsp" security="none"/>
<http pattern="/loggedout.jsp" security="none"/>
<http use-expressions="true">
<!--
Allow all other requests. In a real application you should
adopt a whitelisting approach where access is not allowed by default
-->
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login login-page='/dbcomplogin.jsp'
authentication-failure-url="/dbcomplogin.jsp?login_error=1"
default-target-url="/index.jsp" />
<logout logout-success-url="/loggedout.jsp" delete-cookies="JSESSIONID"/>
<remember-me />
</http>
<beans:bean id="myUserService" class="com.tcs.ceg.services.impl.UserServiceImpl" />
<authentication-manager>
<authentication-provider user-service-ref="myUserService" />
</authentication-manager>
</beans:beans>
loadUserByUsername方法我正在使用Hibernate调用从DB获取用户详细信息返回用户名,密码(如果它们存在于DB中)。
in UserServiceImpl class "loadUserByUsername" method I am using Hibernate call to get user details from DB and I was returning the username,password if they exist in DB.
但现在我必须使用CAS服务器。请告诉我在spring-security.xml中需要更改的内容,这样,如果用户未经过身份验证,将打开CAS服务器的登录页面,点击注销将发生单次注销并退出CAS的注销页面服务器将打开。
我是CAS和春季安全的新手,所以请帮助我。
But now I have to do it using CAS server . Please tell me what all I need to change in my spring-security.xml so that, if the user is not authenticated the login page of CAS server will be opened and on click of logout the single logout will take place and logout page of CAS server will open. I am new to CAS and spring security so kindly help me.
推荐答案
你有没有机会回顾这个链接: http://static.springsource.org /spring-security/site/docs/3.0.x/reference/cas.html ?
Have you had a chance to review this link: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/cas.html ?
本文档将指导您如何配置CAS客户端w / Spring Security。
The documentation walks you through how to configure the CAS client w/ Spring Security.
这篇关于如何将CAS认证与Spring安全性集成?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!