CAS Server的搭建就不用介紹了,這里介紹一下OpenJWeb平臺中Spring Security如何與CAS集成.Spring security集成CAS的官方例子可從 https://src.springframework.org/svn/spring-security/trunk/samples/cas/client/src/main/webapp 下載,但是這個例子過于簡單,權限ID是配置在xml中,而本文介紹的配置,權限ID是存儲在數據庫中的.下面是配置的applicationContext-security.xml(這個配置已測通):

?

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns=" http://www.springframework.org/schema/beans "
??? xmlns:sec=" http://www.springframework.org/schema/security "
??? xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance "
??? xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
??????????????????????? http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd ">
??
??? <sec:http entry-point-ref="casProcessingFilterEntryPoint">
??????? <sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR" requires-channel="https"/>
??<sec:intercept-url pattern="/secure/**" access="ROLE_USER" />??
??????? <sec:logout logout-success-url="/index.jsp"/>
??? </sec:http>
?
??? <sec:authentication-manager alias="authenticationManager"/>

??? <bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">
??????? <sec:custom-filter after="CAS_PROCESSING_FILTER"/>
??????? <property name="authenticationManager" ref="authenticationManager"/>
??????? <property name="authenticationFailureUrl" value="/casfailed.jsp"/>
??????? <property name="defaultTargetUrl" value="/comm/index.action?operate=selectPageList"/>
??????? <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
??????? <property name="proxyReceptorUrl" value="/secure/receptor" />
???????
??? </bean>

??? <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">
??????? <property name="loginUrl" value=" https://casserver.haoyisheng.com:8443/cas/login"/ >
??????? <property name="serviceProperties" ref="serviceProperties"/>
??? </bean>

??? <bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
??????? <sec:custom-authentication-provider />
??????? <property name="userDetailsService" ref="userDetailsService"/>
??????? <property name="serviceProperties" ref="serviceProperties" />
??????? <property name="ticketValidator">
??????? ?<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
??????? ??<constructor-arg index="0" value=" https://casserver.haoyisheng.com:8443/cas " />
??????? ??<property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
??????? ???? <property name="proxyCallbackUrl" value=" https://bzwang.haoyisheng.com:8443/crm/secure/receptor " />?
??????? ???
??????????? </bean>
??????? </property>
??????? <property name="key" value="an_id_for_this_auth_provider_only"/>
??? </bean>
???
??? <bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />

??? <bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
??????? <property name="service" value=" https://bzwang.haoyisheng.com:8443/crm/j_spring_cas_security_check"/ >
??????? <property name="sendRenew" value="false"/>
??? </bean>
?
?? <bean id="daoAuthenticationProvider"
??class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
??<property name="userDetailsService" ref="userDetailsService" />
??<property name="userCache" ref="userCache" />
??<property name="passwordEncoder" ref="passwordEncoder" />
?</bean>
?<bean id="passwordEncoder"
??class="org.springframework.security.providers.encoding.Md5PasswordEncoder" />
?<bean id="userDetailsService"
??class="org.openjweb.core.springsecurity.UserDetailsServiceImpl">
??<constructor-arg>
???<ref bean="IBaseDao3" />
??</constructor-arg>
?</bean>

?<bean id="userCache"
??class="org.springframework.security.providers.dao.cache.EhCacheBasedUserCache">
??<property name="cache" ref="userCacheBacked" />
?</bean>

?<bean id="userCacheBacked"
??class="org.springframework.cache.ehcache.EhCacheFactoryBean">
??<property name="cacheManager" ref="cacheManager" />
??<property name="cacheName" value="userCache" />
?</bean>

?<bean id="cacheManager"
??class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
??<property name="configLocation"
???value="classpath:ehcache-security.xml" />
?</bean>
?<bean id="filterSecurityInterceptor"
??class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
??<sec:custom-filter before="FILTER_SECURITY_INTERCEPTOR" />
??<property name="authenticationManager"
???ref="authenticationManager" />
??<property name="accessDecisionManager"
???ref="accessDecisionManager" />
??<property name="alwaysReauthenticate" value="true" />
??<property name="objectDefinitionSource"
???ref="databaseFilterInvocationDefinitionSource" />
?</bean>
?<bean id="accessDecisionManager"
??class="org.springframework.security.vote.AffirmativeBased">
??<property name="decisionVoters">
???<list>
????<bean
?????class="org.springframework.security.vote.RoleVoter">
?????<property name="rolePrefix" value="" />
????</bean>
???</list>
??</property>
?</bean>
?<bean id="databaseFilterInvocationDefinitionSource"
??class="org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource">
??<constructor-arg
???type="org.springframework.security.util.UrlMatcher"
???ref="antUrlPathMatcher" />
??<constructor-arg type="java.util.LinkedHashMap" ref="requestMap" />
?</bean>

?<bean id="antUrlPathMatcher"
??class="org.springframework.security.util.AntUrlPathMatcher" />

?<bean id="requestMap"
??class="org.openjweb.core.springsecurity.RequestMapFactoryBean"
??init-method="init">
??
?</bean>

</beans>

?

說明:(1)SSO認證入口為/secure/index.jsp,這個文件有個重定向語句,作用是當SSO認證通過后跳轉到系統主頁面.在測試過程中發現只有訪問/secure目錄下jsp才自動到cas server認證,sec:intercept-url 配置其他的目錄不跳轉到cas server進行認證,不知道是什么原因.

(2) cas server采用3.3.2版本

(3)client端為cas-client-core-3.1.3.jar

?

作者QQ:29803446

Msn:baozhengw999@hotmail.com

?

?

?

?

?

OpenJWeb平臺Spring Security+CAS SSO的配置