问题描述
- Springsecurity cas单点登录,循环重定向问题
-
最近在弄springsecurity+cas实现单点登录,但配置完成测试,去发现在cas server端登录成功之后,竟出现了循环重定向问题,我springsecurity配置如下:<?xml version="1.0" encoding="UTF-8" ?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd"> <!-- Spring-Security 的配置 --> <!-- 配置不过滤的资源(静态资源及登录相关) --> <security:http pattern="/static/**" security="none"></security:http> <!-- 注意use-expressions=true.表示开启表达式,否则表达式将不可用. /access-denied.htm , auto-config="true" use-expressions="true"--> <security:http entry-point-ref="casAuthenticationEntryPoint" auto-config="true" use-expressions="true" access-denied-page="/user/index.htm"> <!--允许所有人访问 access="permitAll"--> <security:intercept-url pattern="/login.htm" access="permitAll"/> <security:intercept-url pattern="/regist*.htm" access="permitAll" /> <security:intercept-url pattern="/upload/**" access="permitAll" /> <!--允许IS_AUTHENTICATED_ANONYMOUSLY匿名访问 <security:intercept-url pattern="/index.htm" access="IS_AUTHENTICATED_ANONYMOUSLY" /> --> <!--允许USER权限访问 hasRole('USER')--> <security:intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" /> <!--允许USER权限访问--> <security:intercept-url pattern="/exam/**" access="hasRole('ROLE_USER')" /> <!--允许ROLE权限访问--> <security:intercept-url pattern="/auth/**" access="hasRole('ROLE_ROLE')" /> <!--允许ADMIN权限访问所有资源--> <security:intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" /> <!--**** cas单点 .2015-06-23 by cyj ****--> <security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></security:custom-filter> <!--**** cas单点 .2015-06-23 by cyj ****--> </security:http> <!--***************************************** CAS TEST 2015-06-23 . by cyj***************************************** --> <!-- The CAS filter handles the redirect from the CAS server and starts the ticket validation. --> <bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"> <property name="authenticationManager" ref="authenticationManager"></property> <property name="authenticationSuccessHandler"> <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"> <property name="alwaysUseDefaultTargetUrl"> <value>true</value> </property> <property name="defaultTargetUrl"> <value>http://localhost:8080/user/index.htm</value> </property> </bean> </property> </bean> <!--**** 2015-06-23,CAS TEST ****--> <security:authentication-manager alias="authenticationManager" erase-credentials="false"> <security:authentication-provider ref="casAuthenticationProvider"> </security:authentication-provider> </security:authentication-manager> <!--**** 2015-06-23,CAS TEST ****--> <!-- Handles the CAS ticket processing. --> <bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> <property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/> <property name="serviceProperties" ref="serviceProperties"></property> <property name="ticketValidator"> <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <constructor-arg index="0" value="https://localhost:8443/cas-server" /> <!-- //SSO验证地址 --> </bean> </property> <property name="key" value="cas123"></property> </bean> <!-- authorities对应 CAS server的 登录属性, 在此设置到spirng security中,用于spring security的验证 <bean id="authenticationUserDetailsService" class="org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService"> <constructor-arg> <array> <value>authorities</value> </array> </constructor-arg> </bean> --> <bean id="authenticationUserDetailsService" class="com.bms.comm.cas.MyAuthenticationUserDetailsService"> <!-- <constructor-arg> <array> <value>authorities</value> </array> </constructor-arg> --> <property name="attributes"> <array> <value>authorities</value> </array> </property> </bean> <!-- This section is used to configure CAS. The service is the actual redirect that will be triggered after the CAS login sequence. //http://localhost:8088/SpringSecurity 具体应用 // j_spring_cas_security_check spring的虚拟URL,此标志标识使用 CAS authentication upon return from CAS SSO login. --> <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"> <property name="service" value="https://localhost:8447/j_spring_cas_security_check"></property> <property name="sendRenew" value="false"></property> </bean> <!-- The entryPoint intercepts all the CAS authentication requests. It redirects to the CAS loginUrl for the CAS login page. 通过上述的配置,则具体应用在使用的时候,用户认证和授权则无需过问,只需在应用中配置相关的角色访问权限即可。即,只需对下面的红色部分进行修改, 即可以完成应用的认证和授权工作。大大简化了应用和认证与授权的剥离工作 --> <bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"> <property name="loginUrl" value="https://localhost:8443/cas-server/login"></property> <!-- //SSO登录地址 --> <property name="serviceProperties" ref="serviceProperties"></property> </bean> </beans>请大牛帮我看下,看我的配置哪有问题?谢谢!!
解决方案
手机上看起来费劲,循环重定向一般都是配置一个路径被拦截,而又有拦截被跳转到该页面导致了。看看配置文件逻辑上有没有问题
时间: 2024-10-06 11:03:46