Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/14.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/grails/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Spring Grails和CAS基本设置_Spring_Grails_Cas - Fatal编程技术网
Fatal编程技术网
  • spring/
  • Spring Grails和CAS基本设置

Spring Grails和CAS基本设置

spring grails

Spring Grails和CAS基本设置,spring,grails,cas,Spring,Grails,Cas,正在尝试设置一个具有基本CAS保护的简单Grails应用程序 首先,我很难分辨cas插件与spring security core和spring security cas之间的区别……什么时候我会使用一个和另一个 在我的测试中,我配置了以下各项: 在BuildConfig.groovy中: plugins { ... ... compile ":spring-security-core:1.2.7.3" compile ":spring-

正在尝试设置一个具有基本CAS保护的简单Grails应用程序

首先,我很难分辨cas插件与spring security core和spring security cas之间的区别……什么时候我会使用一个和另一个

在我的测试中,我配置了以下各项:

在BuildConfig.groovy中:

plugins {
        ...
...     
        compile ":spring-security-core:1.2.7.3"
        compile ":spring-security-cas:1.0.5"
    }
在Config.groovy中,我不知道我需要什么。不同的文档引用不同的值,但到目前为止我得到的是:

grails.plugins.springsecurity.providerNames = ['casAuthenticationProvider']

grails.plugins.springsecurity.rejectIfNoRule = true
grails.plugins.springsecurity.securityConfigType = "InterceptUrlMap"
grails.plugins.springsecurity.interceptUrlMap = [
    '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/logout/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/**': ['IS_AUTHENTICATED_FULLY']
]

grails.plugins.springsecurity.cas.loginUri = '/login'
grails.plugins.springsecurity.cas.serviceUrl = 'http://cas2.mydomain.com:8085/' + appName + '/j_spring_cas_security_check'
grails.plugins.springsecurity.cas.serverUrlPrefix = 'https://cas2.mydomain.com:8443/cas'
grails.plugins.springsecurity.cas.proxyCallbackUrl = 'http://cas2.mydomain.com:8085/' + appName + '/secure/receptor'
grails.plugins.springsecurity.cas.proxyReceptorUrl = '/secure/receptor'

grails.plugins.springsecurity.logout.afterLogoutUrl = 'https://cas2.mydomain.com:8443/cas/logout?url=http://cas2.mydomain.com:8085/' + appName + '/'
现在,当我浏览到我的应用程序时,我会被转发到CAS登录页面……在输入credentails后,我会看到一个浏览器错误页面:

The page isn't redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
而cas.log说:

INFO: Server startup in 21570 ms
2013-10-31 11:28:05,178 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Beginning ticket cleanup.>
2013-10-31 11:28:05,180 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <0 tickets found to be removed.>
2013-10-31 11:28:05,180 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Finished ticket cleanup.>
2013-10-31 11:28:10,088 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies to: /cas/>
2013-10-31 11:28:16,498 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully authenticated [username: myusername]>
2013-10-31 11:28:16,518 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <Resolved principal myusername>
2013-10-31 11:28:16,518 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler@4e1e6e1f authenticated myusername with credential [username: myusername].>
2013-10-31 11:28:16,523 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: [username: myusername]
WHAT: supplied credentials: [username: myusername]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Thu Oct 31 11:28:16 EDT 2013
CLIENT IP ADDRESS: xxx.xx150.30
SERVER IP ADDRESS: xxx.xx0.79
=============================================================

>
2013-10-31 11:28:16,527 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: [username: myusername]
WHAT: TGT-1-76m7jUyKI7pguovcGWmJqKOsbpqp6wW2yj3dTCNOCtb65MKpTH-cas2
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Thu Oct 31 11:28:16 EDT 2013
CLIENT IP ADDRESS: xxx.xx150.30
SERVER IP ADDRESS: xxx.xx0.79
=============================================================

>
2013-10-31 11:28:16,533 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-1-rvDgqEvGQDeljEeVf5rM-cas2] for service [http://cas2.mydomain.com:8085/rss_03/j_spring_cas_security_check] for user [myusername]>
2013-10-31 11:28:16,533 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: myusername
WHAT: ST-1-rvDgqEvGQDeljEeVf5rM-cas2 for http://cas2.mydomain.com:8085/rss_03/j_spring_cas_security_check
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Thu Oct 31 11:28:16 EDT 2013
CLIENT IP ADDRESS: xxx.xx150.30
SERVER IP ADDRESS: xxx.xx0.79
=============================================================

>
2013-10-31 11:28:16,703 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler failed to authenticate [callbackUrl: http://cas2.mydomain.com:8085/rss_03/secure/receptor]>
2013-10-31 11:28:16,704 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: [callbackUrl: http://cas2.mydomain.com:8085/rss_03/secure/receptor]
WHAT: supplied credentials: [callbackUrl: http://cas2.mydomain.com:8085/rss_03/secure/receptor]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Thu Oct 31 11:28:16 EDT 2013
CLIENT IP ADDRESS: xxx.xx0.79
SERVER IP ADDRESS: xxx.xx0.79
=============================================================

>
2013-10-31 11:28:16,705 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: myusername
WHAT: error.authentication.credentials.bad
ACTION: PROXY_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Thu Oct 31 11:28:16 EDT 2013
CLIENT IP ADDRESS: xxx.xx0.79
SERVER IP ADDRESS: xxx.xx0.79
=============================================================

>
2013-10-31 11:28:16,706 ERROR [org.jasig.cas.web.ServiceValidateController] - <TicketException generating ticket for: [callbackUrl: http://cas2.mydomain.com:8085/rss_03/secure/receptor]>
org.jasig.cas.ticket.TicketCreationException: error.authentication.credentials.bad
        at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket_aroundBody6(CentralAuthenticationServiceImpl.java:325)
        at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket_aroundBody7$advice(CentralAuthenticationServiceImpl.java:57)
        at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:1)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
        at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
        at org.perf4j.aop.AbstractTimingAspect$1.proceed(AbstractTimingAspect.java:47)
        at org.perf4j.aop.AgnosticTimingAspect.runProfiledMethod(AgnosticTimingAspect.java:53)
        at org.perf4j.aop.AbstractTimingAspect.doPerfLogging(AbstractTimingAspect.java:45)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
        at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
        at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
        at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
        at com.github.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:126)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
        at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
        at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
        at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
        at com.sun.proxy.$Proxy49.delegateTicketGrantingTicket(Unknown Source)
        at org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:138)
        at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
        at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
        at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
        at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:128)
        at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:57)
        at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:947)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1009)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
        at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:1810)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:722)
现在,cas.log显示了与我之前得到的类似的循环(在cas和应用程序之间来回),除了没有错误……最终它停止,浏览器再次显示:

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
您需要允许未经验证的访问您的接收器。试试这个:

grails.plugins.springsecurity.interceptUrlMap = [
    '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/logout/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/secure/receptor': ['IS_AUTHENTICATED_ANONYMOUSLY'],  // <- allows CAS to contact the receptor
    '/**': ['IS_AUTHENTICATED_FULLY']
]

grails.plugins.springsecurity.interceptUrlMap=[
'/js/**':[“已通过匿名身份验证”],
'/css/**':['IS_AUTHENTICATED_ANONYMOUSLY'],
'/images/**':['IS_AUTHENTICATED_ANONYMOUSLY'],
“/login/**”:[“已通过匿名身份验证”],
“/logout/**”:[“已通过匿名身份验证”],

“/secure/receptor':['IS_AUTHENTICATED_ANONYMOUSLY'],//谢谢,似乎我也必须将应用程序置于SSL下…没有它我仍然会出错。我更新了上面的帖子…票证授予/验证仍在循环:(我还发现,如果我添加了spring security ldap并对从ldap中提取角色进行了配置,那么这种循环就消失了……但这并不是一个真正的解决方案。我们希望某些应用依赖于ldap角色/组,而其他应用则由具有有效凭据的所有人访问。也许这个答案可以帮助您:

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.



grails.plugins.springsecurity.interceptUrlMap = [
    '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/logout/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/secure/receptor': ['IS_AUTHENTICATED_ANONYMOUSLY'],  // <- allows CAS to contact the receptor
    '/**': ['IS_AUTHENTICATED_FULLY']
]