关于CAS单点登录的用户认证

现有多个系统web1,web2,web3...
用户张三,在web1里用户名密码是user1/123,在web2里用户名密码是zhangsan/456,在web3里用户名密码是abc/789……
这些多个系统的用户名密码存放在不同数据库中,但是每个数据库里都有“工号”这个字段,且为必填项。
现在将这多个系统用CAS做单点登录,这多个数据库如何通过“工号”这个字段统一?
刚看到的一个思路:
单对多模式;一个用户使用不同凭证登录不同系统;| 给sina一个凭证,sina用户就可以登录本系统了;| 然后基于传递过来的用户信息,创建一个本系统用户,保存相应凭证;下次就可以再次直接使用了;
这个具体怎么实现?

1个回答

1.首先你要实现一个过滤器,功能是检测登录状态,这个过滤器最好打成jar包,然后你所有受信任的项目都要导入这个过滤器,
2.过滤器的内容是:检查登录状态,若已经登录则直接跳转到请求画面,没有登录则调到cas认证中心进行认证。
3.何为cas认证中心:你需要利用Cookie映射token(密匙)的方式在内存中存储登录状态的信息
4.cas认证中心为一个独立的项目,它能够认证不同项目的登录请求,即不管是哪个项目的账户登录,登陆成功,生成token,返回Cookie,

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
其他相关推荐
CAS单点登录问题,认证成功如何自动登录

如果有应用AB两个系统,AB本身都有登录页面,访问A系统将被CAS拦截认证, 认证成功跳转到A应用的login.jsp,本人做的是获取刚才登录的用户名密码,自动填充到 login.jsp页面登录成功,那么请问(1)这样做是否正确? 此时再访问应用B则不需要前往认证中心去认证,那么请问(2)在应用A和B分别拥有数据库的时候,应用B要如何才能成功登录?是否需要把AB数据库进行关联,还是通过设置token跳过B的登录?

java 关于cas单点登录成功后跳转问题

问题描述: 1.正常情况下cas从服务端登录后跳转成功界面;需改造成从服务端登录后总是显示登录界面。并且切换用户,客户端能够正确显示不同用户信息。 修改login-webflow.xml中判断service是否存在 不存在时跳转到generateLoginTicket ![图片说明](https://img-ask.csdn.net/upload/201607/20/1469003836_834819.png) 2.只登陆服务端测试,登录成功后能够跳转登录页面,再次使用另一组用户,提交成功。 3.从服务器登录 ,重新打开窗口并访问客户端地址,客户端跳转成功,在原来服务端窗口切换用户登录,提交 不能提交成功。如下图所示: ![图片说明](https://img-ask.csdn.net/upload/201607/20/1469004719_251132.png) ![图片说明](https://img-ask.csdn.net/upload/201607/20/1469004764_963750.png) ![图片说明](https://img-ask.csdn.net/upload/201607/20/1469004775_578001.png) debug跟踪时第二次登录没有执行authenticationViaFormAction.doBind该步骤,反而重新走了登录流程。 希望得到大神指点!

CAS 单点登录集成问题,集成其他系统软件,其他系统都有自己独立的用户模块(数据库也不是不同的)

CAS 单点登录集成问题,服务端搭建好后,集成其他系统软件,其他系统都有自己独立的用户模块(数据库也不是不同的),有什么办法能解决一下吗。 还是只能修改其他系统的模块代码。

shiro +cas 整合单点登录页面重定向的问题 后台是jeesite框架

访问系统的时候页面进入cas的登录页,输入用户名密码之后就进入了重定向了,不知道该怎么配这个配置文件了。大神能给我分析分析问题出在哪了么 ``` <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd" default-lazy-init="true"> <description>Shiro Configuration</description> <!-- 加载配置属性文件 --> <context:property-placeholder ignore-unresolvable="true" location="classpath:jeesite.properties" /> <!-- Shiro权限过滤过滤器定义 --> <bean name="shiroFilterChainDefinitions" class="java.lang.String"> <constructor-arg> <value> /static/** = anon /api/test = anon /api/userRegist = anon ${adminPath}/userApi/userRegist = anon /api/** = anon /userfiles/** = anon ${adminPath}/upload = anon ${adminPath}/cas = cas ${adminPath}/login = authc ${adminPath}/logout = logoutFilter <!-- ${adminPath}/** = user --> /shiro-cas = cas <!-- /logout = logoutFilter --> /a/** = user /a/sys/hlApi = anon ${adminPath}/sys/hlApi/form = anon /act/rest/service/editor/** = perms[act:model:edit] /act/rest/service/model/** = perms[act:model:edit] /act/rest/service/** = user /ReportServer/** = user </value> </constructor-arg> </bean> <!-- 安全认证过滤器 --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /><!-- <property name="loginUrl" value="${cas.server.url}?service=${cas.project.url}${adminPath}/cas" /> --> <!-- <property name="loginUrl" value="${adminPath}/login" /> <property name="successUrl" value="${adminPath}?login" /> --> <property name="loginUrl" value="${loginUrl}" /> <property name="filters"> <map> <entry key="cas" value-ref="casFilter"/> <entry key="authc" value-ref="formAuthenticationFilter"/> <entry key="logoutFilter" value-ref="logoutFilter"/> </map> </property> <property name="filterChainDefinitions"> <ref bean="shiroFilterChainDefinitions"/> </property> </bean> <bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter"> <!-- 配置验证错误时的失败页面 --> <property name="redirectUrl" value="${logoutUrl}" /> </bean> <!-- CAS认证过滤器 --> <bean id="casFilter" class="org.apache.shiro.cas.CasFilter"> <property name="failureUrl" value="${loginFailedUrl}"/> <property name="successUrl" value="${loginSuccessUrl}" /> </bean> <!-- 定义Shiro安全管理配置 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="subjectFactory" ref="casSubjectFactory"></property> <property name="realm" ref="UserRealm" /> <!-- <property name="realm" ref="systemAuthorizingRealm" /> <property name="sessionManager" ref="sessionManager" /> <property name="cacheManager" ref="shiroCacheManager" /> --> </bean> <bean id="casSubjectFactory" class="org.apache.shiro.cas.CasSubjectFactory"></bean> <bean id="UserRealm" class="com.thinkgem.jeesite.modules.sys.security.UserRealm" depends-on="userDao,roleDao,menuDao"> <property name="defaultRoles" value="ROLE_USER" /> <property name="casServerUrlPrefix" value="${shiro.cas.serverUrlPrefix}" /> <property name="casService" value="${shiro.cas.service}" /> </bean> <!-- 自定义会话管理配置 --> <bean id="sessionManager" class="com.thinkgem.jeesite.common.security.shiro.session.SessionManager"> <property name="sessionDAO" ref="sessionDAO"/> <!-- 会话超时时间,单位:毫秒 --> <property name="globalSessionTimeout" value="${session.sessionTimeout}"/> <!-- 定时清理失效会话, 清理用户直接关闭浏览器造成的孤立会话 --> <property name="sessionValidationInterval" value="${session.sessionTimeoutClean}"/> <!-- <property name="sessionValidationSchedulerEnabled" value="false"/> --> <property name="sessionValidationSchedulerEnabled" value="true"/> <property name="sessionIdCookie" ref="sessionIdCookie"/> <property name="sessionIdCookieEnabled" value="true"/> </bean> <!-- 指定本系统SESSIONID, 默认为: JSESSIONID 问题: 与SERVLET容器名冲突, 如JETTY, TOMCAT 等默认JSESSIONID, 当跳出SHIRO SERVLET时如ERROR-PAGE容器会为JSESSIONID重新分配值导致登录会话丢失! --> <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> <constructor-arg name="name" value="jeesite.session.id"/> </bean> <!-- 自定义Session存储容器 --> <bean id="sessionDAO" class="com.thinkgem.jeesite.common.security.shiro.session.JedisSessionDAO"> <property name="sessionIdGenerator" ref="idGen" /> <property name="sessionKeyPrefix" value="${redis.keyPrefix}_session_" /> </bean> <!--<bean id="sessionDAO" class="com.thinkgem.jeesite.common.security.shiro.session.CacheSessionDAO"> <property name="sessionIdGenerator" ref="idGen" /> <property name="activeSessionsCacheName" value="activeSessionsCache" /> <property name="cacheManager" ref="shiroCacheManager" /> </bean>--> <!-- 定义授权缓存管理器 --> <bean id="shiroCacheManager" class="com.thinkgem.jeesite.common.security.shiro.cache.SessionCacheManager" /> <!--<bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManager" ref="cacheManager"/> </bean> --> <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> <!-- AOP式方法级权限检查 --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true" /> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> </beans> ``` shiro.cas.service=127.0.0.1:8181/a/login shiro.cas.serverUrlPrefix=127.0.0.1:8081/cas/login loginUrl=http://127.0.0.1:8081/cas/login?service=http://127.0.0.1:8181/a/login logoutUrl=http://127.0.0.1:8081/cas/logout?service=http://127.0.0.1:8181/a/ loginSuccessUrl=127.0.0.1:8181/a/upload.jsp loginFailedUrl=/a/login

JAVA CAS 单点登录 登录成功后 跳转指定URL的问题

假设目前有三个系统: cas app1 app2 当访问app1时大致请求流程为 app1-cas-app1 需实现: app1-cas-app2 访问app1 ,重定向到cas认证, 认证成功后重定向到app2 (app2类似于门户系统) 该操作只在登录时执行 目前 CAS 默认是重定向回app1 app1系统使用Spring Security集成 CAS 可通过 SecurityConfig 实现 @Bean public AuthenticationSuccessHandler authenticationSuccessHandler() { SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); successHandler.setDefaultTargetUrl(successUrl); return successHandler; } 但是现在另有子系统app2 没有用 Security作为安全框架 应该怎么配置? 如果我在app1的web.xml中配置 ![图片说明](https://img-ask.csdn.net/upload/201810/15/1539599059_3892.png) 这样会导致app1的所有请求都会跳转到app2中 请各路神仙不吝赐教

Springsecurity cas单点登录,循环重定向问题

最近在弄springsecurity+cas实现单点登录,但配置完成测试,去发现在cas server端登录成功之后,竟出现了循环重定向问题,我springsecurity配置如下: ``` <?xml version="1.0" encoding="UTF-8" ?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd"> <!-- Spring-Security 的配置 --> <!-- 配置不过滤的资源(静态资源及登录相关) --> <security:http pattern="/static/**" security="none"></security:http> <!-- 注意use-expressions=true.表示开启表达式,否则表达式将不可用. /access-denied.htm , auto-config="true" use-expressions="true"--> <security:http entry-point-ref="casAuthenticationEntryPoint" auto-config="true" use-expressions="true" access-denied-page="/user/index.htm"> <!--允许所有人访问 access="permitAll"--> <security:intercept-url pattern="/login.htm" access="permitAll"/> <security:intercept-url pattern="/regist*.htm" access="permitAll" /> <security:intercept-url pattern="/upload/**" access="permitAll" /> <!--允许IS_AUTHENTICATED_ANONYMOUSLY匿名访问 <security:intercept-url pattern="/index.htm" access="IS_AUTHENTICATED_ANONYMOUSLY" /> --> <!--允许USER权限访问 hasRole('USER')--> <security:intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" /> <!--允许USER权限访问--> <security:intercept-url pattern="/exam/**" access="hasRole('ROLE_USER')" /> <!--允许ROLE权限访问--> <security:intercept-url pattern="/auth/**" access="hasRole('ROLE_ROLE')" /> <!--允许ADMIN权限访问所有资源--> <security:intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" /> <!--**** cas单点 .2015-06-23 by cyj ****--> <security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></security:custom-filter> <!--**** cas单点 .2015-06-23 by cyj ****--> </security:http> <!--***************************************** CAS TEST 2015-06-23 . by cyj***************************************** --> <!-- The CAS filter handles the redirect from the CAS server and starts the ticket validation. --> <bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"> <property name="authenticationManager" ref="authenticationManager"></property> <property name="authenticationSuccessHandler"> <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"> <property name="alwaysUseDefaultTargetUrl"> <value>true</value> </property> <property name="defaultTargetUrl"> <value>http://localhost:8080/user/index.htm</value> </property> </bean> </property> </bean> <!--**** 2015-06-23,CAS TEST ****--> <security:authentication-manager alias="authenticationManager" erase-credentials="false"> <security:authentication-provider ref="casAuthenticationProvider"> </security:authentication-provider> </security:authentication-manager> <!--**** 2015-06-23,CAS TEST ****--> <!-- Handles the CAS ticket processing. --> <bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> <property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/> <property name="serviceProperties" ref="serviceProperties"></property> <property name="ticketValidator"> <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <constructor-arg index="0" value="https://localhost:8443/cas-server" /> <!-- //SSO验证地址 --> </bean> </property> <property name="key" value="cas123"></property> </bean> <!-- authorities对应 CAS server的 登录属性, 在此设置到spirng security中,用于spring security的验证 <bean id="authenticationUserDetailsService" class="org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService"> <constructor-arg> <array> <value>authorities</value> </array> </constructor-arg> </bean> --> <bean id="authenticationUserDetailsService" class="com.bms.comm.cas.MyAuthenticationUserDetailsService"> <!-- <constructor-arg> <array> <value>authorities</value> </array> </constructor-arg> --> <property name="attributes"> <array> <value>authorities</value> </array> </property> </bean> <!-- This section is used to configure CAS. The service is the actual redirect that will be triggered after the CAS login sequence. //http://localhost:8088/SpringSecurity 具体应用 // j_spring_cas_security_check spring的虚拟URL,此标志标识使用 CAS authentication upon return from CAS SSO login. --> <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"> <property name="service" value="https://localhost:8447/j_spring_cas_security_check"></property> <property name="sendRenew" value="false"></property> </bean> <!-- The entryPoint intercepts all the CAS authentication requests. It redirects to the CAS loginUrl for the CAS login page. 通过上述的配置,则具体应用在使用的时候,用户认证和授权则无需过问,只需在应用中配置相关的角色访问权限即可。即,只需对下面的红色部分进行修改, 即可以完成应用的认证和授权工作。大大简化了应用和认证与授权的剥离工作 --> <bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"> <property name="loginUrl" value="https://localhost:8443/cas-server/login"></property> <!-- //SSO登录地址 --> <property name="serviceProperties" ref="serviceProperties"></property> </bean> </beans> ``` 请大牛帮我看下,看我的配置哪有问题?谢谢!!

CAS单点登录,在验证中心用户名密码为空直接登录不提示用户名不能为空,而是直接跳转到一个错误页面

最近在整合公司的系统,采用的是耶鲁的CAS单点登录,发现一个问题:在验证中心用户名密码为空直接登录不提示用户名不能为空,而是直接跳转到一个错误页面,是需要设置什么地方嘛?请大神帮忙给点意见,谢谢

spring security cas单点登录拒绝访问

[b]cas服务端和cas客户端都已经配合,访问cas服务端可以登录,访问客户端应用资源的时候出现拒绝访问问题,但是[color=red]能成功跳转到cas服务端的login页面,输入账号密码后控制台打印显示出服务端登录成功,但是关于客户端的打印出现拒绝访问异常,而且httpSession不为null但是里面没值[/color][/b]。 初次使用spring security和cas望多多指教. 异常信息: [color=red][b]首次登录直接出现拒绝访问,但是却能跳转到cas 登录页面,[/b][/color] [quote] 信息: Server startup in 21955 ms 2012-6-6 11:51:31 org.apache.catalina.core.ApplicationContext log 信息: HTMLManager: init: Associated with Deployer 'Catalina:type=Deployer,host=localhost' 2012-6-6 11:51:31 org.apache.catalina.core.ApplicationContext log 信息: HTMLManager: init: Global resources are available 2012-6-6 11:51:31 org.apache.catalina.core.ApplicationContext log 信息: HTMLManager: list: Listing contexts for virtual host 'localhost' 2012-06-06 11:51:32,593 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Beginning ticket cleanup.> 2012-06-06 11:51:32,593 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <0 tickets found to be removed.> 2012-06-06 11:51:32,593 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Finished ticket cleanup.> 11:51:33,906 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 11:51:33,921 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:127 - No HttpSession currently exists 11:51:33,921 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:85 - No SecurityContext was available from the HttpSession: null. A new one will be created. 11:51:33,921 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter' 11:51:33,921 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 3 of 12 in additional filter chain; firing Filter: 'CasAuthenticationFilter' 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:311 - serviceTicketRequest = false 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:362 - proxyReceptorConfigured = false 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:349 - proxyReceptorRequest = false 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:327 - proxyTicketRequest = false 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:262 - requiresAuthentication = false 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 11:51:33,937 DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter' 11:51:33,937 DEBUG org.springframework.security.web.session.SessionManagementFilter:91 - Requested session IDFED78FFF2BDBC0647461CBFA29AB9B23 is invalid. 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 11:51:33,937 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor:193 - Secure object: FilterInvocation: URL: /index.jsp; Attributes: [ROLE_USER] 11:51:33,937 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor:298 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS 11:51:33,937 DEBUG org.springframework.security.access.vote.AffirmativeBased:65 - Voter: org.springframework.security.access.vote.RoleVoter@13e02ed, returned: -1 11:51:33,953 DEBUG org.springframework.security.access.vote.AffirmativeBased:65 - Voter: org.springframework.security.access.vote.AuthenticatedVoter@322394, returned: 0 11:51:33,968 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter:165 - Access is denied (user is anonymous); redirecting to authentication entry point org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:205) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:877) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:594) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1675) at java.lang.Thread.run(Thread.java:662) 11:51:33,984 DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache:41 - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/Cas_Client/] 11:51:33,984 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter:185 - Calling Authentication entry point. 11:51:33,984 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:269 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 11:51:34,015 DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed 2012-06-06 11:51:34,921 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies to: /casServer/> [/quote] [color=red][b]跳转到登录页面后输入账号密码出现cas服务端的信息正常,但是关于cas客户端的和上面的异常一样:[/b][/color] 打印信息: [quote] 2012-06-06 12:03:21,625 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.> 2012-06-06 12:03:21,625 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 0 services.> start[1338955402531] time[603] tag[QueryDatabaseAuthenticationHandler] 2012-06-06 12:03:23,125 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler successfully authenticated the user which provided the following credentials: [username: wucht]> 2012-06-06 12:03:23,234 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <Resolved principal wucht> 2012-06-06 12:03:23,234 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <Principal found: wucht> 2012-06-06 12:03:23,250 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [username: wucht] WHAT: supplied credentials: [username: wucht] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Wed Jun 06 12:03:23 CST 2012 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2012-06-06 12:03:23,250 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [username: wucht] WHAT: TGT-1-0WNh4MDLT57myMG77eF54B9ix5oQP0OItPnVBGDZBYac9Bj42E-casServer ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Wed Jun 06 12:03:23 CST 2012 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2012-06-06 12:03:23,265 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-1-eOK4CG7zd7cApkahlva9-casServer] for service [http://localhost:8080/Cas_Client/j_acegi_cas_security_check] for user [wucht]> 2012-06-06 12:03:23,265 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: wucht WHAT: ST-1-eOK4CG7zd7cApkahlva9-casServer for http://localhost:8080/Cas_Client/j_acegi_cas_security_check ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Wed Jun 06 12:03:23 CST 2012 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 12:03:23,296 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:139 - HttpSession returned null object for SPRING_SECURITY_CONTEXT 12:03:23,296 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:85 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@1ef3d12. A new one will be created. 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 3 of 12 in additional filter chain; firing Filter: 'CasAuthenticationFilter' 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:311 - serviceTicketRequest = false 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:362 - proxyReceptorConfigured = false 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:349 - proxyReceptorRequest = false 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:327 - proxyTicketRequest = false 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:262 - requiresAuthentication = false 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 12:03:23,296 DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest:309 - pathInfo: both null (property equals) 12:03:23,296 DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest:317 - queryString: arg1=null; arg2=ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer (property not equals) 12:03:23,296 DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache:75 - saved request doesn't match 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 12:03:23,296 DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fa86552: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd148a: RemoteIpAddress: 127.0.0.1; SessionId: 659060E504E41E2F28CF873803A07F81; Granted Authorities: ROLE_ANONYMOUS' 12:03:23,312 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter' 12:03:23,312 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 12:03:23,312 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 12:03:23,312 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor:193 - Secure object: FilterInvocation: URL: /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer; Attributes: [ROLE_USER] 12:03:23,312 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor:298 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6fa86552: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd148a: RemoteIpAddress: 127.0.0.1; SessionId: 659060E504E41E2F28CF873803A07F81; Granted Authorities: ROLE_ANONYMOUS 12:03:23,312 DEBUG org.springframework.security.access.vote.AffirmativeBased:65 - Voter: org.springframework.security.access.vote.RoleVoter@13e02ed, returned: -1 12:03:23,312 DEBUG org.springframework.security.access.vote.AffirmativeBased:65 - Voter: org.springframework.security.access.vote.AuthenticatedVoter@322394, returned: 0 12:03:23,312 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter:165 - Access is denied (user is anonymous); redirecting to authentication entry point org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:205) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:877) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:594) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1675) at java.lang.Thread.run(Thread.java:662) 12:03:23,312 DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache:41 - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/Cas_Client/j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer] 12:03:23,312 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter:185 - Calling Authentication entry point. 12:03:23,312 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:269 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 12:03:23,343 DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed [/quote] [b]cas服务端配置:[/b] cas.properties [quote] #server.prefix=http://localhost:8080/cas #server.prefix=http://cas.wucht.com:8080/casServer server.prefix=http://localhost:8080/casServer cas.securityContext.serviceProperties.service=${server.prefix}/j_acegi_cas_security_check # Names of roles allowed to access the CAS service manager cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${server.prefix}/login cas.securityContext.ticketValidator.casServerUrlPrefix=${server.prefix} cas.themeResolver.defaultThemeName=cas-theme-default #cas.themeResolver.defaultThemeName=default cas.viewResolver.basename=default_views #host.name=cas host.name=casServer #database.hibernate.dialect=org.hibernate.dialect.OracleDialect database.hibernate.dialect=org.hibernate.dialect.MySQLDialect #database.hibernate.dialect=org.hibernate.dialect.HSQLDialect [/quote] deployerConfigContext.xml [quote] <?xml version="1.0" encoding="UTF-8"?> <!-- | deployerConfigContext.xml centralizes into one file some of the declarative configuration that | all CAS deployers will need to modify. | | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment. | The beans declared in this file are instantiated at context initialization time by the Spring | ContextLoaderListener declared in web.xml. It finds this file because this | file is among those declared in the context parameter "contextConfigLocation". | | By far the most common change you will need to make in this file is to change the last bean | declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with | one implementing your approach for authenticating usernames and passwords. +--> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:sec="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <!-- | This bean declares our AuthenticationManager. The CentralAuthenticationService service bean | declared in applicationContext.xml picks up this AuthenticationManager by reference to its id, | "authenticationManager". Most deployers will be able to use the default AuthenticationManager | implementation and so do not need to change the class of this bean. We include the whole | AuthenticationManager here in the userConfigContext.xml so that you can see the things you will | need to change in context. +--> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <!-- | This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate. | The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which | supports the presented credentials. | | AuthenticationManagerImpl uses these resolvers for two purposes. First, it uses them to identify the Principal | attempting to authenticate to CAS /login . In the default configuration, it is the DefaultCredentialsToPrincipalResolver | that fills this role. If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are | using. | | Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket. | In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose. | You will need to change this list if you are identifying services by something more or other than their callback URL. +--> <property name="credentialsToPrincipalResolvers"> <list> <!-- | UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login | by default and produces SimplePrincipal instances conveying the username from the credentials. | | If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also | need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the | Credentials you are using. +--> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"> <!--增加此属性,为认证过的用户的Principal添加属性--> <property name="attributeRepository" ref="attributeRepository"></property> </bean> <!-- | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials. It supports the CAS 2.0 approach of | authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a | SimpleService identified by that callback URL. | | If you are representing services by something more or other than an HTTPS URL whereat they are able to | receive a proxy callback, you will need to change this bean declaration (or add additional declarations). +--> <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> </list> </property> <!-- | Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate, | AuthenticationHandlers actually authenticate credentials. Here we declare the AuthenticationHandlers that | authenticate the Principals that the CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn | until it finds one that both supports the Credentials presented and succeeds in authenticating. +--> <property name="authenticationHandlers"> <list> <!-- | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating | a server side SSL certificate. +--> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <!-- | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your | local authentication strategy. You might accomplish this by coding a new such handler and declaring | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules. +--> <!-- <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> --> <!-- 数据库认证.wucht--> <bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"> <property name="dataSource" ref="dataSource" /> <property name="sql" value="select password from users where name=?" /> </bean> </list> </property> </bean> <!-- DATABASE 增加数据源配置 --> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property> <property name="url"><value>jdbc:mysql://localhost:3306/mysql?useUnicode=true&amp;characterEncoding=utf-8</value></property> <property name="username"><value>root</value></property> <property name="password"><value>root</value></property> </bean> <!-- This bean defines the security roles for the Services Management application. Simple deployments can use the in-memory version. More robust deployments will want to use another option, such as the Jdbc version. The name of this should remain "userDetailsService" in order for Spring Security to find it. --> <!-- <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />--> <sec:user-service id="userDetailsService"> <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" /> </sec:user-service> <!-- Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation may go against a database or LDAP server. The id should remain "attributeRepository" though. --> <!-- <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"> <property name="backingMap"> <map> <entry key="uid" value="uid" /> <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> <entry key="groupMembership" value="groupMembership" /> </map> </property> </bean> --> <!-- 使用SingleRowJdbcPersonAttributeDao 获取更多用户的信息 --> <bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao"> <constructor-arg index="0" ref="dataSource"/> <constructor-arg index="1" value="select role_name from role where login_name = ?"/> <!--这里的key需写username,value对应数据库用户名字段 --> <property name="queryAttributeMapping"> <map> <entry key="username" value="login_name"/> </map> </property> <!--key对应数据库字段,value对应客户端获取参数 --> <!-- 返回数据认证后的数据 --> <property name="resultAttributeMapping"> <map> <!--这个从数据库中获取的角色,用于在应用中security的权限验证--> <entry key="role_name" value="authorities"/> </map> </property> </bean> <!-- Sample, in-memory data store for the ServiceRegistry. A real implementation would probably want to replace this with the JPA-backed ServiceRegistry DAO The name of this bean should remain "serviceRegistryDao". --> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> <!-- <property name="registeredServices"> <list> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="0" /> <property name="name" value="HTTP" /> <property name="description" value="Only Allows HTTP Urls" /> <property name="serviceId" value="http://**" /> <property name="evaluationOrder" value="10000001" /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="1" /> <property name="name" value="HTTPS" /> <property name="description" value="Only Allows HTTPS Urls" /> <property name="serviceId" value="https://**" /> <property name="evaluationOrder" value="10000002" /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="2" /> <property name="name" value="IMAPS" /> <property name="description" value="Only Allows HTTPS Urls" /> <property name="serviceId" value="imaps://**" /> <property name="evaluationOrder" value="10000003" /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="3" /> <property name="name" value="IMAP" /> <property name="description" value="Only Allows IMAP Urls" /> <property name="serviceId" value="imap://**" /> <property name="evaluationOrder" value="10000004" /> </bean> </list> </property> --> </bean> <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> </beans> [/quote] [b]spring的配置代码如下:[/b][code="ruby"] <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd" default-lazy-init="true"> <!-- entry-point-ref="casEntryPoint"作用是认证的入口,是一个实现AuthenticationEntryPoint接口的类 ,为ExceptionTranslationFilter类提供认证依据, <custom-filter position="FORM_LOGIN_FILTER" ref="casFilter"/> 使用自定义的Filter,放置在过滤器链的FORM_LOGIN_FILTER的位置 casEntryPoint只是提供认证入口的作用,当没有权限,将跳转到该地址。 casFilter是处理CAS service ticket的,当无权访问时,会使用casEntryPoint提供认证入口 --> <http auto-config="true" entry-point-ref="casEntryPoint" access-denied-page="/403.jsp"> <intercept-url pattern="/**" access="ROLE_USER" /> <!-- ROLE_ADMIN--> <!-- logout-success-url="/login.html" --> <!-- 注销时需要先注销应用程序,再注销cas中心认证服务 --> <logout logout-url="/logout.html" success-handler-ref="casLogoutSuccessHandler" /> <custom-filter position="CAS_FILTER" ref="casFilter" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider ref="casAuthenticationProvider" /> </authentication-manager> <!-- cas中心认证服务入口 --> <beans:bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"> <beans:property name="loginUrl" value="http://localhost:8080/casServer/login" /> <beans:property name="serviceProperties" ref="serviceProperties" /> </beans:bean> <!-- cas中心认证服务配置 --> <beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"> <beans:property name="service" value="http://localhost:8080/Cas_Client/j_acegi_cas_security_check" /> <beans:property name="sendRenew" value="false" /> </beans:bean> <!-- CAS service ticket(中心认证服务凭据)验证 --> <beans:bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"> <beans:property name="authenticationManager" ref="authenticationManager" /> <!-- <beans:property name="authenticationFailureHandler">--> <!-- <beans:bean--> <!-- class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">--> <!-- <beans:property name="defaultFailureUrl"--> <!-- value="/logout.html" />--> <!-- </beans:bean>--> <!-- </beans:property>--> <!-- 登录成功后的页面,如果是固定的。否则 ref="authenticationSuccessHandler" --> <!-- <beans:property name="authenticationSuccessHandler">--> <!-- <beans:bean--> <!-- class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">--> <!-- <beans:property name="defaultTargetUrl"--> <!-- value="/index.jsp" />--> <!-- </beans:bean>--> <!-- </beans:property>--> </beans:bean> <!-- 从Cas Server得到用户信息 --> <beans:bean id="authenticationUserDetailsService" class="org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService"> <beans:constructor-arg> <beans:array> <beans:value>authorities</beans:value> </beans:array> </beans:constructor-arg> </beans:bean> <beans:bean id="userDetailsService" class="com.reportstart.security.service.impl.BocUserDetaislServiceImpl"> <!-- <beans:property name="userDao">--> <!-- <beans:ref bean="userDao" />--> <!-- </beans:property>--> </beans:bean> <!-- <beans:bean id="authenticationUserDetailsService"--> <!-- class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">--> <!-- <beans:property name="userDetailsService">--> <!-- <beans:ref local="userDetailsService" />--> <!-- </beans:property>--> <!-- </beans:bean>--> <beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> <!-- 使用自定义service获取用户信息 --> <!-- <beans:property name="authenticationUserDetailsService"--> <!-- ref="casAuthenticationUserDetailsService" />--> <!-- 通过Cas Server获取用户信息 --> <beans:property name="authenticationUserDetailsService" ref="authenticationUserDetailsService" /> <beans:property name="serviceProperties" ref="serviceProperties" /> <beans:property name="ticketValidator"> <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <beans:constructor-arg index="0" value="http://localhost:8080/casServer" /> </beans:bean> </beans:property> <!-- 自定义cas客户端应用标示.wucht.2012-6-4(每个cas客户端都需要一个key标示用于区分不同cas客户端) --> <beans:property name="key" value="Cas_Client" /> </beans:bean> <!-- 注销 --> <beans:bean id="casLogoutSuccessHandler" class="com.wucht.test.CasLogoutSuccessHandler"> </beans:bean> </beans:beans>[/code]

【急】求大神帮帮忙,CAS单点登录问题,登录成功后controller收不到请求(要哭了)

首先说下问题,我们的项目之前SSO单点登录一直用的http的方式, 这一块登录一直都是正常的,现在要切上正式环境了,SSO服务器那边就改用了https的方式SSO配置如下: <!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置 --> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <!-- 该过滤器用于实现单点登出功能,可选配置。 --> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 该过滤器负责用户的认证工作,必须启用它 --> <filter> <filter-name>CASFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://sso.hnair.net/login?appid=hnair-pmp</param-value> </init-param> <init-param> <param-name>renew</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>gateway</param-name> <param-value>false</param-value> </init-param> <init-param> <!--这里的server是服务端的IP --> <param-name>serverName</param-name> <param-value>http://10.70.35.215</param-value> </init-param> </filter> <filter-mapping> <filter-name>CASFilter</filter-name> <url-pattern>/common/huLogin</url-pattern> </filter-mapping> <!-- 该过滤器负责对Ticket的校验工作,必须启用它 --> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter </filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://sso.hnair.net</param-value> </init-param> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://10.70.35.215</param-value> </init-param> <init-param> <param-name>useSession</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> </filter> JSP代码如下: <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %> <% String ctx = request.getContextPath(); String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + ctx + "/"; %> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>单点登录</title> <script src="<%=basePath%>js/plugin/jquery-1.9.1.min.js" type="text/javascript"></script> <script type="text/javascript"> $(function(){ var islogout = "${param.islogout}"; if(!islogout){ var casuser = "${casuser}"; if(!casuser){ window.location.href = "<%=basePath%>common/huLogin"; }else{ var loginMsg = "${loginMsg}"; var openner = window.opener; if(loginMsg=="success"){ openner.location.href="<%=basePath%>home/index"; window.close(); }else{ window.location.href = "${logoutUrl}"; } } }else{ window.opener.location.href = "<%=basePath%>common/logout"; window.close(); } }); </script> </head> <body> </body> </html> 日志信息如下: ![图片说明](https://img-ask.csdn.net/upload/201602/26/1456474638_427508.png) controller代码如下: @RequestMapping(value = "/huLogin") public String huLogin( HttpServletRequest request, HttpSession session, Model model) throws BusinessException { logger.info("huLogin begin"); //如果session中没有用户信息,则填充用户信息 //从Cas服务器获取登录账户的用户名 .... session.setAttribute(Constants.LOGOUT_URL, casServerUrl); model.addAttribute(Constants.CASUSER, userName); logger.info("huLogin end"); return "common/hulogin"; } 请各位大神帮帮忙看看

CAS和discuz能实现统一认证登录吗?

如何实现CAS和discuz论坛实现统一认证登录?点击一个网站之后直接登录discuz论坛

有关cas单点登录中,web.xml配置文件中过滤器的配置问题

http://blog.csdn.net/rogerjava/article/details/6555175 这个链接中的博主采用的是: <filter-class> edu.yale.its.tp.cas.client.filter.CASFilter </filter-class> 这个过滤器。 而在许多其他文档中,有许多配置的过滤器是: <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://localhost:8080/casweb/login</param-value> </init-param> </filter> 而在官方文档中中:https://wiki.jasig.org/display/CASC/Using+CASFilter 对于第一种过滤器,有一句解释:In this case, any URL beneath /webapp/cas-protected would require a CAS login. If you want to protect your entire web application, you can simply put /* for the URL pattern 可以看出重点是需要登录 而第二种过滤器,在这篇文章中:http://www.cnblogs.com/davidwang456/p/3962786.html 有一句解释;The AuthenticationFilter is what detects whether a user needs to be authenticated or not. If a user needs to be authenticated, it will redirect the user to the CAS server. 是用来判断一个用户是否需要认证,如果用户需要认证,则重定向这个用户跳转到cas服务器 到现在我也没区分开这两个过滤器之间的关系,有大牛能帮忙解答一下吗,小白,暂时没有分,不好意思

单点登录中 客户端登录认证中心后返回资源页报错500

HTTP Status 500 - Unable to create XMLReader type Exception report message Unable to create XMLReader description The server encountered an internal error that prevented it from fulfilling this request. exception java.lang.RuntimeException: Unable to create XMLReader org.jasig.cas.client.util.XmlUtils.getXmlReader(XmlUtils.java:58) org.jasig.cas.client.util.XmlUtils.getTextForElement(XmlUtils.java:130) org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:82) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:217) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169) org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:76) root cause org.xml.sax.SAXException: SAX2 driver class org.apache.xerces.parsers.SAXParser not found java.lang.ClassNotFoundException: org.apache.xerces.parsers.SAXParser org.xml.sax.helpers.XMLReaderFactory.loadClass(XMLReaderFactory.java:230) org.xml.sax.helpers.XMLReaderFactory.createXMLReader(XMLReaderFactory.java:191) org.jasig.cas.client.util.XmlUtils.getXmlReader(XmlUtils.java:56) org.jasig.cas.client.util.XmlUtils.getTextForElement(XmlUtils.java:130) org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:82) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:217) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169) org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:76) root cause java.lang.ClassNotFoundException: org.apache.xerces.parsers.SAXParser org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1333) org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1167) org.xml.sax.helpers.NewInstance.newInstance(NewInstance.java:82) org.xml.sax.helpers.XMLReaderFactory.loadClass(XMLReaderFactory.java:228) org.xml.sax.helpers.XMLReaderFactory.createXMLReader(XMLReaderFactory.java:191) org.jasig.cas.client.util.XmlUtils.getXmlReader(XmlUtils.java:56) org.jasig.cas.client.util.XmlUtils.getTextForElement(XmlUtils.java:130) org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:82) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:217) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169) org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:76) note The full stack trace of the root cause is available in the Apache Tomcat/8.0.30 logs.

用AD的用户登录CAS 4.0,按照官网配置后,登录失败。求助CAS大神!!!!!!!!

环境: cas-server-support-ldap-4.0.0.jar spring-ldap-core-2.0.2.RELEASE.jar ldaptive-1.0.5.jar 描述:在云上两台机器:Centos 6 作为cas-server;Win 2012 R2作为AD域控制器(imcloud.com),创建了一个userOU,里面的用户作为CAS的用户登录(ldap.baseDn="ou=userOU,dc=imcloud,dc=com").按照官网(https://apereo.github.io/cas/4.0.x/installation/LDAP-Authentication.html)principalIdAttribute=sAMAccount的配置,更改了deployerConfigContext.xml与cas.properties 文件以后,用AD用户的用户名密码登录,显示“invalid credentials”。后来同事尝试用HTTP协议,反倒成功了。我的证书以及AD的设置应该是没有问题的,不知道CAS哪里配错了。

单点登录,客户端怎么验证token

![图片说明](https://img-ask.csdn.net/upload/201808/20/1534729517_156011.png) ![图片说明](https://img-ask.csdn.net/upload/201808/20/1534729536_256027.png) GitHub下了一个代码,服务端操作cookie的比较靠谱一点。 但是客户端怎么验证的,每次请求都重定向到这个login()?这不是重复了吗,而且ajax的也验证不了

java web 实现单点登录是不是必须要求几个子系统通用一个用户表

java web 实现单点登录是不是要求几个子系统必须通用一个用户表 这样才能确保几个子系统账号和密码不同的情况下 通过判断用户表的主键 就行用户的判断和登录

cas sso登录服务器跳转客户端出现异常

最近在弄一个cas单点登录,但是后面出现服务器跳客户端的时候有的浏览器能正常显示,有的浏览器样式显示不出来,之前ie和谷歌可以显示,火狐不行,今天有出现谷歌不行,IE和火狐可以,请问一下是什么问题呢![图片说明](https://img-ask.csdn.net/upload/201505/22/1432258723_559852.png)就象这样,我在怀疑跟客户端的web.xml有关,再附上web.xml配置,<!-- ========================开始======================== --> <!--用于退出,该过滤器用于实现登出功能,可选配置--> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <!--该过滤器用于实现单点功能,可选配置--> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 该过滤器负责用户的认证工作,必须启用它 --> <filter> <filter-name>CAS Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <!--这里是cas登录认证页面的IP--> <param-value>https://localhost:8443/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <!--这里是客户端的IP--> <param-value>http://localhost:18080</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!--该过滤器负责对Ticket的校验工作,必须启用它--> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <!--这里是cas服务端所在的IP--> <param-value>https://localhost:8443/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <!--这里是客户端的IP--> <param-value>http://localhost:18080</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 该过滤器负责实现HttpServletRequest请求的包裹, 比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得登录用户的登录名,可选配置 --> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class> org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名 比如AssertionHolder.getAssertion().getPrincipal().getName() --> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- ========================登录结束======================== --> 请懂得大神教教我

cas 登陆和用户认证相关问题;

1:小弟现在使用cas做项目, 遇到这样一个问题, 项目A和项目B通过cas 认证管理, 进行单点登陆, 在访问项目A的时候由于两个应用都没有登陆, 然后程序会自动跳转到 cas登陆界面进行登陆, 然后就登陆cas并进入到项目A中, 但是我现在访问项目B的使用, 程序还是又跳转到了 cas 登陆界面进行登陆, 这不符合单点登陆的逻辑, 按理来说应该登陆项目A后, 再进行项目B就不需要登陆cas了 , 请问各位大神有不有解决办法, (目前自己找到的方法是参考:http://denger.iteye.com/blog/809170 这里面的方法) 2:用户认证问题, 现在问题是这样的, 现在我有一个账号A 登陆到了cas, 并做了项目用户映射, 账号A映射到 项目A下的账号是A1, 映射到项目B的账号是A2, 问题就来了, A1 和 A2 的账号名和密码是不一样的, 我在进入项目A怎么能分清 到底是该用A1还是A2去登陆啦; (小弟现在的处理方法是 在做映射的时候标示了 A1和A2 分别是属于那个项目的用户名和密码, 各位大神有不有更好的解决方案啦)

关于cas3.5.2 子系统配置问题

cas的单点认证应用过挺多次,这次遇到一个客户的服务器环境是彼此的内网ip是相通的, 但彼此的外网ip是不能互相访问的,但子系统的web.xml里面需要配置cas的ip地址和自身 的ip地址,这样的话,配外网ip的时候,访问子系统会跳到cas的认证界面,但认证成功后, cas无法跳转回service带的子系统外网地址。客户环境那边是不可能改变他们的网络环境了,请教下,是否有什么解决方案呢?

CAS的数字证书认证

我现在有一个需求,要实现基于数字证书的CAS单点登录认证,看了CAS X509数字证书认证,但是就是不起作用,原因是服务器端获取不到浏览器的证书信息,可能是导入证书的问题吧,request里面javax.servlet.request.X509Certificate参数信息为null 还有就是系统要实现服务器端生成证书,大家有没有数字证书认证这方面的经验,指导一下。 不知道大家用过amazon webService的帐户管理没?就是要实现和它一样的功能,输入私钥就可以自动生成数字证书,然后下载,用SOAP with WS-Security时要使用这个证书。 [b]问题补充:[/b] 这个我当然配了,现在问题不在这了,在于怎么实现服务器端生成证书。 [b]问题补充:[/b] 怎么用java生成呢?有没有具体的例子啊?还有就是SOAP with WS-Security时怎么使用呢?不好意思,对安全这快完全不懂。 [b]问题补充:[/b] 我的开发环境是java,我使用java调用openssl命令生成私钥和证书文件,都是pem格式的,但是我怎么用户java来解析文件获得私钥和公钥呢?或者是有java调用什么命令来实现也是可以的。

定量遥感中文版 梁顺林著 范闻捷译

这是梁顺林的定量遥感的中文版,由范闻捷等翻译的,是电子版PDF,解决了大家看英文费时费事的问题,希望大家下载看看,一定会有帮助的

Java 最常见的 200+ 面试题:面试必备

这份面试清单是从我 2015 年做了 TeamLeader 之后开始收集的,一方面是给公司招聘用,另一方面是想用它来挖掘在 Java 技术栈中,还有那些知识点是我不知道的,我想找到这些技术盲点,然后修复它,以此来提高自己的技术水平。虽然我是从 2009 年就开始参加编程工作了,但我依旧觉得自己现在要学的东西很多,并且学习这些知识,让我很有成就感和满足感,那所以何乐而不为呢? 说回面试的事,这份面试...

机器学习初学者必会的案例精讲

通过六个实际的编码项目,带领同学入门人工智能。这些项目涉及机器学习(回归,分类,聚类),深度学习(神经网络),底层数学算法,Weka数据挖掘,利用Git开源项目实战等。

远程工具,免费

远程工具,免费

java jdk 8 帮助文档 中文 文档 chm 谷歌翻译

JDK1.8 API 中文谷歌翻译版 java帮助文档 JDK API java 帮助文档 谷歌翻译 JDK1.8 API 中文 谷歌翻译版 java帮助文档 Java最新帮助文档 本帮助文档是使用谷

csma/ca和csma/cd的matlab仿真源代码带有详细的注释

csma/ca和csma/cd的matlab仿真源代码带有详细的注释,载波侦听,随意设置节点数,带有炫酷的图形展示效果。

Java基础知识面试题(2020最新版)

文章目录Java概述何为编程什么是Javajdk1.5之后的三大版本JVM、JRE和JDK的关系什么是跨平台性?原理是什么Java语言有哪些特点什么是字节码?采用字节码的最大好处是什么什么是Java程序的主类?应用程序和小程序的主类有何不同?Java应用程序与小程序之间有那些差别?Java和C++的区别Oracle JDK 和 OpenJDK 的对比基础语法数据类型Java有哪些数据类型switc...

软件测试入门、SQL、性能测试、测试管理工具

软件测试2小时入门,让您快速了解软件测试基本知识,有系统的了解; SQL一小时,让您快速理解和掌握SQL基本语法 jmeter性能测试 ,让您快速了解主流来源性能测试工具jmeter 测试管理工具-禅道,让您快速学会禅道的使用,学会测试项目、用例、缺陷的管理、

pokemmo的资源

pokemmo必须的4个rom 分别为绿宝石 火红 心金 黑白 还有汉化补丁 资源不错哦 记得下载

三个项目玩转深度学习(附1G源码)

从事大数据与人工智能开发与实践约十年,钱老师亲自见证了大数据行业的发展与人工智能的从冷到热。事实证明,计算机技术的发展,算力突破,海量数据,机器人技术等,开启了第四次工业革命的序章。深度学习图像分类一直是人工智能的经典任务,是智慧零售、安防、无人驾驶等机器视觉应用领域的核心技术之一,掌握图像分类技术是机器视觉学习的重中之重。针对现有线上学习的特点与实际需求,我们开发了人工智能案例实战系列课程。打造:以项目案例实践为驱动的课程学习方式,覆盖了智能零售,智慧交通等常见领域,通过基础学习、项目案例实践、社群答疑,三维立体的方式,打造最好的学习效果。

无线通信中的智能天线:IS-95和第3代CDMA应用_.pdf

无线通信中的智能天线:IS-95和第3代CDMA应用_.pdf

设计模式(JAVA语言实现)--20种设计模式附带源码

课程亮点: 课程培训详细的笔记以及实例代码,让学员开始掌握设计模式知识点 课程内容: 工厂模式、桥接模式、组合模式、装饰器模式、外观模式、享元模式、原型模型、代理模式、单例模式、适配器模式 策略模式、模板方法模式、观察者模式、迭代器模式、责任链模式、命令模式、备忘录模式、状态模式、访问者模式 课程特色: 笔记设计模式,用笔记串连所有知识点,让学员从一点一滴积累,学习过程无压力 笔记标题采用关键字标识法,帮助学员更加容易记住知识点 笔记以超链接形式让知识点关联起来,形式知识体系 采用先概念后实例再应用方式,知识点深入浅出 提供授课内容笔记作为课后复习以及工作备查工具 部分图表(电脑PC端查看):

Java8零基础入门视频教程

这门课程基于主流的java8平台,由浅入深的详细讲解了java SE的开发技术,可以使java方向的入门学员,快速扎实的掌握java开发技术!

玩转Linux:常用命令实例指南

人工智能、物联网、大数据时代,Linux正有着一统天下的趋势,几乎每个程序员岗位,都要求掌握Linux。本课程零基础也能轻松入门。 本课程以简洁易懂的语言手把手教你系统掌握日常所需的Linux知识,每个知识点都会配合案例实战让你融汇贯通。课程通俗易懂,简洁流畅,适合0基础以及对Linux掌握不熟练的人学习; 【限时福利】 1)购课后按提示添加小助手,进答疑群,还可获得价值300元的编程大礼包! 2)本月购买此套餐加入老师答疑交流群,可参加老师的免费分享活动,学习最新技术项目经验。 --------------------------------------------------------------- 29元=掌握Linux必修知识+社群答疑+讲师社群分享会+700元编程礼包。 &nbsp;

极简JAVA学习营第四期(报名以后加助教微信:eduxy-1)

想学好JAVA必须要报两万的培训班吗? Java大神勿入 如果你: 零基础想学JAVA却不知道从何入手 看了一堆书和视频却还是连JAVA的环境都搭建不起来 囊中羞涩面对两万起的JAVA培训班不忍直视 在职没有每天大块的时间专门学习JAVA 那么恭喜你找到组织了,在这里有: 1. 一群志同道合立志学好JAVA的同学一起学习讨论JAVA 2. 灵活机动的学习时间完成特定学习任务+每日编程实战练习 3. 热心助人的助教和讲师及时帮你解决问题,不按时完成作业小心助教老师的家访哦 上一张图看看前辈的感悟: &nbsp; &nbsp; 大家一定迫不及待想知道什么是极简JAVA学习营了吧,下面就来给大家说道说道: 什么是极简JAVA学习营? 1. 针对Java小白或者初级Java学习者; 2. 利用9天时间,每天1个小时时间; 3.通过 每日作业 / 组队PK / 助教答疑 / 实战编程 / 项目答辩 / 社群讨论 / 趣味知识抢答等方式让学员爱上学习编程 , 最终实现能独立开发一个基于控制台的‘库存管理系统’ 的学习模式 极简JAVA学习营是怎么学习的? &nbsp; 如何报名? 只要购买了极简JAVA一:JAVA入门就算报名成功! &nbsp;本期为第四期极简JAVA学习营,我们来看看往期学员的学习状态: 作业看这里~ &nbsp; 助教的作业报告是不是很专业 不交作业打屁屁 助教答疑是不是很用心 &nbsp; 有奖抢答大家玩的很嗨啊 &nbsp; &nbsp; 项目答辩终于开始啦 &nbsp; 优秀者的获奖感言 &nbsp; 这是答辩项目的效果 &nbsp; &nbsp; 这么细致的服务,这么好的氛围,这样的学习效果,需要多少钱呢? 不要1999,不要199,不要99,只要9.9 是的你没听错,只要9.9以上所有就都属于你了 如果你: 1、&nbsp;想学JAVA没有基础 2、&nbsp;想学JAVA没有整块的时间 3、&nbsp;想学JAVA没有足够的预算 还等什么?赶紧报名吧,抓紧抢位,本期只招300人,错过只有等时间待定的下一期了 &nbsp; 报名请加小助手微信:eduxy-1 &nbsp; &nbsp;

Python数据清洗实战入门

本次课程主要以真实的电商数据为基础,通过Python详细的介绍了数据分析中的数据清洗阶段各种技巧和方法。

董付国老师Python全栈学习优惠套餐

购买套餐的朋友可以关注微信公众号“Python小屋”,上传付款截图,然后领取董老师任意图书1本。

linux下利用/proc进行进程树的打印

在linux下利用c语言实现的进程树的打印,主要通过/proc下的目录中的进程文件,获取status中的进程信息内容,然后利用递归实现进程树的打印

MySQL数据库面试题(2020最新版)

文章目录数据库基础知识为什么要使用数据库什么是SQL?什么是MySQL?数据库三大范式是什么mysql有关权限的表都有哪几个MySQL的binlog有有几种录入格式?分别有什么区别?数据类型mysql有哪些数据类型引擎MySQL存储引擎MyISAM与InnoDB区别MyISAM索引与InnoDB索引的区别?InnoDB引擎的4大特性存储引擎选择索引什么是索引?索引有哪些优缺点?索引使用场景(重点)...

HoloLens2开发入门教程

本课程为HoloLens2开发入门教程,讲解部署开发环境,安装VS2019,Unity版本,Windows SDK,创建Unity项目,讲解如何使用MRTK,编辑器模拟手势交互,打包VS工程并编译部署应用到HoloLens上等。

150讲轻松搞定Python网络爬虫

【为什么学爬虫?】 &nbsp; &nbsp; &nbsp; &nbsp;1、爬虫入手容易,但是深入较难,如何写出高效率的爬虫,如何写出灵活性高可扩展的爬虫都是一项技术活。另外在爬虫过程中,经常容易遇到被反爬虫,比如字体反爬、IP识别、验证码等,如何层层攻克难点拿到想要的数据,这门课程,你都能学到! &nbsp; &nbsp; &nbsp; &nbsp;2、如果是作为一个其他行业的开发者,比如app开发,web开发,学习爬虫能让你加强对技术的认知,能够开发出更加安全的软件和网站 【课程设计】 一个完整的爬虫程序,无论大小,总体来说可以分成三个步骤,分别是: 网络请求:模拟浏览器的行为从网上抓取数据。 数据解析:将请求下来的数据进行过滤,提取我们想要的数据。 数据存储:将提取到的数据存储到硬盘或者内存中。比如用mysql数据库或者redis等。 那么本课程也是按照这几个步骤循序渐进的进行讲解,带领学生完整的掌握每个步骤的技术。另外,因为爬虫的多样性,在爬取的过程中可能会发生被反爬、效率低下等。因此我们又增加了两个章节用来提高爬虫程序的灵活性,分别是: 爬虫进阶:包括IP代理,多线程爬虫,图形验证码识别、JS加密解密、动态网页爬虫、字体反爬识别等。 Scrapy和分布式爬虫:Scrapy框架、Scrapy-redis组件、分布式爬虫等。 通过爬虫进阶的知识点我们能应付大量的反爬网站,而Scrapy框架作为一个专业的爬虫框架,使用他可以快速提高我们编写爬虫程序的效率和速度。另外如果一台机器不能满足你的需求,我们可以用分布式爬虫让多台机器帮助你快速爬取数据。 &nbsp; 从基础爬虫到商业化应用爬虫,本套课程满足您的所有需求! 【课程服务】 专属付费社群+每周三讨论会+1v1答疑

MySQL 8.0.19安装教程(windows 64位)

话不多说直接开干 目录 1-先去官网下载点击的MySQL的下载​ 2-配置初始化的my.ini文件的文件 3-初始化MySQL 4-安装MySQL服务 + 启动MySQL 服务 5-连接MySQL + 修改密码 先去官网下载点击的MySQL的下载 下载完成后解压 解压完是这个样子 配置初始化的my.ini文件的文件 ...

Python数据挖掘简易入门

&nbsp; &nbsp; &nbsp; &nbsp; 本课程为Python数据挖掘方向的入门课程,课程主要以真实数据为基础,详细介绍数据挖掘入门的流程和使用Python实现pandas与numpy在数据挖掘方向的运用,并深入学习如何运用scikit-learn调用常用的数据挖掘算法解决数据挖掘问题,为进一步深入学习数据挖掘打下扎实的基础。

深度学习原理+项目实战+算法详解+主流框架(套餐)

深度学习系列课程从深度学习基础知识点开始讲解一步步进入神经网络的世界再到卷积和递归神经网络,详解各大经典网络架构。实战部分选择当下最火爆深度学习框架PyTorch与Tensorflow/Keras,全程实战演示框架核心使用与建模方法。项目实战部分选择计算机视觉与自然语言处理领域经典项目,从零开始详解算法原理,debug模式逐行代码解读。适合准备就业和转行的同学们加入学习! 建议按照下列课程顺序来进行学习 (1)掌握深度学习必备经典网络架构 (2)深度框架实战方法 (3)计算机视觉与自然语言处理项目实战。(按照课程排列顺序即可)

网络工程师小白入门--【思科CCNA、华为HCNA等网络工程师认证】

本课程适合CCNA或HCNA网络小白同志,高手请绕道,可以直接学习进价课程。通过本预科课程的学习,为学习网络工程师、思科CCNA、华为HCNA这些认证打下坚实的基础! 重要!思科认证2020年2月24日起,已启用新版认证和考试,包括题库都会更新,由于疫情原因,请关注官网和本地考点信息。题库网络上很容易下载到。

Ubuntu18.04安装教程

Ubuntu18.04.1安装一、准备工作1.下载Ubuntu18.04.1 LTS2.制作U盘启动盘3.准备 Ubuntu18.04.1 的硬盘空间二、安装Ubuntu18.04.1三、安装后的一些工作1.安装输入法2.更换软件源四、双系统如何卸载Ubuntu18.04.1新的改变功能快捷键合理的创建标题,有助于目录的生成如何改变文本的样式插入链接与图片如何插入一段漂亮的代码片生成一个适合你的列...

sql语句 异常 Err] 1064 - You have an error in your SQL syntax; check the manual that corresponds to your

在我们开发的工程中,有时候会报 [Err] 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ------ 这种异常 不用多想,肯定是我们的sql语句出现问题,下面...

西南交通大学新秀杯数学建模试题

题目比较难,如果符合大家的口味欢迎大家下载哈,提高你的思维想象能力

Windows版YOLOv4目标检测实战:训练自己的数据集

课程演示环境:Windows10; cuda 10.2; cudnn7.6.5; Python3.7; VisualStudio2019; OpenCV3.4 需要学习ubuntu系统上YOLOv4的同学请前往:《YOLOv4目标检测实战:训练自己的数据集》 课程链接:https://edu.csdn.net/course/detail/28745 YOLOv4来了!速度和精度双提升! 与 YOLOv3 相比,新版本的 AP (精度)和 FPS (每秒帧率)分别提高了 10% 和 12%。 YOLO系列是基于深度学习的端到端实时目标检测方法。本课程将手把手地教大家使用labelImg标注和使用YOLOv4训练自己的数据集。课程实战分为两个项目:单目标检测(足球目标检测)和多目标检测(足球和梅西同时检测)。 本课程的YOLOv4使用AlexyAB/darknet,在Windows系统上做项目演示。包括:安装软件环境、安装YOLOv4、标注自己的数据集、整理自己的数据集、修改配置文件、训练自己的数据集、测试训练出的网络模型、性能统计(mAP计算)和先验框聚类分析。还将介绍改善YOLOv4目标检测性能的技巧。 除本课程《Windows版YOLOv4目标检测实战:训练自己的数据集》外,本人将推出有关YOLOv4目标检测的系列课程。请持续关注该系列的其它视频课程,包括: 《Windows版YOLOv4目标检测实战:人脸口罩佩戴检测》 《Windows版YOLOv4目标检测实战:中国交通标志识别》 《Windows版YOLOv4目标检测:原理与源码解析》

Spring Boot -01- 快速入门篇(图文教程)

Spring Boot -01- 快速入门篇 今天开始不断整理 Spring Boot 2.0 版本学习笔记,大家可以在博客看到我的笔记,然后大家想看视频课程也可以到【慕课网】手机 app,去找【Spring Boot 2.0 深度实践】的课程,令人开心的是,课程完全免费! 什么是 Spring Boot? Spring Boot 是由 Pivotal 团队提供的全新框架。Spring Boot...

相关热词 c#中如何设置提交按钮 c#帮助怎么用 c# 读取合并单元格的值 c#带阻程序 c# 替换span内容 c# rpc c#控制台点阵字输出 c#do while循环 c#调用dll多线程 c#找出两个集合不同的
立即提问