SpringSecurity3整合CAS实现单点登录

国内私募机构九鼎控股打造APP，来就送 20元现金领取地址：http://jdb.jiudingcapital.com/phone.html
内部邀请码：C8E245J （不写邀请码，没有现金送）
国内私募机构九鼎控股打造，九鼎投资是在全国股份转让系统挂牌的公众公司，股票代码为430719，为“中国PE第一股”，市值超1000亿元。 

------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

SpringSecurity本身已经做好了与CAS的集成工作，只需要我们做简单配置就可以了

步骤1 spring-cas.xml配置文件内容如下(完整版)

 

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xsi:schemaLocation="  http://www.springframework.org/schema/context  http://www.springframework.org/schema/context/spring-context-2.5.xsd
           http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"
    default-lazy-init="true">
    <context:component-scan base-package="com.itec.core" />
<!--SSO -->
    <http auto-config="false" entry-point-ref="casEntryPoint" servlet-api-provision="true">
        <intercept-url pattern="/login.do" filters="none" />
        <intercept-url pattern="/image.do" filters="none" />
        <intercept-url pattern="/admin/*.do*" access="ROLE_LOGIN" />
        <!-- logout-success-url="/login.html" -->
<!--        <logout logout-url="/login.do" success-handler-ref="casLogoutSuccessHandler"/>   -->
        <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
        <custom-filter position="FORM_LOGIN_FILTER" ref="casFilter"/>
        <custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />
    </http>

    <beans:bean id="casEntryPoint"  class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
        <beans:property name="loginUrl" value="http://172.19.50.21:9083/HASLSSO/login"/>
        <beans:property name="serviceProperties" ref="serviceProperties"/>
    </beans:bean>
    <beans:bean id="serviceProperties"  class="org.springframework.security.cas.ServiceProperties">
        <beans:property name="service"  value="http://172.19.4.225:8080/HACMS/j_spring_cas_security_check"/>
        <beans:property name="sendRenew" value="false"/>
    </beans:bean>

    <beans:bean id="casFilter"  class="org.springframework.security.cas.web.CasAuthenticationFilter">
        <beans:property name="authenticationManager" ref="authenticationManager"/>
    </beans:bean>

    <authentication-manager alias="authenticationManager">
        <authentication-provider ref="casAuthenticationProvider"/>
    </authentication-manager>

    <beans:bean id="casAuthenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
        <beans:property name="userDetailsService" >
            <beans:ref bean="userDetailsManager" />
        </beans:property>
    </beans:bean>

    <beans:bean id="casAuthenticationProvider"
            class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
        <beans:property name="authenticationUserDetailsService" ref="casAuthenticationUserDetailsService"/>
        <beans:property name="serviceProperties" ref="serviceProperties" />
        <beans:property name="ticketValidator">
            <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                <beans:constructor-arg index="0" value="http://172.19.50.21:9083/HASLSSO" />
            </beans:bean>
        </beans:property>
        <beans:property name="key" value="an_id_for_this_auth_provider_only"/>
    </beans:bean>

    <!-- 注销客户端 -->
    <beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />

    <!-- 注销服务器端 -->
    <beans:bean id="requestSingleLogoutFilter"
    class="org.springframework.security.web.authentication.logout.LogoutFilter">
    <beans:constructor-arg
    value="http://172.19.50.21:9083/HASLSSO/logout" />
    <beans:constructor-arg>
    <beans:bean
    class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
    </beans:constructor-arg>
    <beans:property name="filterProcessesUrl" value="/j_spring_cas_security_logout" />
    </beans:bean>

</beans:beans>

步骤2 之前的UserDetailsManager不需要改任何代码

@Service
public class UserDetailsManager implements UserDetailsService {

步骤3 web.xml需要修改一点东西，不加载Security的配置文件就行了

<context-param>
        <param-name>contextConfigLocation</param-name>
        <!-- 使用工程本身验证 -->
        <param-value>/WEB-INF/spring-config.xml,/WEB-INF/spring-freemarker.xml,/WEB-INF/spring-jpa.xml,/WEB-INF/spring-security.xml</param-value>
        <!-- 使用 SSO 验证 -->
<!--        <param-value>/WEB-INF/spring-config.xml,/WEB-INF/spring-freemarker.xml,/WEB-INF/spring-jpa.xml,/WEB-INF/spring-cas.xml</param-value> -->
    </context-param>

大功告成~！