YoshionTwo
YoshionTwo
2017-05-22 11:47

shiro +cas 整合单点登录页面重定向的问题 后台是jeesite框架

  • jeesite
  • shiro
  • cas单点登录

访问系统的时候页面进入cas的登录页,输入用户名密码之后就进入了重定向了,不知道该怎么配这个配置文件了。大神能给我分析分析问题出在哪了么

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
        http://www.springframework.org/schema/context  http://www.springframework.org/schema/context/spring-context-4.0.xsd"
    default-lazy-init="true">

    <description>Shiro Configuration</description>

    <!-- 加载配置属性文件 -->
    <context:property-placeholder ignore-unresolvable="true" location="classpath:jeesite.properties" />

    <!-- Shiro权限过滤过滤器定义 -->
    <bean name="shiroFilterChainDefinitions" class="java.lang.String">
        <constructor-arg>
            <value>
                /static/** = anon
                /api/test = anon
                /api/userRegist = anon
                ${adminPath}/userApi/userRegist = anon
                /api/** = anon
                /userfiles/** = anon
                ${adminPath}/upload = anon
                ${adminPath}/cas = cas
                ${adminPath}/login = authc 
                ${adminPath}/logout = logoutFilter
                <!-- ${adminPath}/** = user -->

                /shiro-cas = cas
                <!-- /logout = logoutFilter -->
                /a/** = user
                /a/sys/hlApi = anon
                ${adminPath}/sys/hlApi/form = anon
                /act/rest/service/editor/** = perms[act:model:edit]
                /act/rest/service/model/** = perms[act:model:edit]
                /act/rest/service/** = user
                /ReportServer/** = user
            </value>
        </constructor-arg>
    </bean>

    <!-- 安全认证过滤器 -->
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager" /><!-- 
        <property name="loginUrl" value="${cas.server.url}?service=${cas.project.url}${adminPath}/cas" /> -->
        <!-- <property name="loginUrl" value="${adminPath}/login" />
        <property name="successUrl" value="${adminPath}?login" /> -->
        <property name="loginUrl" value="${loginUrl}" /> 
        <property name="filters">
            <map>
                 <entry key="cas" value-ref="casFilter"/>
                <entry key="authc" value-ref="formAuthenticationFilter"/>
                <entry key="logoutFilter" value-ref="logoutFilter"/>
            </map>
        </property>
        <property name="filterChainDefinitions">
            <ref bean="shiroFilterChainDefinitions"/>
        </property>
    </bean>

    <bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter">
        <!-- 配置验证错误时的失败页面 -->
        <property name="redirectUrl" value="${logoutUrl}" />
    </bean>

    <!-- CAS认证过滤器 -->  
    <bean id="casFilter" class="org.apache.shiro.cas.CasFilter">  
        <property name="failureUrl" value="${loginFailedUrl}"/>
        <property name="successUrl" value="${loginSuccessUrl}" />
    </bean>

    <!-- 定义Shiro安全管理配置 -->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="subjectFactory" ref="casSubjectFactory"></property>
        <property name="realm" ref="UserRealm" />
        <!-- <property name="realm" ref="systemAuthorizingRealm" />
        <property name="sessionManager" ref="sessionManager" />
        <property name="cacheManager" ref="shiroCacheManager" /> -->
    </bean>
    <bean id="casSubjectFactory" class="org.apache.shiro.cas.CasSubjectFactory"></bean>

    <bean id="UserRealm" class="com.thinkgem.jeesite.modules.sys.security.UserRealm" depends-on="userDao,roleDao,menuDao">
    <property name="defaultRoles" value="ROLE_USER" />
    <property name="casServerUrlPrefix" value="${shiro.cas.serverUrlPrefix}" />
    <property name="casService" value="${shiro.cas.service}" />
    </bean>

    <!-- 自定义会话管理配置 -->
    <bean id="sessionManager" class="com.thinkgem.jeesite.common.security.shiro.session.SessionManager"> 
        <property name="sessionDAO" ref="sessionDAO"/>

        <!-- 会话超时时间,单位:毫秒  -->
        <property name="globalSessionTimeout" value="${session.sessionTimeout}"/>

        <!-- 定时清理失效会话, 清理用户直接关闭浏览器造成的孤立会话   -->
        <property name="sessionValidationInterval" value="${session.sessionTimeoutClean}"/>
<!--        <property name="sessionValidationSchedulerEnabled" value="false"/> -->
        <property name="sessionValidationSchedulerEnabled" value="true"/>

        <property name="sessionIdCookie" ref="sessionIdCookie"/>
        <property name="sessionIdCookieEnabled" value="true"/>
    </bean>

    <!-- 指定本系统SESSIONID, 默认为: JSESSIONID 问题: 与SERVLET容器名冲突, 如JETTY, TOMCAT 等默认JSESSIONID,
        当跳出SHIRO SERVLET时如ERROR-PAGE容器会为JSESSIONID重新分配值导致登录会话丢失! -->
    <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
        <constructor-arg name="name" value="jeesite.session.id"/>
    </bean>

    <!-- 自定义Session存储容器 -->
    <bean id="sessionDAO" class="com.thinkgem.jeesite.common.security.shiro.session.JedisSessionDAO"> 
        <property name="sessionIdGenerator" ref="idGen" /> 
        <property name="sessionKeyPrefix" value="${redis.keyPrefix}_session_" /> 
    </bean> 
    <!--<bean id="sessionDAO" class="com.thinkgem.jeesite.common.security.shiro.session.CacheSessionDAO">
        <property name="sessionIdGenerator" ref="idGen" />
        <property name="activeSessionsCacheName" value="activeSessionsCache" />
        <property name="cacheManager" ref="shiroCacheManager" />
    </bean>-->

    <!-- 定义授权缓存管理器 -->
    <bean id="shiroCacheManager" class="com.thinkgem.jeesite.common.security.shiro.cache.SessionCacheManager" />
    <!--<bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
        <property name="cacheManager" ref="cacheManager"/>
    </bean> -->

    <!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

    <!-- AOP式方法级权限检查  -->
    <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
        <property name="proxyTargetClass" value="true" />
    </bean>
    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager"/>
    </bean>

</beans>

shiro.cas.service=127.0.0.1:8181/a/login
shiro.cas.serverUrlPrefix=127.0.0.1:8081/cas/login
loginUrl=http://127.0.0.1:8081/cas/login?service=http://127.0.0.1:8181/a/login
logoutUrl=http://127.0.0.1:8081/cas/logout?service=http://127.0.0.1:8181/a/
loginSuccessUrl=127.0.0.1:8181/a/upload.jsp
loginFailedUrl=/a/login

  • 点赞
  • 回答
  • 收藏
  • 复制链接分享

1条回答