Java cas+;春季安全
我正在尝试在我的应用程序中实现SSO,现在,我面临下一个问题:Java cas+;春季安全,java,spring,spring-security,cas,jasig,Java,Spring,Spring Security,Cas,Jasig,我正在尝试在我的应用程序中实现SSO,现在,我面临下一个问题: HTTP Status 401 - Authentication Failed: Failed to provide a CAS service ticket to validate type Status report message Authentication Failed: Failed to provide a CAS service ticket to validate description This reque
HTTP Status 401 - Authentication Failed: Failed to provide a CAS service ticket to validate
type Status report
message Authentication Failed: Failed to provide a CAS service ticket to validate
description This request requires HTTP authentication (Authentication Failed: Failed to provide a CAS service ticket to validate).
我在另一个tomcat上启动我的cas服务器,在那里登录,然后在我的应用程序上转到登录页面,然后:
1.那就没有自动点火装置了
2.当我输入凭证时,我看到上面显示的stacktrace
我举了一个例子
以下是我的spring安全上下文:
<security:global-method-security pre-post-annotations="enabled" />
<security:http use-expressions="true" auto-config="true"
entry-point-ref="casAuthenticationEntryPoint" >
<security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></security:custom-filter>
<security:access-denied-handler ref="accessDeniedHandler" />
<security:form-login login-page="/login.html"
authentication-failure-url="/login.html?login_error=1"
default-target-url="/index.html"
always-use-default-target="false"
login-processing-url="/j_spring_security_check"
authentication-failure-handler-ref="failureHandler"
authentication-success-handler-ref="successHandler" />
<security:logout logout-url="/logout" logout-success-url="/login.html" />
<security:intercept-url pattern="/member/**" access="hasRole('viewer')" />
<security:intercept-url pattern="/admin/**" access="hasRole('SiteAdmin')" />
<security:intercept-url pattern="/admin/**" access="hasRole('SystemAdmin')" />
<security:remember-me />
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="myUserDetailsService" />
<security:authentication-provider ref="casAuthenticationProvider"></security:authentication-provider>
</security:authentication-manager>
<bean id="myUserDetailsService"
class="com.mypackage.MyUserDetailsService">
</bean>
<bean id="authenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/login.html" />
<property name="forceHttps" value="false" />
</bean>
<bean id="successHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/member/index.html" />
</bean>
<bean id="failureHandler"
class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login.html?error=auth_fail" />
</bean>
<bean id="bannedHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login.html?error=banned" />
</bean>
<bean id="accessDeniedHandler"
class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
<property name="errorPage" value="/403.jsp"></property>
</bean>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="http://localhost:8080/spring-security-cas/j_spring_cas_security_check"></property>
<property name="sendRenew" value="false"></property>
</bean>
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"></property>
</bean>
<bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="http://localhost:9080/cas-server-webapp-3.4.10/login"></property>
<property name="serviceProperties" ref="serviceProperties"></property>
</bean>
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="userDetailsService" ref="myUserDetailsService"></property>
<property name="serviceProperties" ref="serviceProperties"></property>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="http://localhost:9080/cas-server-webapp-3.4.10"></constructor-arg>
</bean>
</property>
<property name="key" value="cas"></property>
</bean>
在web.xml中,我包含了spring安全上下文,并设置了适当的侦听器等。
在pom(我使用maven)中,我添加了所需的依赖项,如本文所述。
但问题依然存在。
我很高兴从您的错误消息“此请求需要HTTP身份验证”中得到任何建议,您的CAS服务器似乎已启用身份验证。您需要停用它并通过HTML页面登录(即,它将是JSP、ASP或类似的页面)。当
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
拦截器
*.做
但是cas登录url没有*.do后缀。当我添加时,请确保它正常工作。如何在cas中停用身份验证?逻辑是什么?我使用了springsource:中的示例,并使用命令启动了他们的CAS服务器:
mvnjetty:runwar
。我刚刚发现一个可能对您更有帮助的说明:将服务器证书导入本地密钥库命令keytool.exe-importkeystore-srckeystore“spring security samples\certificates\server.jks”-destkeystore“%JAVA\u HOME%\jre\security\cacerts”
我事先安装了证书。。。可能还有其他原因吗?如前所述,您的服务器是否需要身份验证?当您直接将浏览器导航到它(使用新会话)时,它是否会在您看到CAS登录页面之前要求进行身份验证?我不完全理解您的意思,但我将尝试解释我当前拥有的内容。在第一个tomcat上,我启动了CAS服务器(我可以在那里登录,我可以在控制台中看到它给我的票证),在第二个tomcat上,我启动了我的应用程序,在那里我想要SSO(单点登录),因此我不会登录,它应该使用票证,但它需要凭证,在我将它们放入后,我看到上面的stacktrace。那么我应该执行哪些步骤呢?