Springsecurity cas单点登录,循环重定向问题 10C

最近在弄springsecurity+cas实现单点登录,但配置完成测试,去发现在cas server端登录成功之后,竟出现了循环重定向问题,我springsecurity配置如下:

 <?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                        http://www.springframework.org/schema/security
                        http://www.springframework.org/schema/security/spring-security-3.2.xsd">

     <!--  Spring-Security 的配置 -->  

     <!-- 配置不过滤的资源(静态资源及登录相关) -->  
    <security:http pattern="/static/**" security="none"></security:http>  

    <!--  注意use-expressions=true.表示开启表达式,否则表达式将不可用. /access-denied.htm  , auto-config="true" use-expressions="true"-->  
    <security:http entry-point-ref="casAuthenticationEntryPoint" auto-config="true" use-expressions="true"  access-denied-page="/user/index.htm">  

        <!--允许所有人访问 access="permitAll"-->  
        <security:intercept-url pattern="/login.htm"   access="permitAll"/>  
        <security:intercept-url pattern="/regist*.htm" access="permitAll" />  
        <security:intercept-url pattern="/upload/**"   access="permitAll" />

        <!--允许IS_AUTHENTICATED_ANONYMOUSLY匿名访问
        <security:intercept-url pattern="/index.htm" access="IS_AUTHENTICATED_ANONYMOUSLY" /> -->  

        <!--允许USER权限访问   hasRole('USER')-->  
        <security:intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" /> 

         <!--允许USER权限访问-->  
        <security:intercept-url pattern="/exam/**" access="hasRole('ROLE_USER')" /> 

        <!--允许ROLE权限访问-->  
        <security:intercept-url pattern="/auth/**" access="hasRole('ROLE_ROLE')" />  

        <!--允许ADMIN权限访问所有资源-->  
        <security:intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" />  

         <!--**** cas单点  .2015-06-23 by cyj ****-->
        <security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></security:custom-filter>
        <!--**** cas单点  .2015-06-23 by cyj ****-->

    </security:http>  

    <!--***************************************** CAS TEST  2015-06-23  . by cyj***************************************** -->

    <!--
    The CAS filter handles the redirect from the CAS server and starts the ticket validation.
    -->
    <bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager"></property>
        <property name="authenticationSuccessHandler">
            <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"> 
                <property name="alwaysUseDefaultTargetUrl">
                    <value>true</value>
                </property>
                <property name="defaultTargetUrl">
                    <value>http://localhost:8080/user/index.htm</value>
                </property>
            </bean>
        </property>
    </bean>


    <!--**** 2015-06-23,CAS TEST ****-->
    <security:authentication-manager alias="authenticationManager" erase-credentials="false">  
        <security:authentication-provider  ref="casAuthenticationProvider">  
        </security:authentication-provider>  
    </security:authentication-manager>  
    <!--**** 2015-06-23,CAS TEST ****-->

    <!--
    Handles the CAS ticket processing.
    -->
    <bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
        <property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/>
        <property name="serviceProperties" ref="serviceProperties"></property>
        <property name="ticketValidator">
            <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                <constructor-arg index="0" value="https://localhost:8443/cas-server" /> <!-- //SSO验证地址 -->
            </bean>
        </property>
        <property name="key" value="cas123"></property>
    </bean>

    <!-- authorities对应 CAS server的 登录属性, 在此设置到spirng security中,用于spring security的验证 
    <bean id="authenticationUserDetailsService" class="org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService">
        <constructor-arg>
            <array>
                <value>authorities</value>
            </array>
        </constructor-arg>
    </bean>
    -->

    <bean id="authenticationUserDetailsService" class="com.bms.comm.cas.MyAuthenticationUserDetailsService">
        <!-- <constructor-arg>
            <array>
                <value>authorities</value>
            </array>
        </constructor-arg> -->
        <property name="attributes">
            <array>
                <value>authorities</value>
            </array>
        </property>
    </bean>

    <!--
    This section is used to configure CAS. The service is the
    actual redirect that will be triggered after the CAS login sequence.
    //http://localhost:8088/SpringSecurity 具体应用
    // j_spring_cas_security_check spring的虚拟URL,此标志标识使用 CAS authentication upon return from CAS SSO login. -->

    <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
        <property name="service" value="https://localhost:8447/j_spring_cas_security_check"></property>
        <property name="sendRenew" value="false"></property>
    </bean>

    <!--
    The entryPoint intercepts all the CAS authentication requests.
    It redirects to the CAS loginUrl for the CAS login page.
    通过上述的配置,则具体应用在使用的时候,用户认证和授权则无需过问,只需在应用中配置相关的角色访问权限即可。即,只需对下面的红色部分进行修改,
    即可以完成应用的认证和授权工作。大大简化了应用和认证与授权的剥离工作
    -->
    <bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
        <property name="loginUrl" value="https://localhost:8443/cas-server/login"></property> <!-- //SSO登录地址 -->
        <property name="serviceProperties" ref="serviceProperties"></property>
    </bean>



</beans>

请大牛帮我看下,看我的配置哪有问题?谢谢!!

1个回答

手机上看起来费劲,循环重定向一般都是配置一个路径被拦截,而又有拦截被跳转到该页面导致了。看看配置文件逻辑上有没有问题

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问