Spring security 使用CAS和表单登录的Spring安全性
我正在编写一个应用程序,该应用程序需要对员工使用CAS身份验证,以及一个用户名/密码表单登录,以针对客户的数据库表进行验证 这个想法是,首页会有一个链接,为员工将他们发送到CAS。如果您是员工,请单击此处,并在该链接下方为非员工的用户名和密码框 我已经在单独的测试应用程序中使用了这两种方法——基于Spring Security中的示例应用程序——但不清楚如何将两个AuthenticationProviders组合成一个 当前配置-主要来自CAS配置,并添加了表单配置:Spring security 使用CAS和表单登录的Spring安全性,spring-security,spring-security-cas,Spring Security,Spring Security Cas,我正在编写一个应用程序,该应用程序需要对员工使用CAS身份验证,以及一个用户名/密码表单登录,以针对客户的数据库表进行验证 这个想法是,首页会有一个链接,为员工将他们发送到CAS。如果您是员工,请单击此处,并在该链接下方为非员工的用户名和密码框 我已经在单独的测试应用程序中使用了这两种方法——基于Spring Security中的示例应用程序——但不清楚如何将两个AuthenticationProviders组合成一个 当前配置-主要来自CAS配置,并添加了表单配置: <?xml vers
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!--Set up the url based security features-->
<security:http entry-point-ref="casEntryPoint" use-expressions="true" >
<security:custom-filter position="FORM_LOGIN_FILTER" ref="casFilter" />
<security:logout logout-success-url="${cas.sso}/logout" />
<security:access-denied-handler ref="accessDeniedHandler" />
<!-- Set up the form login -->
<security:form-login login-page="/login.jsp" authentication-failure- url="/login.jsp?login_error=1"/>
</security:http>
<!-- Specify a destinatation for 403 errors raised by the above URL patterns
this is performed as a 'forward' internally -->
<bean id="accessDeniedHandler"
class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
<property name="errorPage" value="/error/403.html"/>
</bean>
<!--Hook in the properties for the CAS-->
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="${cas.service}"/>
<property name="sendRenew" value="true"/>
</bean>
<!--Set up the CAS filter-->
<bean id="casFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureHandler" ref="accessFailureHandler" />
</bean>
<!-- Specify a destinatation for 401 errors raised by casFilter (and UserService) -->
<bean id='accessFailureHandler'
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/error/401.html" />
<property name="useForward" value='true' />
<property name="allowSessionCreation" value="false" />
</bean>
<!--Set up the entry point for CAS-->
<bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="${cas.sso}"/>
<property name="serviceProperties" ref="serviceProperties"/>
<property name="encodeServiceUrlWithSessionId" value="false"/>
</bean>
<!--Setup authentication managers-->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="casAuthenticationProvider"/>
<security:authentication-provider ref="customAuthenticationProvider"/>
</security:authentication-manager>
<!-- Our own user details service, which hooks in to the database -->
<bean id='userService' class='test.security.UserDetailsServiceImpl' />
<!-- Enable annotations -->
<security:global-method-security pre-post-annotations="enabled"/>
<!-- Customise an auth provider with the local specifics-->
<bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="userDetailsService" ref="userService"/>
<property name="serviceProperties" ref="serviceProperties"/>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="${cas.sso}"/>
</bean>
</property>
<property name="key" value="testSSO"/>
</bean>
<!-- Custom auth provider that validates usernames&pwds against DB -->
<bean id="customAuthenticationProvider" class="test.security.CustomAuthenticationProvider" />
</beans>
这将显示错误消息:
Filter beans '<casFilter>' and '<org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0>' have the same 'order' value.
如何将两个过滤器都放入链中?或者我需要写我自己的过滤器吗?知道选择哪种方法,然后委托相关的特定筛选器
我是Spring Security的新手,所以有没有更好的方法完全做到这一点
谢谢 casFilter必须放置在位置=CAS\u FILTER