acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
2007-12-23 14:16
489 查看
First, Set SpringSide's web.xml, we use Acegi CAS Filter:
< filter-mapping >
< filter-name > hibernateFilter filter-name >
< url-pattern > /j_acegi_cas_security_check url-pattern >
filter-mapping >
We Should Set Main ACEGI application Context:
1) filterChainProxy should add a cas filter as Acegi's Sample, but here, we reuse
authenticationProcessingFilter, which we act as cas client filter.
< bean id ="filterChainProxy"
class ="org.acegisecurity.util.FilterChainProxy" >
< property name ="filterInvocationDefinitionSource" >
< value >
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,anonymousProcessingFilter,authenticationProcessingFilter,rememberMeProcessingFilter,logoutFilter,channelProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor
value >
property >
bean >
2) authenticationProcessingFilter, of course, play the most important role in this
applicationContext_acegi.xml.
In SpringSide, /admin is protected resource, so defaultTargetUrl protected it
and all those request to the target url must be authenticated by authenticationManager.
/security/login.jsp?login_error=1
/admin/
/j_acegi_cas_security_check
org.acegisecurity.userdetails.UsernameNotFoundException=/security/login.jsp?login_error=user_not_found_error
org.acegisecurity.BadCredentialsException=/security/login.jsp?login_error=user_psw_error
org.acegisecurity.concurrent.ConcurrentLoginException=/security/login.jsp?login_error=too_many_user_error
3) Then, we set all the needed beans in CAS Filter
https://sourcesite:8443/cas/login
my_password_for_this_auth_provider_only
https://sourcesite:8443/cas/proxyValidate
http://gzug:8080/springside/j_acegi_cas_security_check
false
/casfailed.jsp
/
/j_acegi_cas_security_check
casProcessingFilterEntryPoint is very critical,
loginUrl is the CAS Server's /login url, you should set up your CAS Server(2.0 or 3.0) and config for
those JKS keystore after enable SSL in Tomcat(Tomcat 5.5/conf/server.xml) and place the cacerts that
have the CAS Server's public cert to Acegi Client's JDK/jre/lib/security/
Check serviceProperties to make sure that SpringSide Service url is config as /j_acegi_cas_security_check
because Yale CAS use ticket cache for SSO impl, so we should config for statelessTicketCache
Just use springframework's ehcache for cacheManager.
SpringSide use jdbcDaoImpl which perform database authentication. So I am very happy to use it
as casAuthoritiesPopulator , which will set use detail for the user. And these info are very useful for
application authorization.
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
select loginid,passwd,1 from ss_users where status='1' and loginid = ?
select u.loginid,p.name from ss_users u,ss_roles r,ss_permissions
p,ss_user_role ur,ss_role_permis rp where u.id=ur.user_id and
r.id=ur.role_id and p.id=rp.permis_id and
r.id=rp.role_id and p.status='1' and u.loginid=?
There is little difference between casclient 2.0.12 and Acegi, right?
Note that in my env, gzug:8080/springside is bookstore webapp
and sourcesite:8443 is the CAS 3 Server.
Hope for suggestion.....
Trackback: http://tb.blog.csdn.net/TrackBack.aspx?PostId=1503506
< filter-mapping >
< filter-name > hibernateFilter filter-name >
< url-pattern > /j_acegi_cas_security_check url-pattern >
filter-mapping >
We Should Set Main ACEGI application Context:
1) filterChainProxy should add a cas filter as Acegi's Sample, but here, we reuse
authenticationProcessingFilter, which we act as cas client filter.
< bean id ="filterChainProxy"
class ="org.acegisecurity.util.FilterChainProxy" >
< property name ="filterInvocationDefinitionSource" >
< value >
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,anonymousProcessingFilter,authenticationProcessingFilter,rememberMeProcessingFilter,logoutFilter,channelProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor
value >
property >
bean >
2) authenticationProcessingFilter, of course, play the most important role in this
applicationContext_acegi.xml.
In SpringSide, /admin is protected resource, so defaultTargetUrl protected it
and all those request to the target url must be authenticated by authenticationManager.
org.acegisecurity.userdetails.UsernameNotFoundException=/security/login.jsp?login_error=user_not_found_error
org.acegisecurity.BadCredentialsException=/security/login.jsp?login_error=user_psw_error
org.acegisecurity.concurrent.ConcurrentLoginException=/security/login.jsp?login_error=too_many_user_error
3) Then, we set all the needed beans in CAS Filter
casProcessingFilterEntryPoint is very critical,
loginUrl is the CAS Server's /login url, you should set up your CAS Server(2.0 or 3.0) and config for
those JKS keystore after enable SSL in Tomcat(Tomcat 5.5/conf/server.xml) and place the cacerts that
have the CAS Server's public cert to Acegi Client's JDK/jre/lib/security/
Check serviceProperties to make sure that SpringSide Service url is config as /j_acegi_cas_security_check
because Yale CAS use ticket cache for SSO impl, so we should config for statelessTicketCache
Just use springframework's ehcache for cacheManager.
SpringSide use jdbcDaoImpl which perform database authentication. So I am very happy to use it
as casAuthoritiesPopulator , which will set use detail for the user. And these info are very useful for
application authorization.
select loginid,passwd,1 from ss_users where status='1' and loginid = ?
select u.loginid,p.name from ss_users u,ss_roles r,ss_permissions
p,ss_user_role ur,ss_role_permis rp where u.id=ur.user_id and
r.id=ur.role_id and p.id=rp.permis_id and
r.id=rp.role_id and p.status='1' and u.loginid=?
There is little difference between casclient 2.0.12 and Acegi, right?
Note that in my env, gzug:8080/springside is bookstore webapp
and sourcesite:8443 is the CAS 3 Server.
Hope for suggestion.....
Trackback: http://tb.blog.csdn.net/TrackBack.aspx?PostId=1503506
相关文章推荐
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- 项目源码--Android基于LBS地理位置信息应用的客户端
- SharpStreaming项目开发纪实:构建基于RTSP协议的服务器及客户端应用(一)——准备知识(RTSP协议)
- SharpStreaming项目开发纪实:构建基于RTSP协议的服务器及客户端应用(三)——客户端的业务代码实现
- SharpStreaming项目开发纪实:构建基本的服务器及客户端应用(二)——准备知识(事件编程)
- 菜鸟-手把手教你把Acegi应用到实际项目中(2)
- 菜鸟-手把手教你把Acegi应用到实际项目中(7)-缓存用户信息
- SharpStreaming项目开发纪实:构建基本的服务器及客户端应用(六)——服务器通信部分初步实现
- i合拍应用客户端安卓项目源码
- SharpStreaming项目开发纪实:构建基于RTSP协议的服务器及客户端应用(三)——客户端的业务代码实现
- 菜鸟-教你把Acegi应用到实际项目(9)-实现FilterInvocationDefinition