Spring security 3.0和CAS的新增功能。客户端web应用程序是一个Spring3.0mvc,它使用带有CAS的Spring安全过滤器(DelegatingFilterProxy)来验证用户,并且运行良好。每个页面顶部的登录链接将用户重定向到远程CAS服务器,成功登录CAS远程服务器后,将网页发送回Spring web应用程序,不会出现任何错误。问题是,我不知道如何从CAS获取用户的数据?
security.xml文件:
<http entry-point-ref="casEntryPoint" auto-config="true">
<intercept-url pattern="/*.html" filters="none"/>
<intercept-url pattern="/login.jsp" filters="none"/>
<custom-filter ref="casFilter" position="CAS_FILTER" />
<logout logout-success-url="https://CAS_server.com/cas/logout"/>
</http>
<user-service id="userService">
<user name="myApp_auto" authorities="ROLE_USER"/>
</user-service>
<authentication-manager alias="authManager">
<authentication-provider ref="casAuthProvider" />
</authentication-manager>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="https://myIpAddrress/myapps/homePage.htm"/>
<property name="sendRenew" value="false"/>
</bean>
<bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="https://CAS_server.com/cas/login"/>
<property name="serviceProperties" ref="serviceProperties"/>
</bean>
<bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authManager"/>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/myapps/homePage.html" />
</bean>
</property>
</bean>
<bean id="ticketValidator" class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg value="https://CAS_server.com/cas/login" />
</bean>
<bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="ticketValidator" ref="ticketValidator"/>
<property name="serviceProperties" ref="serviceProperties"/>
<property name="authenticationUserDetailsService">
<bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<constructor-arg ref="userService" />
</bean>
</property>
<property name="key" value="empNumber"></property>
</bean>
在身份验证过程中,CAS服务器通常检索用户id,但也检索其属性。因此,您可以跳过在应用程序端执行此操作。将这些属性从CAS服务器发送到应用程序的方法是,在正确配置CAS服务以允许发送这些属性后,使用SAML服务票证验证:http://jasig.github.io/cas/current/integration/Attribute-Release.html
https://github.com/Jasig/java-cas-client/blob/master/cas-client-core/src/main/java/org/jasig/cas/client/validation/Saml11TicketValidator.java