有关cas单点登录中,web.xml配置文件中过滤器的配置问题

http://blog.csdn.net/rogerjava/article/details/6555175
这个链接中的博主采用的是:

edu.yale.its.tp.cas.client.filter.CASFilter

这个过滤器。

而在许多其他文档中,有许多配置的过滤器是:

CAS Authentication Filter
org.jasig.cas.client.authentication.AuthenticationFilter

casServerLoginUrl
http://localhost:8080/casweb/login

而在官方文档中中:https://wiki.jasig.org/display/CASC/Using+CASFilter
对于第一种过滤器,有一句解释:In this case, any URL beneath /webapp/cas-protected would require a CAS login. If you want to protect your entire web application, you can simply put /* for the URL pattern
可以看出重点是需要登录
而第二种过滤器,在这篇文章中:http://www.cnblogs.com/davidwang456/p/3962786.html
有一句解释;The AuthenticationFilter is what detects whether a user needs to be authenticated or not. If a user needs to be authenticated, it will redirect the user to the CAS server.
是用来判断一个用户是否需要认证,如果用户需要认证,则重定向这个用户跳转到cas服务器

到现在我也没区分开这两个过滤器之间的关系,有大牛能帮忙解答一下吗,小白,暂时没有分,不好意思

cas

2个回答

我觉得第一个是拦截,第二个认证

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
其他相关推荐
CAS5.0 login-webflow.xml state配置

在cas-overlay-template中的login-webflow.xml中有如下的配置 ``` <action-state id="ticketGrantingTicketCheck"> <evaluate expression="ticketGrantingTicketCheckAction"/> <transition on="notExists" to="gatewayRequestCheck"/> <transition on="invalid" to="terminateSession"/> <transition on="valid" to="hasServiceCheck"/> </action-state> ``` 但是无法再login-webflow.xml中搜索到id="hasServiceCheck"的state,请问这个 hasServiceCheck是在哪配置的?

我的项目是springBoot项目,是没有web.xml的,现在集成的cas,我有些url是不想拦截的,要怎么设置?

我的项目是springBoot项目,是没有web.xml的,现在集成的cas,我有些url是不想拦截的,要怎么设置? 网上看的方法都是在web.xml里配置,但是我的项目没有这个文件,有大佬解决么

web.xml中配置地址信息如何从properties中获取

现在有一个java项目,其中包含web.xml,还有spring的一些配置文件,比如applicationcontext.xml还有一些jsp文件。现在想在这三类文件中添加一些IP配置,三类文件里面都要用到,想统一进行配置放在properties文件中,如何配置或写程序读取才能实现三种文件都能通过类似${变量名}或函数的方式获取配置值?

web.xml中如何引入properties文件的值

原先是: <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://demo.tch.com:8080/cas</param-value> </init-param> 现在需要改成 <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>{url}</param-value> </init-param> url参数的值在properties文件中

cas5.1.5如何实现记住密码自动登陆

最近完善公司做的单点登录,给单点登陆添加rememberMe功能,即单点登陆成功后关闭浏览器再打开浏览器输入访问地址不再需要重新登陆,而是自动登陆成功,项目为maven项目,遇到以下问题: cas5.0版本以下实现记住密码自动登陆(rememberMe)网上资料如下: 1、修改配置文件 1.1、deployerConfigContext.xml 修改WEB-INF/deployerConfigContext.xml,在id为authenticationManager的bean中添加 ``` <property name="authenticationMetaDataPopulators"> <list> <bean class="org.jasig.cas.authentication.principal.RememberMeAuthenticationMetaDataPopulator"></bean> </list> </property> ``` 1.2、login-webflow.xml 修改WEB-INF/login-webflow.xml ``` <view-state id="viewLoginForm" view="casLoginView" model="credential"> <binder> <binding property="username" /> <binding property="password" /> <binding property="rememberMe" /> </binder>** ``` 1.3、ticketExpirationPolicies.xml 修改WEB-INF/spring-configuration/ticketExpirationPolicies.xml,参数分别为session过期时间和记住密码的时效时间,单位为毫秒 ``` <bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.RememberMeDelegatingExpirationPolicy"> <property name="sessionExpirationPolicy"> <bean class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy"> <constructor-arg index="0" value="7200000"></constructor-arg> </bean> </property> <property name="rememberMeExpirationPolicy"> <bean class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy"> <constructor-arg index="0" value="7200000"></constructor-arg> </bean> </property> </bean> ``` 2、修改登录页面 cas默认登录页面为WEB-INF/view/jsp/default/ui/casLoginView.jsp,在对应位置添加代码 ``` <input type="checkbox" name="rememberMe" id="rememberMe" value="true" /> <label for="rememberMe">Remember Me</label> ``` **但是cas5.1.5版本是springBoot结构的,就没有ticketExpirationPolicies.xml文件,而且deployerConfigContext.xml里什么配置也没有,我的项目结构如下**:整体结构 如图 ![图片说明](https://img-ask.csdn.net/upload/201804/20/1524234452_441025.png)请大神指点。 其中sso-server模块详细结构如图![图片说明](https://img-ask.csdn.net/upload/201804/20/1524234405_52208.png)

cas-servlet.xml导入时报错

!!!<flow:executor id="flowExecutor" registry-ref="flowRegistry"> <flow:execution-attributes> <flow:alwaysRedirectOnPause value="false"/> </flow:execution-attributes> </flow:executor> !!!<flow:registry id="flowRegistry"> <flow:location path="/WEB-INF/view/login-webflow.xml" id="login"/> </flow:registry> 报错位置在打3个叹号的位置 错误为: Multiple annotations found at this line: schema reference 4 :Failed to read schema document 'http://www.spring framework.org/schema/webflow-config/spring-webflow-config-1.0.xsd',becaues 1) cound not find the document; 2)the document could not be read;3)the root element of the document is not <xsd:schema> 和 cvc-complex-type. 2.4.c:the matching wildcard is strict ,but no declaration can be found for element 'flow:registry'

单点登录中 客户端登录认证中心后返回资源页报错500

HTTP Status 500 - Unable to create XMLReader type Exception report message Unable to create XMLReader description The server encountered an internal error that prevented it from fulfilling this request. exception java.lang.RuntimeException: Unable to create XMLReader org.jasig.cas.client.util.XmlUtils.getXmlReader(XmlUtils.java:58) org.jasig.cas.client.util.XmlUtils.getTextForElement(XmlUtils.java:130) org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:82) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:217) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169) org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:76) root cause org.xml.sax.SAXException: SAX2 driver class org.apache.xerces.parsers.SAXParser not found java.lang.ClassNotFoundException: org.apache.xerces.parsers.SAXParser org.xml.sax.helpers.XMLReaderFactory.loadClass(XMLReaderFactory.java:230) org.xml.sax.helpers.XMLReaderFactory.createXMLReader(XMLReaderFactory.java:191) org.jasig.cas.client.util.XmlUtils.getXmlReader(XmlUtils.java:56) org.jasig.cas.client.util.XmlUtils.getTextForElement(XmlUtils.java:130) org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:82) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:217) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169) org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:76) root cause java.lang.ClassNotFoundException: org.apache.xerces.parsers.SAXParser org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1333) org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1167) org.xml.sax.helpers.NewInstance.newInstance(NewInstance.java:82) org.xml.sax.helpers.XMLReaderFactory.loadClass(XMLReaderFactory.java:228) org.xml.sax.helpers.XMLReaderFactory.createXMLReader(XMLReaderFactory.java:191) org.jasig.cas.client.util.XmlUtils.getXmlReader(XmlUtils.java:56) org.jasig.cas.client.util.XmlUtils.getTextForElement(XmlUtils.java:130) org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:82) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:217) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169) org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:76) note The full stack trace of the root cause is available in the Apache Tomcat/8.0.30 logs.

CAS SSO 单点登录时报错

java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:407) org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:45) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:200) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:206) org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:161) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:100) org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)

pentaho5.x cas单点登录问题《求助》

按照网上的例子 [pentaho5 CAS 单点登录 ](http://jnwzping.iteye.com/blog/2092849?utm_source=tuicool "") 配置 cas单点登陆,log 提示如下 ``` 2016-08-26 13:31:15,593 ERROR [org.apache.jackrabbit.core.DefaultSecurityManager] Failed to instantiate AccessManager (org.apache.jackrabbit.core.security.DefaultAccessManager) org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ICacheManager' defined in file [E:\biserver\pentaho-solutions\system\pentahoObjects.spring.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.pentaho.platform.plugin.services.cache.CacheManager]: Constructor threw exception; nested exception is java.lang.NullPointerException at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:883) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:839) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:440) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409) at java.security.AccessController.doPrivileged(Native Method) at org.springframework.beans.factory.support.AbstractAutowireCapab ``` 注释掉 pentahoObjects.spring.xml 中的 <bean id="ICacheManager" class="org.pentaho.platform.plugin.services.cache.CacheManager" scope="singleton" /> 后,能正常启动 pentaho bi server, cas 登陆成功后,不会自动跳转到 pentaho 页面,停在那,请问还要设置哪里? ``` <bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties" autowire="default" dependency-check="default" lazy-init="default"> <property name="service" value="http://localhost:8080/pentaho/j_spring_cas_security_check"/> <property name="sendRenew" value="false"/> </bean> <bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter" autowire="default" dependency-check="default" lazy-init="default"> <property name="authenticationEntryPoint"> <ref local="casProcessingFilterEntryPoint"/> </property> <property name="accessDeniedHandler"> <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl" /> </property> </bean> <bean id="casSingleSignOutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"> </bean> <bean id="casSingleSignOutHttpSessionListener" class="org.jasig.cas.client.session.SingleSignOutHttpSessionListener"> </bean> <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint" autowire="default" dependency-check="default" lazy-init="default"> <property name="loginUrl" value="http://192.168.130.256:8787/sso/login?sysname=CAS%20TEST/login"/> <property name="serviceProperties"> <ref local="serviceProperties"/> </property> </bean> ```

Springsecurity cas单点登录,循环重定向问题

最近在弄springsecurity+cas实现单点登录,但配置完成测试,去发现在cas server端登录成功之后,竟出现了循环重定向问题,我springsecurity配置如下: ``` <?xml version="1.0" encoding="UTF-8" ?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd"> <!-- Spring-Security 的配置 --> <!-- 配置不过滤的资源(静态资源及登录相关) --> <security:http pattern="/static/**" security="none"></security:http> <!-- 注意use-expressions=true.表示开启表达式,否则表达式将不可用. /access-denied.htm , auto-config="true" use-expressions="true"--> <security:http entry-point-ref="casAuthenticationEntryPoint" auto-config="true" use-expressions="true" access-denied-page="/user/index.htm"> <!--允许所有人访问 access="permitAll"--> <security:intercept-url pattern="/login.htm" access="permitAll"/> <security:intercept-url pattern="/regist*.htm" access="permitAll" /> <security:intercept-url pattern="/upload/**" access="permitAll" /> <!--允许IS_AUTHENTICATED_ANONYMOUSLY匿名访问 <security:intercept-url pattern="/index.htm" access="IS_AUTHENTICATED_ANONYMOUSLY" /> --> <!--允许USER权限访问 hasRole('USER')--> <security:intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" /> <!--允许USER权限访问--> <security:intercept-url pattern="/exam/**" access="hasRole('ROLE_USER')" /> <!--允许ROLE权限访问--> <security:intercept-url pattern="/auth/**" access="hasRole('ROLE_ROLE')" /> <!--允许ADMIN权限访问所有资源--> <security:intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" /> <!--**** cas单点 .2015-06-23 by cyj ****--> <security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></security:custom-filter> <!--**** cas单点 .2015-06-23 by cyj ****--> </security:http> <!--***************************************** CAS TEST 2015-06-23 . by cyj***************************************** --> <!-- The CAS filter handles the redirect from the CAS server and starts the ticket validation. --> <bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"> <property name="authenticationManager" ref="authenticationManager"></property> <property name="authenticationSuccessHandler"> <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"> <property name="alwaysUseDefaultTargetUrl"> <value>true</value> </property> <property name="defaultTargetUrl"> <value>http://localhost:8080/user/index.htm</value> </property> </bean> </property> </bean> <!--**** 2015-06-23,CAS TEST ****--> <security:authentication-manager alias="authenticationManager" erase-credentials="false"> <security:authentication-provider ref="casAuthenticationProvider"> </security:authentication-provider> </security:authentication-manager> <!--**** 2015-06-23,CAS TEST ****--> <!-- Handles the CAS ticket processing. --> <bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> <property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/> <property name="serviceProperties" ref="serviceProperties"></property> <property name="ticketValidator"> <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <constructor-arg index="0" value="https://localhost:8443/cas-server" /> <!-- //SSO验证地址 --> </bean> </property> <property name="key" value="cas123"></property> </bean> <!-- authorities对应 CAS server的 登录属性, 在此设置到spirng security中,用于spring security的验证 <bean id="authenticationUserDetailsService" class="org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService"> <constructor-arg> <array> <value>authorities</value> </array> </constructor-arg> </bean> --> <bean id="authenticationUserDetailsService" class="com.bms.comm.cas.MyAuthenticationUserDetailsService"> <!-- <constructor-arg> <array> <value>authorities</value> </array> </constructor-arg> --> <property name="attributes"> <array> <value>authorities</value> </array> </property> </bean> <!-- This section is used to configure CAS. The service is the actual redirect that will be triggered after the CAS login sequence. //http://localhost:8088/SpringSecurity 具体应用 // j_spring_cas_security_check spring的虚拟URL,此标志标识使用 CAS authentication upon return from CAS SSO login. --> <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"> <property name="service" value="https://localhost:8447/j_spring_cas_security_check"></property> <property name="sendRenew" value="false"></property> </bean> <!-- The entryPoint intercepts all the CAS authentication requests. It redirects to the CAS loginUrl for the CAS login page. 通过上述的配置,则具体应用在使用的时候,用户认证和授权则无需过问,只需在应用中配置相关的角色访问权限即可。即,只需对下面的红色部分进行修改, 即可以完成应用的认证和授权工作。大大简化了应用和认证与授权的剥离工作 --> <bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"> <property name="loginUrl" value="https://localhost:8443/cas-server/login"></property> <!-- //SSO登录地址 --> <property name="serviceProperties" ref="serviceProperties"></property> </bean> </beans> ``` 请大牛帮我看下,看我的配置哪有问题?谢谢!!

CAS5.3 客户端配置cas.client-host-url的参数不相同时,单点登出失效

1.host文件配置如下: 127.0.0.1 server.cas.com 127.0.0.1 chain.cas.com 127.0.0.1 public.cas.com 2.两个客户端分别chain-client与public-client,当分别配置如下代码时,单点登出失效,但当配置相同参数时是OK的,比如:都配置成mi.com,猜想是不是跨域引起的? chain-client:cas.client-host-url=http://chain.cas.com:9001 public-client:cas.client-host-url=http://public.cas.com:9002

CAS4.2单点登录如何配置多个系统登录一次和退出到登录页问题

1、我用CAS4.2搭建了cas服务端,客户端是3.4.1版本 2、现在服务端配置好了,也可以通过我配置的客户端系统访问和查询数据库登录 3、问题:我配置了两个cas系统castest1和castest2,两个系统serverName分别配置为hhaip-cas1.com和hhaip-cas2.com,现在我访问castest1且登录成功,然后同一浏览器访问castest2还是跳转到登录页面,预期应该直接跳转到我访问的页面才是 4、问题2:我想退出到登录页,但是我每次都退出到我设置的那个链接,且打开浏览器新标签访问我这个系统竟然不会跳转到登录页而是直接跳转到我的系统页面,即:我可能没有退出成功,下图是我的退出URL和客户端web.xml配置。 5、注意我的cas-server是4.2版本和老版本差别很大,请大家不要复制其他的代码回答问题。 <a href="http://192.168.189.1:8080/sso/logout?service=http://hhaip-cas2.com:8080/casclient2">退出</a> ![图片说明](https://img-ask.csdn.net/upload/201612/14/1481707479_714440.png) ![图片说明](https://img-ask.csdn.net/upload/201612/14/1481707508_601819.png) ![图片说明](https://img-ask.csdn.net/upload/201612/14/1481707532_729900.png) ![图片说明](https://img-ask.csdn.net/upload/201612/14/1481707548_711607.png)

java 关于cas单点登录成功后跳转问题

问题描述: 1.正常情况下cas从服务端登录后跳转成功界面;需改造成从服务端登录后总是显示登录界面。并且切换用户,客户端能够正确显示不同用户信息。 修改login-webflow.xml中判断service是否存在 不存在时跳转到generateLoginTicket ![图片说明](https://img-ask.csdn.net/upload/201607/20/1469003836_834819.png) 2.只登陆服务端测试,登录成功后能够跳转登录页面,再次使用另一组用户,提交成功。 3.从服务器登录 ,重新打开窗口并访问客户端地址,客户端跳转成功,在原来服务端窗口切换用户登录,提交 不能提交成功。如下图所示: ![图片说明](https://img-ask.csdn.net/upload/201607/20/1469004719_251132.png) ![图片说明](https://img-ask.csdn.net/upload/201607/20/1469004764_963750.png) ![图片说明](https://img-ask.csdn.net/upload/201607/20/1469004775_578001.png) debug跟踪时第二次登录没有执行authenticationViaFormAction.doBind该步骤,反而重新走了登录流程。 希望得到大神指点!

JAVA CAS 单点登录 登录成功后 跳转指定URL的问题

假设目前有三个系统: cas app1 app2 当访问app1时大致请求流程为 app1-cas-app1 需实现: app1-cas-app2 访问app1 ,重定向到cas认证, 认证成功后重定向到app2 (app2类似于门户系统) 该操作只在登录时执行 目前 CAS 默认是重定向回app1 app1系统使用Spring Security集成 CAS 可通过 SecurityConfig 实现 @Bean public AuthenticationSuccessHandler authenticationSuccessHandler() { SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); successHandler.setDefaultTargetUrl(successUrl); return successHandler; } 但是现在另有子系统app2 没有用 Security作为安全框架 应该怎么配置? 如果我在app1的web.xml中配置 ![图片说明](https://img-ask.csdn.net/upload/201810/15/1539599059_3892.png) 这样会导致app1的所有请求都会跳转到app2中 请各路神仙不吝赐教

javaWeb项目集成了AD数据同步,当把项目使用的cas单点登录改成https后报错

错误信息: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:295) at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:33) at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178) at com.unitever.dc.base.core.multipledata.MultipleDataSourceCasAuthenticationProvider.authenticateNow(MultipleDataSourceCasAuthenticationProvider.java:114) at com.unitever.dc.base.core.multipledata.MultipleDataSourceCasAuthenticationProvider.authenticate(MultipleDataSourceCasAuthenticationProvider.java:100) at org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:130) at org.springframework.security.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:48) at org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:104) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:110) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:169) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.unitever.dc.base.core.spring.security.AutoAuthenticateFilter.doFilter(AutoAuthenticateFilter.java:194) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.unitever.dc.base.core.multipledata.filter.RoutingDataSourceFilter.doFilter(RoutingDataSourceFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.unitever.framework.component.i18n.filter.I18nFilter.doFilter(I18nFilter.java:40) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:607) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901) at sun.security.ssl.Handshaker.process_record(Handshaker.java:837) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1301) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:281) ... 52 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428) ... 64 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) ... 70 more

cas单点登录客户端问题

我的系统A和系统B都集成了cas单点登录,但是我登录了系统A之后,再打开一个窗口访问系统B还是需要登录是什么原因呢

spring security cas单点登录拒绝访问

[b]cas服务端和cas客户端都已经配合,访问cas服务端可以登录,访问客户端应用资源的时候出现拒绝访问问题,但是[color=red]能成功跳转到cas服务端的login页面,输入账号密码后控制台打印显示出服务端登录成功,但是关于客户端的打印出现拒绝访问异常,而且httpSession不为null但是里面没值[/color][/b]。 初次使用spring security和cas望多多指教. 异常信息: [color=red][b]首次登录直接出现拒绝访问,但是却能跳转到cas 登录页面,[/b][/color] [quote] 信息: Server startup in 21955 ms 2012-6-6 11:51:31 org.apache.catalina.core.ApplicationContext log 信息: HTMLManager: init: Associated with Deployer 'Catalina:type=Deployer,host=localhost' 2012-6-6 11:51:31 org.apache.catalina.core.ApplicationContext log 信息: HTMLManager: init: Global resources are available 2012-6-6 11:51:31 org.apache.catalina.core.ApplicationContext log 信息: HTMLManager: list: Listing contexts for virtual host 'localhost' 2012-06-06 11:51:32,593 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Beginning ticket cleanup.> 2012-06-06 11:51:32,593 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <0 tickets found to be removed.> 2012-06-06 11:51:32,593 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Finished ticket cleanup.> 11:51:33,906 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 11:51:33,921 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:127 - No HttpSession currently exists 11:51:33,921 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:85 - No SecurityContext was available from the HttpSession: null. A new one will be created. 11:51:33,921 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter' 11:51:33,921 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 3 of 12 in additional filter chain; firing Filter: 'CasAuthenticationFilter' 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:311 - serviceTicketRequest = false 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:362 - proxyReceptorConfigured = false 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:349 - proxyReceptorRequest = false 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:327 - proxyTicketRequest = false 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:262 - requiresAuthentication = false 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 11:51:33,937 DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter' 11:51:33,937 DEBUG org.springframework.security.web.session.SessionManagementFilter:91 - Requested session IDFED78FFF2BDBC0647461CBFA29AB9B23 is invalid. 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 11:51:33,937 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor:193 - Secure object: FilterInvocation: URL: /index.jsp; Attributes: [ROLE_USER] 11:51:33,937 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor:298 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS 11:51:33,937 DEBUG org.springframework.security.access.vote.AffirmativeBased:65 - Voter: org.springframework.security.access.vote.RoleVoter@13e02ed, returned: -1 11:51:33,953 DEBUG org.springframework.security.access.vote.AffirmativeBased:65 - Voter: org.springframework.security.access.vote.AuthenticatedVoter@322394, returned: 0 11:51:33,968 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter:165 - Access is denied (user is anonymous); redirecting to authentication entry point org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:205) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:877) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:594) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1675) at java.lang.Thread.run(Thread.java:662) 11:51:33,984 DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache:41 - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/Cas_Client/] 11:51:33,984 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter:185 - Calling Authentication entry point. 11:51:33,984 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:269 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 11:51:34,015 DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed 2012-06-06 11:51:34,921 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies to: /casServer/> [/quote] [color=red][b]跳转到登录页面后输入账号密码出现cas服务端的信息正常,但是关于cas客户端的和上面的异常一样:[/b][/color] 打印信息: [quote] 2012-06-06 12:03:21,625 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.> 2012-06-06 12:03:21,625 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 0 services.> start[1338955402531] time[603] tag[QueryDatabaseAuthenticationHandler] 2012-06-06 12:03:23,125 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler successfully authenticated the user which provided the following credentials: [username: wucht]> 2012-06-06 12:03:23,234 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <Resolved principal wucht> 2012-06-06 12:03:23,234 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <Principal found: wucht> 2012-06-06 12:03:23,250 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [username: wucht] WHAT: supplied credentials: [username: wucht] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Wed Jun 06 12:03:23 CST 2012 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2012-06-06 12:03:23,250 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [username: wucht] WHAT: TGT-1-0WNh4MDLT57myMG77eF54B9ix5oQP0OItPnVBGDZBYac9Bj42E-casServer ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Wed Jun 06 12:03:23 CST 2012 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2012-06-06 12:03:23,265 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-1-eOK4CG7zd7cApkahlva9-casServer] for service [http://localhost:8080/Cas_Client/j_acegi_cas_security_check] for user [wucht]> 2012-06-06 12:03:23,265 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: wucht WHAT: ST-1-eOK4CG7zd7cApkahlva9-casServer for http://localhost:8080/Cas_Client/j_acegi_cas_security_check ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Wed Jun 06 12:03:23 CST 2012 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 12:03:23,296 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:139 - HttpSession returned null object for SPRING_SECURITY_CONTEXT 12:03:23,296 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:85 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@1ef3d12. A new one will be created. 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 3 of 12 in additional filter chain; firing Filter: 'CasAuthenticationFilter' 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:311 - serviceTicketRequest = false 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:362 - proxyReceptorConfigured = false 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:349 - proxyReceptorRequest = false 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:327 - proxyTicketRequest = false 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:262 - requiresAuthentication = false 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 12:03:23,296 DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest:309 - pathInfo: both null (property equals) 12:03:23,296 DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest:317 - queryString: arg1=null; arg2=ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer (property not equals) 12:03:23,296 DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache:75 - saved request doesn't match 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 12:03:23,296 DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fa86552: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd148a: RemoteIpAddress: 127.0.0.1; SessionId: 659060E504E41E2F28CF873803A07F81; Granted Authorities: ROLE_ANONYMOUS' 12:03:23,312 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter' 12:03:23,312 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 12:03:23,312 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 12:03:23,312 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor:193 - Secure object: FilterInvocation: URL: /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer; Attributes: [ROLE_USER] 12:03:23,312 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor:298 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6fa86552: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd148a: RemoteIpAddress: 127.0.0.1; SessionId: 659060E504E41E2F28CF873803A07F81; Granted Authorities: ROLE_ANONYMOUS 12:03:23,312 DEBUG org.springframework.security.access.vote.AffirmativeBased:65 - Voter: org.springframework.security.access.vote.RoleVoter@13e02ed, returned: -1 12:03:23,312 DEBUG org.springframework.security.access.vote.AffirmativeBased:65 - Voter: org.springframework.security.access.vote.AuthenticatedVoter@322394, returned: 0 12:03:23,312 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter:165 - Access is denied (user is anonymous); redirecting to authentication entry point org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:205) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:877) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:594) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1675) at java.lang.Thread.run(Thread.java:662) 12:03:23,312 DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache:41 - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/Cas_Client/j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer] 12:03:23,312 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter:185 - Calling Authentication entry point. 12:03:23,312 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:269 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 12:03:23,343 DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed [/quote] [b]cas服务端配置:[/b] cas.properties [quote] #server.prefix=http://localhost:8080/cas #server.prefix=http://cas.wucht.com:8080/casServer server.prefix=http://localhost:8080/casServer cas.securityContext.serviceProperties.service=${server.prefix}/j_acegi_cas_security_check # Names of roles allowed to access the CAS service manager cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${server.prefix}/login cas.securityContext.ticketValidator.casServerUrlPrefix=${server.prefix} cas.themeResolver.defaultThemeName=cas-theme-default #cas.themeResolver.defaultThemeName=default cas.viewResolver.basename=default_views #host.name=cas host.name=casServer #database.hibernate.dialect=org.hibernate.dialect.OracleDialect database.hibernate.dialect=org.hibernate.dialect.MySQLDialect #database.hibernate.dialect=org.hibernate.dialect.HSQLDialect [/quote] deployerConfigContext.xml [quote] <?xml version="1.0" encoding="UTF-8"?> <!-- | deployerConfigContext.xml centralizes into one file some of the declarative configuration that | all CAS deployers will need to modify. | | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment. | The beans declared in this file are instantiated at context initialization time by the Spring | ContextLoaderListener declared in web.xml. It finds this file because this | file is among those declared in the context parameter "contextConfigLocation". | | By far the most common change you will need to make in this file is to change the last bean | declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with | one implementing your approach for authenticating usernames and passwords. +--> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:sec="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <!-- | This bean declares our AuthenticationManager. The CentralAuthenticationService service bean | declared in applicationContext.xml picks up this AuthenticationManager by reference to its id, | "authenticationManager". Most deployers will be able to use the default AuthenticationManager | implementation and so do not need to change the class of this bean. We include the whole | AuthenticationManager here in the userConfigContext.xml so that you can see the things you will | need to change in context. +--> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <!-- | This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate. | The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which | supports the presented credentials. | | AuthenticationManagerImpl uses these resolvers for two purposes. First, it uses them to identify the Principal | attempting to authenticate to CAS /login . In the default configuration, it is the DefaultCredentialsToPrincipalResolver | that fills this role. If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are | using. | | Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket. | In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose. | You will need to change this list if you are identifying services by something more or other than their callback URL. +--> <property name="credentialsToPrincipalResolvers"> <list> <!-- | UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login | by default and produces SimplePrincipal instances conveying the username from the credentials. | | If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also | need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the | Credentials you are using. +--> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"> <!--增加此属性,为认证过的用户的Principal添加属性--> <property name="attributeRepository" ref="attributeRepository"></property> </bean> <!-- | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials. It supports the CAS 2.0 approach of | authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a | SimpleService identified by that callback URL. | | If you are representing services by something more or other than an HTTPS URL whereat they are able to | receive a proxy callback, you will need to change this bean declaration (or add additional declarations). +--> <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> </list> </property> <!-- | Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate, | AuthenticationHandlers actually authenticate credentials. Here we declare the AuthenticationHandlers that | authenticate the Principals that the CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn | until it finds one that both supports the Credentials presented and succeeds in authenticating. +--> <property name="authenticationHandlers"> <list> <!-- | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating | a server side SSL certificate. +--> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <!-- | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your | local authentication strategy. You might accomplish this by coding a new such handler and declaring | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules. +--> <!-- <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> --> <!-- 数据库认证.wucht--> <bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"> <property name="dataSource" ref="dataSource" /> <property name="sql" value="select password from users where name=?" /> </bean> </list> </property> </bean> <!-- DATABASE 增加数据源配置 --> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property> <property name="url"><value>jdbc:mysql://localhost:3306/mysql?useUnicode=true&amp;characterEncoding=utf-8</value></property> <property name="username"><value>root</value></property> <property name="password"><value>root</value></property> </bean> <!-- This bean defines the security roles for the Services Management application. Simple deployments can use the in-memory version. More robust deployments will want to use another option, such as the Jdbc version. The name of this should remain "userDetailsService" in order for Spring Security to find it. --> <!-- <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />--> <sec:user-service id="userDetailsService"> <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" /> </sec:user-service> <!-- Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation may go against a database or LDAP server. The id should remain "attributeRepository" though. --> <!-- <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"> <property name="backingMap"> <map> <entry key="uid" value="uid" /> <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> <entry key="groupMembership" value="groupMembership" /> </map> </property> </bean> --> <!-- 使用SingleRowJdbcPersonAttributeDao 获取更多用户的信息 --> <bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao"> <constructor-arg index="0" ref="dataSource"/> <constructor-arg index="1" value="select role_name from role where login_name = ?"/> <!--这里的key需写username,value对应数据库用户名字段 --> <property name="queryAttributeMapping"> <map> <entry key="username" value="login_name"/> </map> </property> <!--key对应数据库字段,value对应客户端获取参数 --> <!-- 返回数据认证后的数据 --> <property name="resultAttributeMapping"> <map> <!--这个从数据库中获取的角色,用于在应用中security的权限验证--> <entry key="role_name" value="authorities"/> </map> </property> </bean> <!-- Sample, in-memory data store for the ServiceRegistry. A real implementation would probably want to replace this with the JPA-backed ServiceRegistry DAO The name of this bean should remain "serviceRegistryDao". --> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> <!-- <property name="registeredServices"> <list> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="0" /> <property name="name" value="HTTP" /> <property name="description" value="Only Allows HTTP Urls" /> <property name="serviceId" value="http://**" /> <property name="evaluationOrder" value="10000001" /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="1" /> <property name="name" value="HTTPS" /> <property name="description" value="Only Allows HTTPS Urls" /> <property name="serviceId" value="https://**" /> <property name="evaluationOrder" value="10000002" /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="2" /> <property name="name" value="IMAPS" /> <property name="description" value="Only Allows HTTPS Urls" /> <property name="serviceId" value="imaps://**" /> <property name="evaluationOrder" value="10000003" /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="3" /> <property name="name" value="IMAP" /> <property name="description" value="Only Allows IMAP Urls" /> <property name="serviceId" value="imap://**" /> <property name="evaluationOrder" value="10000004" /> </bean> </list> </property> --> </bean> <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> </beans> [/quote] [b]spring的配置代码如下:[/b][code="ruby"] <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd" default-lazy-init="true"> <!-- entry-point-ref="casEntryPoint"作用是认证的入口,是一个实现AuthenticationEntryPoint接口的类 ,为ExceptionTranslationFilter类提供认证依据, <custom-filter position="FORM_LOGIN_FILTER" ref="casFilter"/> 使用自定义的Filter,放置在过滤器链的FORM_LOGIN_FILTER的位置 casEntryPoint只是提供认证入口的作用,当没有权限,将跳转到该地址。 casFilter是处理CAS service ticket的,当无权访问时,会使用casEntryPoint提供认证入口 --> <http auto-config="true" entry-point-ref="casEntryPoint" access-denied-page="/403.jsp"> <intercept-url pattern="/**" access="ROLE_USER" /> <!-- ROLE_ADMIN--> <!-- logout-success-url="/login.html" --> <!-- 注销时需要先注销应用程序,再注销cas中心认证服务 --> <logout logout-url="/logout.html" success-handler-ref="casLogoutSuccessHandler" /> <custom-filter position="CAS_FILTER" ref="casFilter" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider ref="casAuthenticationProvider" /> </authentication-manager> <!-- cas中心认证服务入口 --> <beans:bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"> <beans:property name="loginUrl" value="http://localhost:8080/casServer/login" /> <beans:property name="serviceProperties" ref="serviceProperties" /> </beans:bean> <!-- cas中心认证服务配置 --> <beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"> <beans:property name="service" value="http://localhost:8080/Cas_Client/j_acegi_cas_security_check" /> <beans:property name="sendRenew" value="false" /> </beans:bean> <!-- CAS service ticket(中心认证服务凭据)验证 --> <beans:bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"> <beans:property name="authenticationManager" ref="authenticationManager" /> <!-- <beans:property name="authenticationFailureHandler">--> <!-- <beans:bean--> <!-- class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">--> <!-- <beans:property name="defaultFailureUrl"--> <!-- value="/logout.html" />--> <!-- </beans:bean>--> <!-- </beans:property>--> <!-- 登录成功后的页面,如果是固定的。否则 ref="authenticationSuccessHandler" --> <!-- <beans:property name="authenticationSuccessHandler">--> <!-- <beans:bean--> <!-- class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">--> <!-- <beans:property name="defaultTargetUrl"--> <!-- value="/index.jsp" />--> <!-- </beans:bean>--> <!-- </beans:property>--> </beans:bean> <!-- 从Cas Server得到用户信息 --> <beans:bean id="authenticationUserDetailsService" class="org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService"> <beans:constructor-arg> <beans:array> <beans:value>authorities</beans:value> </beans:array> </beans:constructor-arg> </beans:bean> <beans:bean id="userDetailsService" class="com.reportstart.security.service.impl.BocUserDetaislServiceImpl"> <!-- <beans:property name="userDao">--> <!-- <beans:ref bean="userDao" />--> <!-- </beans:property>--> </beans:bean> <!-- <beans:bean id="authenticationUserDetailsService"--> <!-- class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">--> <!-- <beans:property name="userDetailsService">--> <!-- <beans:ref local="userDetailsService" />--> <!-- </beans:property>--> <!-- </beans:bean>--> <beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> <!-- 使用自定义service获取用户信息 --> <!-- <beans:property name="authenticationUserDetailsService"--> <!-- ref="casAuthenticationUserDetailsService" />--> <!-- 通过Cas Server获取用户信息 --> <beans:property name="authenticationUserDetailsService" ref="authenticationUserDetailsService" /> <beans:property name="serviceProperties" ref="serviceProperties" /> <beans:property name="ticketValidator"> <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <beans:constructor-arg index="0" value="http://localhost:8080/casServer" /> </beans:bean> </beans:property> <!-- 自定义cas客户端应用标示.wucht.2012-6-4(每个cas客户端都需要一个key标示用于区分不同cas客户端) --> <beans:property name="key" value="Cas_Client" /> </beans:bean> <!-- 注销 --> <beans:bean id="casLogoutSuccessHandler" class="com.wucht.test.CasLogoutSuccessHandler"> </beans:bean> </beans:beans>[/code]

CAS cas-server返回xml格式数据问题

``` <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user>jason,102</cas:user> <cas:attributes> <cas:sn>lei</cas:sn> <cas:email>jason@abc.net</cas:email> <cas:loginid>jason</cas:loginid> </cas:attributes> </cas:authenticationSuccess> </cas:serviceResponse> ``` 以上是cas-server端返回的xml数据,并没有<cas:proxyGrantingTicket>这个节点数据,client在解析的时候就只读到了user ,没有去读attributes这个节点的数据,为什么会少了<cas:proxyGrantingTicket>这个节点,郁闷了好久?备注:使用CAS环境未使用https 及 证书? 各位,帮帮忙,不然睡不着啦!

cas单点登录用户超时无法正确跳转到登录界面

前台使用的是Ajax请求一个页面,然后填充到主页面。 ``` jQuery.post("xxxx.action" + new Date().getTime(), function sgBack(data) { jQuery("#xxx").html(data); }); ``` 当用户长时间未登录 失效点击按钮的时候是不进xxxx.action。而是由单点登录 response.sendRedirect(url);到登录界面。 问题是前台把登录界面给 塞到 jQuery("#xxx").html(data);并没有直接跳转到登录界面。 求教怎么让页面主体跳转到登录页面!

4小时玩转微信小程序——基础入门与微信支付实战

4小时玩转微信小程序——基础入门与微信支付实战

Python可以这样学(第四季:数据分析与科学计算可视化)

Python可以这样学(第四季:数据分析与科学计算可视化)

组成原理课程设计(实现机器数的真值还原等功能)

实现机器数的真值还原(定点小数)、定点小数的单符号位补码加减运算、定点小数的补码乘法运算和浮点数的加减运算。

javaWeb图书馆管理系统源码mysql版本

系统介绍 图书馆管理系统主要的目的是实现图书馆的信息化管理。图书馆的主要业务就是新书的借阅和归还,因此系统最核心的功能便是实现图书的借阅和归还。此外,还需要提供图书的信息查询、读者图书借阅情况的查询等

土豆浏览器

土豆浏览器可以用来看各种搞笑、电影、电视剧视频

Java面试题大全(2020版)

发现网上很多Java面试题都没有答案,所以花了很长时间搜集整理出来了这套Java面试题大全,希望对大家有帮助哈~ 本套Java面试题大全,全的不能再全,哈哈~ 一、Java 基础 1. JDK 和 JRE 有什么区别? JDK:Java Development Kit 的简称,java 开发工具包,提供了 java 的开发环境和运行环境。 JRE:Java Runtime Environ...

Java8零基础入门视频教程

Java8零基础入门视频教程

Java基础知识面试题(2020最新版)

文章目录Java概述何为编程什么是Javajdk1.5之后的三大版本JVM、JRE和JDK的关系什么是跨平台性?原理是什么Java语言有哪些特点什么是字节码?采用字节码的最大好处是什么什么是Java程序的主类?应用程序和小程序的主类有何不同?Java应用程序与小程序之间有那些差别?Java和C++的区别Oracle JDK 和 OpenJDK 的对比基础语法数据类型Java有哪些数据类型switc...

TTP229触摸代码以及触摸返回值处理

自己总结的ttp229触摸代码,触摸代码以及触摸按键处理

网络工程师小白入门--【思科CCNA、华为HCNA等网络工程师认证】

网络工程师小白入门--【思科CCNA、华为HCNA等网络工程师认证】

深度学习原理+项目实战+算法详解+主流框架(套餐)

深度学习系列课程从深度学习基础知识点开始讲解一步步进入神经网络的世界再到卷积和递归神经网络,详解各大经典网络架构。实战部分选择当下最火爆深度学习框架PyTorch与Tensorflow/Keras,全程实战演示框架核心使用与建模方法。项目实战部分选择计算机视觉与自然语言处理领域经典项目,从零开始详解算法原理,debug模式逐行代码解读。适合准备就业和转行的同学们加入学习! 建议按照下列课程顺序来进行学习 (1)掌握深度学习必备经典网络架构 (2)深度框架实战方法 (3)计算机视觉与自然语言处理项目实战。(按照课程排列顺序即可)

java jdk 8 帮助文档 中文 文档 chm 谷歌翻译

JDK1.8 API 中文谷歌翻译版 java帮助文档 JDK API java 帮助文档 谷歌翻译 JDK1.8 API 中文 谷歌翻译版 java帮助文档 Java最新帮助文档 本帮助文档是使用谷

Ubuntu18.04安装教程

Ubuntu18.04.1安装一、准备工作1.下载Ubuntu18.04.1 LTS2.制作U盘启动盘3.准备 Ubuntu18.04.1 的硬盘空间二、安装Ubuntu18.04.1三、安装后的一些工作1.安装输入法2.更换软件源四、双系统如何卸载Ubuntu18.04.1新的改变功能快捷键合理的创建标题,有助于目录的生成如何改变文本的样式插入链接与图片如何插入一段漂亮的代码片生成一个适合你的列...

快速排序---(面试碰到过好几次)

原理:    快速排序,说白了就是给基准数据找其正确索引位置的过程.    如下图所示,假设最开始的基准数据为数组第一个元素23,则首先用一个临时变量去存储基准数据,即tmp=23;然后分别从数组的两端扫描数组,设两个指示标志:low指向起始位置,high指向末尾.    首先从后半部分开始,如果扫描到的值大于基准数据就让high减1,如果发现有元素比该基准数据的值小(如上图中18&amp;lt...

手把手实现Java图书管理系统(附源码)

手把手实现Java图书管理系统(附源码)

HTML期末大作业

这是我自己做的HTML期末大作业,花了很多时间,稍加修改就可以作为自己的作业了,而且也可以作为学习参考

Python数据挖掘简易入门

Python数据挖掘简易入门

极简JAVA学习营第四期(报名以后加助教微信:eduxy-1)

极简JAVA学习营第四期(报名以后加助教微信:eduxy-1)

C++语言基础视频教程

C++语言基础视频教程

UnityLicence

UnityLicence

软件测试2小时入门

软件测试2小时入门

YOLOv3目标检测实战:训练自己的数据集

YOLOv3目标检测实战:训练自己的数据集

Python数据分析师-实战系列

系列课程主要包括Python数据分析必备工具包,数据分析案例实战,核心算法实战与企业级数据分析与建模解决方案实战,建议大家按照系列课程阶段顺序进行学习。所有数据集均为企业收集的真实数据集,整体风格以实战为导向,通俗讲解Python数据分析核心技巧与实战解决方案。

YOLOv3目标检测实战系列课程

《YOLOv3目标检测实战系列课程》旨在帮助大家掌握YOLOv3目标检测的训练、原理、源码与网络模型改进方法。 本课程的YOLOv3使用原作darknet(c语言编写),在Ubuntu系统上做项目演示。 本系列课程包括三门课: (1)《YOLOv3目标检测实战:训练自己的数据集》 包括:安装darknet、给自己的数据集打标签、整理自己的数据集、修改配置文件、训练自己的数据集、测试训练出的网络模型、性能统计(mAP计算和画出PR曲线)和先验框聚类。 (2)《YOLOv3目标检测:原理与源码解析》讲解YOLOv1、YOLOv2、YOLOv3的原理、程序流程并解析各层的源码。 (3)《YOLOv3目标检测:网络模型改进方法》讲解YOLOv3的改进方法,包括改进1:不显示指定类别目标的方法 (增加功能) ;改进2:合并BN层到卷积层 (加快推理速度) ; 改进3:使用GIoU指标和损失函数 (提高检测精度) ;改进4:tiny YOLOv3 (简化网络模型)并介绍 AlexeyAB/darknet项目。

超详细MySQL安装及基本使用教程

一、下载MySQL 首先,去数据库的官网http://www.mysql.com下载MySQL。 点击进入后的首页如下:  然后点击downloads,community,选择MySQL Community Server。如下图:  滑到下面,找到Recommended Download,然后点击go to download page。如下图:  点击download进入下载页面选择No...

一学即懂的计算机视觉(第一季)

一学即懂的计算机视觉(第一季)

董付国老师Python全栈学习优惠套餐

购买套餐的朋友可以关注微信公众号“Python小屋”,上传付款截图,然后领取董老师任意图书1本。

爬取妹子图片(简单入门)

安装第三方请求库 requests 被网站禁止了访问 原因是我们是Python过来的 重新给一段 可能还是存在用不了,使用网页的 编写代码 上面注意看匹配内容 User-Agent:请求对象 AppleWebKit:请求内核 Chrome浏览器 //请求网页 import requests import re //正则表达式 就是去不规则的网页里面提取有规律的信息 headers = { 'User-Agent':'存放浏览器里面的' } response = requests.get

web网页制作期末大作业

分享思维,改变世界. web网页制作,期末大作业. 所用技术:html css javascript 分享所学所得

技术大佬:我去,你写的 switch 语句也太老土了吧

昨天早上通过远程的方式 review 了两名新来同事的代码,大部分代码都写得很漂亮,严谨的同时注释也很到位,这令我非常满意。但当我看到他们当中有一个人写的 switch 语句时,还是忍不住破口大骂:“我擦,小王,你丫写的 switch 语句也太老土了吧!” 来看看小王写的代码吧,看完不要骂我装逼啊。 private static String createPlayer(PlayerTypes p...

相关热词 c# 开发接口 c# 中方法上面的限制 c# java 时间戳 c#单元测试入门 c# 数组转化成文本 c#实体类主外键关系设置 c# 子函数 局部 c#窗口位置设置 c# list 查询 c# 事件 执行顺序
立即提问