Here we use spring-security and the native jasig cas package for integration. Why is spring-security-cas provided by spring not directly used? It will be explained later.
Configuration
web.xml
<filter> <filter-name>casFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping> <filter-name>casFilterChain</filter-name> <url-pattern>/*</url-pattern></filter-mapping><listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class></listener>
applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"> <bean id="casFilterChain"> <constructor-arg> <util:list> <security:filter-chain pattern="/**" filters="singleSignOutFilter, cas20ProxyReceiveTicketValidationFilter, authenticationFilter, httpServletRequestWrapperFilter, assertionThreadLocalFilter"/> </util:list> </constructor-arg> </bean> <bean id="singleSignOutFilter"/> <bean id="cas20ProxyReceiveTicketValidationFilter" > <property name="serverName" value="${client.url}"/> <property name="ticketValidator" ref="cas20ServiceTicketValidator"/> </bean> <bean id="cas20ServiceTicketValidator"> <constructor-arg value="${cas.url}"/> <property name="renew" value="false"/> </bean> <bean id="authenticationFilter"> <property name="renew" value="false"/> <property name="casServerLoginUrl" value="${cas.url}"/> <property name="serverName" value="${client.url}"/> </bean> <bean id="httpServletRequestWrapperFilter"/> <bean id="assertionThreadLocalFilter"/></beans> Properties
#CAS service address cas.url=https://cas.example.com:8443#CAS client address is the address of this application client.url=http://localhost:8080
analyze
In the security filter chain in applicationContext-security.xml, we use 5 filters, namely: singleSignOutFilter, cas20ProxyReceiveTicketValidationFilter, authenticationFilter, httpServletRequestWrapperFilter, and assertionThreadLocalFilter.
Why not use spring-security-cas
spring-security-cas
The responsible ticket validator filter in spring-security-cas is the org.springframework.security.cas.authentication.CasAuthenticationProvider.
private CasAuthenticationToken authenticateNow(final Authentication authentication) throws AuthenticationException { try { final Assertion assertion = this.ticketValidator.validate(authentication.getCredentials().toString(), getServiceUrl(authentication)); ...When building the second parameter of the validator method of the validator
private String getServiceUrl(Authentication authentication) { String serviceUrl; if(authentication.getDetails() instanceof ServiceAuthenticationDetails) { serviceUrl = ((ServiceAuthenticationDetails)authentication.getDetails()).getServiceUrl(); }else if(serviceProperties == null){ throw new IllegalStateException("serviceProperties cannot be null unless Authentication.getDetails() implements ServiceAuthenticationDetails."); }else if(serviceProperties.getService() == null){ throw new IllegalStateException("serviceProperties.getService() cannot be null unless Authentication.getDetails() implements ServiceAuthenticationDetails."); }else { serviceUrl = serviceProperties.getService(); } if(logger.isDebugEnabled()) { logger.debug("serviceUrl = "+serviceUrl); } return serviceUrl;}The above is all the content of this article. I hope it will be helpful to everyone's learning and I hope everyone will support Wulin.com more.