Fatal编程技术网
  • spring-security/
  • Spring security 使用CAS和表单登录的Spring安全性

Spring security 使用CAS和表单登录的Spring安全性

spring-security

Spring security 使用CAS和表单登录的Spring安全性,spring-security,spring-security-cas,Spring Security,Spring Security Cas,我正在编写一个应用程序,该应用程序需要对员工使用CAS身份验证,以及一个用户名/密码表单登录,以针对客户的数据库表进行验证 这个想法是,首页会有一个链接,为员工将他们发送到CAS。如果您是员工,请单击此处,并在该链接下方为非员工的用户名和密码框 我已经在单独的测试应用程序中使用了这两种方法——基于Spring Security中的示例应用程序——但不清楚如何将两个AuthenticationProviders组合成一个 当前配置-主要来自CAS配置,并添加了表单配置: <?xml vers

我正在编写一个应用程序,该应用程序需要对员工使用CAS身份验证,以及一个用户名/密码表单登录,以针对客户的数据库表进行验证

这个想法是,首页会有一个链接,为员工将他们发送到CAS。如果您是员工,请单击此处,并在该链接下方为非员工的用户名和密码框

我已经在单独的测试应用程序中使用了这两种方法——基于Spring Security中的示例应用程序——但不清楚如何将两个AuthenticationProviders组合成一个

当前配置-主要来自CAS配置,并添加了表单配置:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"

       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                           http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">



  <!--Set up the url based security features-->
    <security:http entry-point-ref="casEntryPoint" use-expressions="true" >
        <security:custom-filter position="FORM_LOGIN_FILTER" ref="casFilter" />
        <security:logout logout-success-url="${cas.sso}/logout" />
        <security:access-denied-handler ref="accessDeniedHandler" />

<!-- Set up the form login -->
        <security:form-login login-page="/login.jsp" authentication-failure-     url="/login.jsp?login_error=1"/>

    </security:http>

    <!-- Specify a destinatation for 403 errors raised by the above URL patterns
        this is performed as a 'forward' internally    -->
    <bean id="accessDeniedHandler"
          class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
        <property name="errorPage" value="/error/403.html"/>
    </bean>

    <!--Hook in the properties for the CAS-->
    <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
        <property name="service" value="${cas.service}"/>
        <property name="sendRenew" value="true"/>
    </bean>

    <!--Set up the CAS filter-->
    <bean id="casFilter"
          class="org.springframework.security.cas.web.CasAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationFailureHandler" ref="accessFailureHandler" />
    </bean>

    <!-- Specify a destinatation for 401 errors raised by casFilter (and UserService) -->
    <bean id='accessFailureHandler'
          class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
        <property name="defaultFailureUrl" value="/error/401.html" />
        <property name="useForward" value='true' />
        <property name="allowSessionCreation" value="false" />
    </bean>

    <!--Set up the entry point for CAS-->
    <bean id="casEntryPoint"
          class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
        <property name="loginUrl" value="${cas.sso}"/>
        <property name="serviceProperties" ref="serviceProperties"/>
        <property name="encodeServiceUrlWithSessionId" value="false"/>
    </bean>

    <!--Setup authentication managers-->
    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider ref="casAuthenticationProvider"/>
        <security:authentication-provider ref="customAuthenticationProvider"/>
    </security:authentication-manager>

    <!-- Our own user details service, which hooks in to the database -->
    <bean id='userService' class='test.security.UserDetailsServiceImpl' />

    <!-- Enable annotations -->
     <security:global-method-security pre-post-annotations="enabled"/>

    <!--    Customise an auth provider with the local specifics-->
    <bean id="casAuthenticationProvider"
          class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
        <property name="userDetailsService" ref="userService"/>
        <property name="serviceProperties" ref="serviceProperties"/>
        <property name="ticketValidator">
            <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                <constructor-arg index="0" value="${cas.sso}"/>
            </bean>
        </property>
        <property name="key" value="testSSO"/>
    </bean>

<!-- Custom auth provider that validates usernames&pwds against DB -->
    <bean id="customAuthenticationProvider" class="test.security.CustomAuthenticationProvider" />    

</beans>
这将显示错误消息:

Filter beans '<casFilter>' and '<org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0>' have the same 'order' value.
如何将两个过滤器都放入链中?或者我需要写我自己的过滤器吗?知道选择哪种方法,然后委托相关的特定筛选器

我是Spring Security的新手,所以有没有更好的方法完全做到这一点

谢谢

casFilter必须放置在位置=CAS\u FILTER