Spring 春季安全和CAS。身份验证成功后的匿名用户_Spring_Spring Boot_Spring Security_Cas

Spring 春季安全和CAS。身份验证成功后的匿名用户

spring spring-boot spring-security

Spring 春季安全和CAS。身份验证成功后的匿名用户,spring,spring-boot,spring-security,cas,Spring,Spring Boot,Spring Security,Cas,我尝试为使用CAS配置Spring安全性。当我获得成功认证时，我正在步调一致，CAS将为我的申请提供票证。但在CAS中成功进行身份验证后，我需要获取用户名并将请求发送到另一个系统，但我不知道如何进行，因为这里 SecurityContext ctx=SecurityContextHolder.getContext(); Authentication authentication = ctx.getAuthentication(); 我看到我有一个匿名用户。我没有太多时间，所以我需要你的帮助

我尝试为使用CAS配置Spring安全性。当我获得成功认证时，我正在步调一致，CAS将为我的申请提供票证。但在CAS中成功进行身份验证后，我需要获取用户名并将请求发送到另一个系统，但我不知道如何进行，因为这里

SecurityContext ctx=SecurityContextHolder.getContext();
Authentication authentication = ctx.getAuthentication();

我看到我有一个匿名用户。我没有太多时间，所以我需要你的帮助，我担心我的问题

身份验证后，我可以在哪个位置找到用户名并向另一个系统发送请求？
我做CAS客户端根据

编辑：我正在添加配置代码，应该更容易：

@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

private AuthenticationProvider authenticationProvider;
private AuthenticationEntryPoint authenticationEntryPoint;
private SingleSignOutFilter singleSignOutFilter;
private LogoutFilter logoutFilter;

@Autowired
public SecurityConfig(CasAuthenticationProvider casAuthenticationProvider,
                      AuthenticationEntryPoint eP,
                      LogoutFilter lF
        , SingleSignOutFilter ssF
) {
    this.authenticationProvider = casAuthenticationProvider;
    this.authenticationEntryPoint = eP;

    this.logoutFilter = lF;
    this.singleSignOutFilter = ssF;

}

@Bean
public UserDetailsService userDetailsService(){
    return new CCDUserDetailsService();
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(authenticationProvider);
}

@Override
protected AuthenticationManager authenticationManager() throws Exception {
    return new ProviderManager(Arrays.asList(authenticationProvider));
}

@Bean
public CasAuthenticationFilter casAuthenticationFilter(ServiceProperties sP) throws Exception {
    CasAuthenticationFilter filter = new CasAuthenticationFilter();
    filter.setServiceProperties(sP);
    filter.setAuthenticationManager(authenticationManager());
    return filter;
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .authorizeRequests()
            .regexMatchers("/secured", "/login")
            .authenticated()
            .and()
            .httpBasic()
            .authenticationEntryPoint(authenticationEntryPoint)
            .and()
            .logout().logoutSuccessUrl("/logout")
            .and()
            .addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class)
            .addFilterBefore(logoutFilter, LogoutFilter.class);
}

}

这里我有CAS提供程序的配置

@Configuration
public class AuthenticationApp {

@Value("${serviceProperties.protocol}")
String serviceProperiesProtocol;

@Value("${serviceProperties.host}")
String serviceProperiesHost;

@Value("${serviceProperties.port}")
String serviceProperiesPort;

@Value("${entryPoint.protocol}")
String entryPointProtocol;

@Value("${entryPoint.host}")
String entryPointHost;

@Value("${entryPoint.port}")
String entryPointPort;

@Autowired
CCDUserDetailsService userDetailsService;

@Bean
public ServiceProperties serviceProperties() {
    ServiceProperties serviceProperties = new ServiceProperties();
    serviceProperties.setService("https://localhost:8080");
    serviceProperties.setSendRenew(false);
    return serviceProperties;
}

@Bean
@Primary
public AuthenticationEntryPoint authenticationEntryPoint(
        ServiceProperties sP) {

    CasAuthenticationEntryPoint entryPoint
            = new CasAuthenticationEntryPoint();
    entryPoint.setLoginUrl(entryPointProtocol + "://" +
            entryPointHost + ":" + entryPointPort + "/cas/login");
    entryPoint.setServiceProperties(sP);
    return entryPoint;
}

@Bean
public TicketValidator ticketValidator() {
    return new Cas30ServiceTicketValidator(
            entryPointProtocol + "://" +
                    entryPointHost + ":" + entryPointPort + "/cas");
}

@Bean
public CasAuthenticationProvider casAuthenticationProvider() {

    CasAuthenticationProvider provider = new CasAuthenticationProvider();
    provider.setServiceProperties(serviceProperties());
    provider.setTicketValidator(ticketValidator());
    provider.setUserDetailsService(userDetailsService);
    provider.setKey("CAS_PROVIDER_LOCALHOST_9000");
    return provider;
}

@Bean
public SecurityContextLogoutHandler securityContextLogoutHandler() {
    return new SecurityContextLogoutHandler();
}

@Bean
public LogoutFilter logoutFilter() {
    LogoutFilter logoutFilter = new LogoutFilter(
            entryPointProtocol + "://" +
                    entryPointHost + ":" + entryPointPort + "/cas/logout",
            securityContextLogoutHandler());
    logoutFilter.setFilterProcessesUrl("/logout/cas");
    return logoutFilter;
}

@Bean
public SingleSignOutFilter singleSignOutFilter() {
    SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
    singleSignOutFilter.setCasServerUrlPrefix(entryPointProtocol + "://" +
            entryPointHost + ":" + entryPointPort + "/cas");
    singleSignOutFilter.setIgnoreInitConfiguration(true);
    return singleSignOutFilter;
}

@EventListener
public SingleSignOutHttpSessionListener singleSignOutHttpSessionListener(
        HttpSessionEvent event) {
    return new SingleSignOutHttpSessionListener();
}

}

我还想确认，如果我遇到上述图像中的情况，我已经成功地从CAS端进行了完全身份验证

但是我在哪里可以找到有关用户登录的信息或从url中勾选的信息？

如果您遵循本教程，您的配置中是否有此功能

protected void configure(HttpSecurity http) throws Exception {
  http.authorizeRequests()
    .antMatchers("/**")
    .permitAll();
}

特别是

permitAll

语句，它将禁用代码中的所有身份验证机制。您可能需要进行

完全身份验证

protected void configure(HttpSecurity http) throws Exception {
  http.authorizeRequests()
    .antMatchers("/**")
    .fullyAuthenticated();
}

弹出的两个内容是：

考虑不要使

CasAuthenticationFilter

成为bean，并手动将其插入所需位置

然后确保在调用筛选器后，已调用筛选器或身份验证管理器

SecurityContextHolder.getContext().setAuthentication(yourAuthenticationObjectHere);