Java 如何将CAS SSO与JHipster一起使用
我使用JHipster生成了一个应用程序,我想在我的应用程序中使用我的jasig CAS实例作为SSO,而不是应用程序附带的默认表单登录。最终,我希望使用自定义CAS参数来分配权限 我遵循了这一点。现在我用JHipster生成了一个应用程序,我成功地将它连接到了我的CAS。当我键入Java 如何将CAS SSO与JHipster一起使用,java,spring,spring-security,single-sign-on,jhipster,Java,Spring,Spring Security,Single Sign On,Jhipster,我使用JHipster生成了一个应用程序,我想在我的应用程序中使用我的jasig CAS实例作为SSO,而不是应用程序附带的默认表单登录。最终,我希望使用自定义CAS参数来分配权限 我遵循了这一点。现在我用JHipster生成了一个应用程序,我成功地将它连接到了我的CAS。当我键入localhost:8080/app/login时,它会将我重定向到我的CAS实例,对我进行身份验证并重定向回JHipster应用程序,但JHipster不允许我浏览应用程序的安全部分,并且仍然需要身份验证。下面是我的
localhost:8080/app/loginSecurityConfiguration.javapackage com.my.company.application.config;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import pl.edu.uw.dsk.konferator.security.*;
import pl.edu.uw.dsk.konferator.web.filter.CsrfCookieGeneratorFilter;
import javax.inject.Inject;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static final String CAS_URL_LOGIN = "cas.url.login";
private static final String CAS_URL_LOGOUT = "cas.url.logout";
private static final String CAS_URL_PREFIX = "cas.url.prefix";
private static final String CAS_SERVICE_URL = "app.service.security";
private static final String CAS_CALLBACK = "/auth/cas";
@Inject
private Environment env;
@Inject
private AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler;
/*@Inject
private AjaxAuthenticationSuccessHandler ajaxAuthenticationSuccessHandler;*/
@Inject
private AjaxAuthenticationFailureHandler ajaxAuthenticationFailureHandler;
@Inject
private AuthenticationUserDetailsService<CasAssertionAuthenticationToken> userDetailsService;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public ServiceProperties serviceProperties() {
ServiceProperties sp = new ServiceProperties();
sp.setService(env.getRequiredProperty(CAS_SERVICE_URL));
sp.setSendRenew(false);
return sp;
}
@Bean
public SimpleUrlAuthenticationSuccessHandler authenticationSuccessHandler() {
SimpleUrlAuthenticationSuccessHandler authenticationSuccessHandler = new SimpleUrlAuthenticationSuccessHandler();
authenticationSuccessHandler.setDefaultTargetUrl("/");
authenticationSuccessHandler.setTargetUrlParameter("spring-security-redirect");
return authenticationSuccessHandler;
}
@Bean
public RememberCasAuthenticationProvider casAuthenticationProvider() {
RememberCasAuthenticationProvider casAuthenticationProvider = new RememberCasAuthenticationProvider();
casAuthenticationProvider.setAuthenticationUserDetailsService(userDetailsService);
casAuthenticationProvider.setServiceProperties(serviceProperties());
casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
casAuthenticationProvider.setKey("CAS_AUTHENTICATION_PROVIDER");
return casAuthenticationProvider;
}
@Bean
public SessionAuthenticationStrategy sessionStrategy() {
SessionFixationProtectionStrategy sessionStrategy = new SessionFixationProtectionStrategy();
sessionStrategy.setMigrateSessionAttributes(false);
//sessionStrategy.setRetainedAttributes(Arrays.asList("CALLBACKURL"));
return sessionStrategy;
}
/*
@Bean
public Saml11TicketValidator casSamlServiceTicketValidator() {
return new Saml11TicketValidator(env.getRequiredProperty(CAS_URL_PREFIX));
}
*/
@Bean
public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
return new Cas20ServiceTicketValidator(env.getRequiredProperty(CAS_URL_PREFIX));
}
@Bean
public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
casAuthenticationFilter.setAuthenticationManager(authenticationManager());
casAuthenticationFilter.setAuthenticationDetailsSource(new RememberWebAuthenticationDetailsSource());
casAuthenticationFilter.setSessionAuthenticationStrategy(sessionStrategy());
casAuthenticationFilter.setAuthenticationFailureHandler(ajaxAuthenticationFailureHandler);
casAuthenticationFilter.setAuthenticationSuccessHandler(authenticationSuccessHandler());
casAuthenticationFilter.setFilterProcessesUrl(CAS_CALLBACK);
// casAuthenticationFilter.setRequiresAuthenticationRequestMatcher(new
// AntPathRequestMatcher("/login", "GET"));
return casAuthenticationFilter;
}
@Bean
public RememberCasAuthenticationEntryPoint casAuthenticationEntryPoint() {
RememberCasAuthenticationEntryPoint casAuthenticationEntryPoint = new RememberCasAuthenticationEntryPoint();
casAuthenticationEntryPoint.setLoginUrl(env.getRequiredProperty(CAS_URL_LOGIN));
casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
//move to /app/login due to cachebuster instead of api/authenticate
casAuthenticationEntryPoint.setPathLogin("/app/login");
return casAuthenticationEntryPoint;
}
@Bean
public SingleSignOutFilter singleSignOutFilter() {
SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
singleSignOutFilter.setCasServerUrlPrefix(env.getRequiredProperty(CAS_URL_PREFIX));
return singleSignOutFilter;
}
@Bean
public LogoutFilter requestCasGlobalLogoutFilter() {
LogoutFilter logoutFilter = new LogoutFilter(env.getRequiredProperty(CAS_URL_LOGOUT) + "?service="
+ env.getRequiredProperty(CAS_SERVICE_URL), new SecurityContextLogoutHandler());
// logoutFilter.setFilterProcessesUrl("/logout");
// logoutFilter.setFilterProcessesUrl("/j_spring_cas_security_logout");
logoutFilter.setLogoutRequestMatcher(new AntPathRequestMatcher("/api/logout", "POST"));
return logoutFilter;
}
@Inject
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(casAuthenticationProvider());
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/scripts/**/*.{js,html}")
.antMatchers("/bower_components/**")
.antMatchers("/i18n/**")
.antMatchers("/assets/**")
.antMatchers("/swagger-ui/index.html")
.antMatchers("/test/**")
.antMatchers("/h2-console/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class)
.addFilterBefore(casAuthenticationFilter(), BasicAuthenticationFilter.class)
.addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class)
.addFilterBefore(requestCasGlobalLogoutFilter(), LogoutFilter.class)
.exceptionHandling()
.authenticationEntryPoint(casAuthenticationEntryPoint())
// .and()
// .rememberMe()
// .rememberMeServices(rememberMeServices)
// .key(env.getProperty("jhipster.security.rememberme.key"))
// .and()
// .formLogin()
// .loginProcessingUrl("/api/authentication")
// .successHandler(ajaxAuthenticationSuccessHandler)
// .failureHandler(ajaxAuthenticationFailureHandler)
// .usernameParameter("j_username")
// .passwordParameter("j_password")
// .permitAll()
.and()
.logout()
.logoutUrl("/api/logout")
.logoutSuccessHandler(ajaxLogoutSuccessHandler)
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.permitAll()
.and()
.headers()
.frameOptions()
.disable()
.and()
.authorizeRequests()
.antMatchers("/app/**").authenticated()
.antMatchers("/api/register").permitAll()
.antMatchers("/api/activate").permitAll()
.antMatchers("/api/authenticate").permitAll()
.antMatchers("/api/account/reset_password/init").permitAll()
.antMatchers("/api/account/reset_password/finish").permitAll()
.antMatchers("/api/logs/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/api/audits/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/api/**").authenticated()
.antMatchers("/metrics/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/health/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/trace/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/dump/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/shutdown/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/beans/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/configprops/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/info/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/autoconfig/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/env/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/trace/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/mappings/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/liquibase/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/v2/api-docs/**").permitAll()
.antMatchers("/configuration/security").permitAll()
.antMatchers("/configuration/ui").permitAll()
.antMatchers("/swagger-ui/index.html").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/protected/**").authenticated();
}
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
private static class GlobalSecurityConfiguration extends GlobalMethodSecurityConfiguration {
public GlobalSecurityConfiguration() {
super();
}
}
}
package com.my.company.application.config;
导入org.jasig.cas.client.session.SingleSignOutFilter;
导入org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
导入org.springframework.context.annotation.Bean;
导入org.springframework.context.annotation.Configuration;
导入org.springframework.core.env.Environment;
导入org.springframework.security.cas.ServiceProperties;
导入org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
导入org.springframework.security.cas.web.CasAuthenticationFilter;
导入org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
导入org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
导入org.springframework.security.config.annotation.method.configuration.globalMethodSecurity配置;
导入org.springframework.security.config.annotation.web.builders.HttpSecurity;
导入org.springframework.security.config.annotation.web.builders.WebSecurity;
导入org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
导入org.springframework.security.config.annotation.web.configuration.websecurityConfigureAdapter;
导入org.springframework.security.core.userdetails.AuthenticationUserDetails服务;
导入org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
导入org.springframework.security.crypto.password.PasswordEncoder;
导入org.springframework.security.web.authentication.SimpleRulthenticationSuccessHandler;
导入org.springframework.security.web.authentication.logout.LogoutFilter;
导入org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
导入org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
导入org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
导入org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
导入org.springframework.security.web.csrf.CsrfFilter;
导入org.springframework.security.web.util.matcher.AntPathRequestMatcher;
导入pl.edu.uw.dsk.konferator.security.*;
导入pl.edu.uw.dsk.konferator.web.filter.CsrfCookieGeneratorFilter;
导入javax.inject.inject;
@配置
@启用Web安全性
公共类安全配置扩展了WebSecurity配置适配器{
私有静态最终字符串CAS\u URL\u LOGIN=“CAS.URL.LOGIN”;
私有静态最终字符串CAS\u URL\u LOGOUT=“CAS.URL.LOGOUT”;
私有静态最终字符串CAS\u URL\u PREFIX=“CAS.URL.PREFIX”;
私有静态最终字符串CAS\u SERVICE\u URL=“app.SERVICE.security”;
私有静态最终字符串CAS_CALLBACK=“/auth/CAS”;
@注入
私人环境署;
@注入
私有AjaxLogoutSuccessHandler AjaxLogoutSuccessHandler;
/*@注入
私有AjaxAuthenticationSuccessHandler AjaxAuthenticationSuccessHandler*/
@注入
专用AjaxAuthenticationFailureHandler AjaxAuthenticationFailureHandler;
@注入
私有身份验证userDetailsService userDetailsService;
@豆子
公共密码编码器PasswordEncoder(){
返回新的BCryptPasswordEncoder();
}
@豆子
公共服务属性服务属性(){
ServiceProperties sp=新的ServiceProperties();
sp.setService(环境getRequiredProperty(CAS_服务_URL));
sp.setsendrewen(假);
返回sp;
}
@豆子
公共SimpleRuThenticationSuccessHandler身份验证SuccessHandler(){
SimpleRulAuthenticationSuccessHandler authenticationSuccessHandler=新SimpleRulAuthenticationSuccessHandler();
authenticationSuccessHandler.setDefaultTargetUrl(“/”);
authenticationSuccessHandler.setTargetUrlParameter(“spring安全重定向”);
返回authenticationSuccessHandler;
}
@豆子
public RememberCasAuthenticationProvider casAuthenticationProvider(){
RememberCasAuthenticationProvider casAuthenticationProvider=新的RememberCasAuthenticationProvider();
casAuthenticationProvider.setAuthenticationUserDetailsService(userDetailsService);
casAuthenticationProvider.setServiceProperties(serviceProperties());
casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
casAuthenticationProvider.setKey(“CAS_认证提供程序”);
返回casAuthenticationProvider;
}
@豆子
公共会话身份验证策略会话策略(){
SessionFixationProtectionStrategy sessionStrategy=新SessionFixationProtectionStrategy();
sessionStrategy.setMigrateSessionAttributes(false);
//sessionStrategy.setRetainedAttributes(Arrays.asList(“CALLBACKURL”));
返回会话策略;
}
/*
@豆子
public saml11 ticketvalidator casSamlServiceTicketValidator(){
返回新的Saml11TicketValidator(env.getRequiredProperty(CAS_URL_前缀));
}
*/
@豆子
公共Cas20ServiceTicketValidator Cas20ServiceTicketValidator(){
返回新的cas20servicecketvalidator(env.getRequiredProperty(CAS_URL_前缀));
}
@豆子
public CasAuthenticationFilter CasAuthenticationFilter()引发异常{
CASSAuthenticationFilter casAut
/**
* GET /account -> get the current user.
*/
@RequestMapping(value = "/account",
method = RequestMethod.GET,
produces = MediaType.APPLICATION_JSON_VALUE)
@Timed
public ResponseEntity<UserDTO> getAccount() {
UserDetails userDetails = (UserDetails)SecurityContextHolder.getContext().getAuthentication().getPrincipal();
List<String> roles = new ArrayList<>();
for (GrantedAuthority authority : userDetails.getGrantedAuthorities()) {
roles.add(authority.getAuthorigy());
}
return new ResponseEntity<>(
new UserDTO(
user.getLogin(),
null,
null,
null,
null,
null,
roles),
HttpStatus.OK);
}