CAS和Spring -通过身份验证但未授权，导致重定向循环开发者社区

文章/答案/技术大牛

发布

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
        <sec:http entry-point-ref="casEntryPoint">
                <sec:intercept-url pattern="/**" access="ROLE_ODINUSERS,ROLE_ODINSUPERS,ROLE_ODINADMINS" />
                <sec:logout logout-success-url="/cas-logout.jsp" />
                <sec:custom-filter ref="casFilter" after="CAS_FILTER" />
        </sec:http>
        <sec:authentication-manager alias="authenticationManager">
                <sec:authentication-provider ref="casAuthenticationProvider" />
        </sec:authentication-manager>
        <bean id="casFilter"
                class="org.springframework.security.cas.web.CasAuthenticationFilter">
                <property name="authenticationManager" ref="authenticationManager" />
                <property name="authenticationFailureHandler">
                                class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
                                <property name="defaultFailureUrl" value="/cas-failed.jsp" />
                        </bean>
                </property>
                <property name="authenticationSuccessHandler">
                                class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
                                <property name="defaultTargetUrl" value="/" />
                        </bean>
                </property>
                <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
                <property name="proxyReceptorUrl" value="/secure/receptor" />
        </bean>
        <bean id="casEntryPoint"
                class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
                <property name="loginUrl" value="https://localhost:8443/cas/login" />
                <property name="serviceProperties" ref="serviceProperties" />
        </bean>
        <bean id="casAuthenticationProvider"
                class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
                <property name="userDetailsService" ref="userService" />
                <property name="serviceProperties" ref="serviceProperties" />
                <property name="ticketValidator">
                        <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                                <constructor-arg index="0"
                                        value="https://localhost:8443/cas" />
                                <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
                                <property name="proxyCallbackUrl"
                                        value="https://localhost:8443/cas/secure/receptor" />
                        </bean>
                </property>
                <property name="key" value="an_id_for_this_auth_provider_only" />
        </bean>
        <bean id="proxyGrantingTicketStorage"
                class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
        <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
                <property name="service" value="https://localhost:8443/CASTest/j_spring_cas_security_check" />
                <property name="sendRenew" value="false" />
        </bean>
    <sec:jdbc-user-service id="userService" data-source-ref="dataSource" 
        authorities-by-username-query="select username, role FROM user_authorization WHERE username = ?"
        users-by-username-query="SELECT username, password, enabled FROM user_authentication WHERE username = ?" />
      <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
            <property name="driverClassName">
                <value>com.mysql.jdbc.Driver</value>
            </property>
            <property name="url">
                <value>jdbc:mysql://localhost:3306/user_mgt</value>
            </property>
            <property name="username"><value>root</value></property>
            <property name="password"><value>test</value></property>
        </bean>
        <bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
</beans>

 <sec:http entry-point-ref="casEntryPoint">
            <sec:intercept-url pattern="/**" access="ROLE_ODINUSERS,ROLE_ODINSUPERS,ROLE_ODINADMINS" />

问 CAS和Spring -通过身份验证但未授权，导致重定向循环 EN

回答 1

Stack Overflow用户