SpringSecurity3整合CAS實作單點登入

SpringSecurity本身已經做好了與CAS的內建工作，隻需要我們做簡單配置就可以了

步驟1 spring-cas.xml配置檔案内容如下(完整版)

<?xml version="1.0" encoding="UTF-8"?> 

<beans:beans xmlns="http://www.springframework.org/schema/security" 

    xmlns:context="http://www.springframework.org/schema/context" 

    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" 

    xmlns:beans="http://www.springframework.org/schema/beans" 

    xsi:schemaLocation="  http://www.springframework.org/schema/context  http://www.springframework.org/schema/context/spring-context-2.5.xsd  

           http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd    

           http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"  

    default-lazy-init="true"> 

    <context:component-scan base-package="com.itec.core" /> 

<!--SSO --> 

    <http auto-config="false" entry-point-ref="casEntryPoint" servlet-api-provision="true">    

        <intercept-url pattern="/login.do" filters="none" /> 

        <intercept-url pattern="/image.do" filters="none" /> 

        <intercept-url pattern="/admin/*.do*" access="ROLE_LOGIN" />   

        <!-- logout-success-url="/login.html" -->    

<!--        <logout logout-url="/login.do" success-handler-ref="casLogoutSuccessHandler"/>   --> 

        <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />   

        <custom-filter position="FORM_LOGIN_FILTER" ref="casFilter"/>    

        <custom-filter ref="singleLogoutFilter" before="CAS_FILTER" /> 

    </http>   

    <beans:bean id="casEntryPoint"  class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">    

        <beans:property name="loginUrl" value="http://172.19.50.21:9083/HASLSSO/login"/>    

        <beans:property name="serviceProperties" ref="serviceProperties"/>    

    </beans:bean> 

    <beans:bean id="serviceProperties"  class="org.springframework.security.cas.ServiceProperties">    

        <beans:property name="service"  value="http://172.19.4.225:8080/HACMS/j_spring_cas_security_check"/>    

        <beans:property name="sendRenew" value="false"/>    

    <beans:bean id="casFilter"  class="org.springframework.security.cas.web.CasAuthenticationFilter">    

        <beans:property name="authenticationManager" ref="authenticationManager"/>    

    </beans:bean>    

    <authentication-manager alias="authenticationManager">    

        <authentication-provider ref="casAuthenticationProvider"/>   

    </authentication-manager>    

    <beans:bean id="casAuthenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">    

        <beans:property name="userDetailsService" >    

            <beans:ref bean="userDetailsManager" />    

        </beans:property>    

    <beans:bean id="casAuthenticationProvider"    

            class="org.springframework.security.cas.authentication.CasAuthenticationProvider">    

        <beans:property name="authenticationUserDetailsService" ref="casAuthenticationUserDetailsService"/>    

        <beans:property name="serviceProperties" ref="serviceProperties" />    

        <beans:property name="ticketValidator">    

            <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">    

                <beans:constructor-arg index="0" value="http://172.19.50.21:9083/HASLSSO" />    

            </beans:bean>    

        <beans:property name="key" value="an_id_for_this_auth_provider_only"/>    

    <!-- 登出用戶端 --> 

    <beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" /> 

    <!-- 登出伺服器端 --> 

    <beans:bean id="requestSingleLogoutFilter" 

    class="org.springframework.security.web.authentication.logout.LogoutFilter"> 

    <beans:constructor-arg 

    value="http://172.19.50.21:9083/HASLSSO/logout" /> 

    <beans:constructor-arg> 

    <beans:bean 

    class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/> 

    </beans:constructor-arg> 

    <beans:property name="filterProcessesUrl" value="/j_spring_cas_security_logout" /> 

</beans:beans>    

步驟2 之前的UserDetailsManager不需要改任何代碼

@Service 

public class UserDetailsManager implements UserDetailsService { 

步驟3 web.xml需要修改一點東西，不加載Security的配置檔案就行了

<context-param> 

        <param-name>contextConfigLocation</param-name> 

        <!-- 使用工程本身驗證 --> 

        <param-value>/WEB-INF/spring-config.xml,/WEB-INF/spring-freemarker.xml,/WEB-INF/spring-jpa.xml,/WEB-INF/spring-security.xml</param-value> 

        <!-- 使用 SSO 驗證 --> 

<!--        <param-value>/WEB-INF/spring-config.xml,/WEB-INF/spring-freemarker.xml,/WEB-INF/spring-jpa.xml,/WEB-INF/spring-cas.xml</param-value> --> 

    </context-param> 

大功告成~！

本文轉自 tony_action 51CTO部落格，原文連結：http://blog.51cto.com/tonyaction/898173，如需轉載請自行聯系原作者