cas5.3.x配置返回多属性问题(java客户端无法获取服务器返回的自定义信息)

问题如题:

其中参照了

https://www.jianshu.com/p/54646ac96473
https://blog.csdn.net/yelllowcong/article/details/79238335

并根据教程做了如下配置:
1、修改service文件,HTTPSandIMAPS-10000001.json

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^(http|https|imaps)://.*",
  "name" : "HTTPS and IMAPS",
  "id" : 10000001,
  "description" : "This service definition authorizes all application urls that support HTTPS and IMAPS protocols.",
  "evaluationOrder" : 10000,
  "attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
  }
}

2、自定义验证以及返回更多的个人信息

3、spring.factories文件配上自己自定义的流程,其他的去掉

org.springframework.boot.autoconfigure.EnableAutoConfiguration=com.gxzytech.config.CustomAuthenticationConfiguration

4、查看后台服务器,确实返回了新加的信息
图片说明

最后问题是,java客户端还是只返回了用户名

图片说明

登录时控制台打印的日志如下,一开始attributes是有值的,后面不知怎么又变空了?难道是这个原因?

2019-09-04 14:46:52,558 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [result=Service Access Granted,service=http://localhost:8282/node2/,principal=SimplePrincipal(id=admin, attributes={mobil_no=12345678111, email=123456@126, username=admin}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Wed Sep 04 14:46:52 CST 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
2019-09-04 14:46:52,569 INFO [org.apereo.cas.DefaultCentralAuthenticationService] - <Granted ticket [ST-5-GCMpvMiMoVABKskshh9TqrsSNUUlkk-PC] for service [http://localhost:8282/node2/] and principal [admin]>
2019-09-04 14:46:52,569 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: admin
WHAT: ST-5-GCMpvMiMoVABKskshh9TqrsSNUUlkk-PC for http://localhost:8282/node2/
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Sep 04 14:46:52 CST 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=============================================================

>
2019-09-04 14:46:52,684 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [result=Service Access Granted,service=http://localhost:8282/node2/,principal=SimplePrincipal(id=admin, attributes={}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Wed Sep 04 14:46:52 CST 2019
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

1个回答

解决了。。。配置问题!
主要是当时配置了HTTPSandIMAPS-10000001.json的返回策略Return All(所有配置返回的都返回) ,但是没有配置landingone-1000.json的返回策略, 所以后面意识到后加上了返回策略属性后,成功获取到对应的个人信息了图片说明

后记:当时我怀疑是不是cas服务器session没有存有返回的个人信息。。都已经查询cas服务端&客户端源码了。。

小结:还是得熟悉常见的文件,搭建的步骤。

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
其他相关推荐
CAS5.3 客户端配置cas.client-host-url的参数不相同时,单点登出失效
1.host文件配置如下: 127.0.0.1 server.cas.com 127.0.0.1 chain.cas.com 127.0.0.1 public.cas.com 2.两个客户端分别chain-client与public-client,当分别配置如下代码时,单点登出失效,但当配置相同参数时是OK的,比如:都配置成mi.com,猜想是不是跨域引起的? chain-client:cas.client-host-url=http://chain.cas.com:9001 public-client:cas.client-host-url=http://public.cas.com:9002
CAS5.2.3 启动Oauth认证,客户端访问获取accessToken失败
``` 2018-04-04 18:14:30,265 ERROR [org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController] - <Executing an update/delete query> javax.persistence.TransactionRequiredException: Executing an update/delete query at org.hibernate.query.internal.AbstractProducedQuery.executeUpdate(AbstractProducedQuery.java:1496) ~[hibernate-core-5.2.13.Final.jar:5.2.13.Final] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_144] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_144] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_144] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_144] at org.springframework.orm.jpa.SharedEntityManagerCreator$DeferredQueryInvocationHandler.invoke(SharedEntityManagerCreator.java:372) ~[spring-orm-4.3.14.RELEASE.jar:4.3.14.RELEASE] at com.sun.proxy.$Proxy210.executeUpdate(Unknown Source) ~[?:?] at org.apereo.cas.ticket.registry.JpaTicketRegistry.deleteSingleTicket(JpaTicketRegistry.java:149) ~[cas-server-support-jpa-ticket-registry-5.2.3.jar:5.2.3] at org.apereo.cas.ticket.registry.AbstractTicketRegistry.deleteTicket(AbstractTicketRegistry.java:126) ~[cas-server-core-tickets-5.2.3.jar:5.2.3] at org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController.handleRequest(OAuth20AccessTokenEndpointController.java:114) ~[cas-server-support-oauth-5.2.3.jar:5.2.3] ... 98 more 2018-04-04 18:14:30,701 ERROR [org.apereo.cas.ticket.DefaultTicketCatalog] - <Ticket definition for [null] cannot be found in the ticket catalog which only contains the following ticket types: [[TGT, ST, RT, AT, PT, OC, PGT]]> 2018-04-04 18:14:30,702 ERROR [org.apereo.cas.ticket.registry.JpaTicketRegistry] - <Error getting ticket [null] from registry.> java.lang.NullPointerException: null at org.apereo.cas.ticket.registry.JpaTicketRegistry.getRawTicket(JpaTicketRegistry.java:88) ~[cas-server-support-jpa-ticket-registry-5.2.3.jar:5.2.3] at org.apereo.cas.ticket.registry.JpaTicketRegistry.getTicket(JpaTicketRegistry.java:75) ~[cas-server-support-jpa-ticket-registry-5.2.3.jar:5.2.3] ... 2018-04-04 18:14:30,703 ERROR [org.apereo.cas.support.oauth.web.endpoints.OAuth20UserProfileControllerController] - <Expired/Missing access token: [null]> ```
CAS4.2单点登录如何配置多个系统登录一次和退出到登录页问题
1、我用CAS4.2搭建了cas服务端,客户端是3.4.1版本 2、现在服务端配置好了,也可以通过我配置的客户端系统访问和查询数据库登录 3、问题:我配置了两个cas系统castest1和castest2,两个系统serverName分别配置为hhaip-cas1.com和hhaip-cas2.com,现在我访问castest1且登录成功,然后同一浏览器访问castest2还是跳转到登录页面,预期应该直接跳转到我访问的页面才是 4、问题2:我想退出到登录页,但是我每次都退出到我设置的那个链接,且打开浏览器新标签访问我这个系统竟然不会跳转到登录页而是直接跳转到我的系统页面,即:我可能没有退出成功,下图是我的退出URL和客户端web.xml配置。 5、注意我的cas-server是4.2版本和老版本差别很大,请大家不要复制其他的代码回答问题。 <a href="http://192.168.189.1:8080/sso/logout?service=http://hhaip-cas2.com:8080/casclient2">退出</a> ![图片说明](https://img-ask.csdn.net/upload/201612/14/1481707479_714440.png) ![图片说明](https://img-ask.csdn.net/upload/201612/14/1481707508_601819.png) ![图片说明](https://img-ask.csdn.net/upload/201612/14/1481707532_729900.png) ![图片说明](https://img-ask.csdn.net/upload/201612/14/1481707548_711607.png)
cas server4.1.3集群退出的问题
一个Nginx+两个Tomcat组成的cas server集群,cas server主要配置如下: ticketRegistry.xml文件: ``` <bean id="ticketDataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" p:driverClass="com.mysql.jdbc.Driver" p:jdbcUrl="jdbc:mysql://localhost:7999/casticket?useUnicode=true&amp;characterEncoding=UTF-8&amp;zeroDateTimeBehavior=convertToNull" p:user="root" p:password="root" p:initialPoolSize="6" p:minPoolSize="6" p:maxPoolSize="20" p:maxIdleTimeExcessConnections="1000" p:checkoutTimeout="2000" p:acquireIncrement="16" p:acquireRetryAttempts="5" p:acquireRetryDelay="2000" p:idleConnectionTestPeriod="30" p:preferredTestQuery="select 1" /> <!-- Ticket Registry --> <!-- <bean id="ticketRegistry" class="org.jasig.cas.ticket.registry.DefaultTicketRegistry"/> --> <bean id="ticketRegistry" class="org.jasig.cas.ticket.registry.JpaTicketRegistry" /> <bean class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor"/> <util:list id="packagesToScan"> <value>org.jasig.cas.ticket</value> <value>org.jasig.cas.adaptors.jdbc</value> </util:list> <bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter" p:generateDdl="true" p:showSql="true" /> <bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean" p:dataSource-ref="ticketDataSource" p:jpaVendorAdapter-ref="jpaVendorAdapter" p:packagesToScan-ref="packagesToScan"> <property name="persistenceUnitName" value="CasPU"/> <property name="jpaProperties"> <props> <prop key="hibernate.dialect">org.hibernate.dialect.MySQL5InnoDBDialect</prop> <prop key="hibernate.hbm2ddl.auto">update</prop> </props> </property> </bean> <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager" p:entityManagerFactory-ref="entityManagerFactory" /> <!-- 使用这个报错 --> <!-- <tx:annotation-driven transaction-manager="transactionManager" /> --> <tx:advice id="txRegistryAdvice" transaction-manager="transactionManager"> <tx:attributes> <tx:method name="deleteTicket" read-only="false" /> <tx:method name="addTicket" read-only="false" /> <tx:method name="updateTicket" read-only="false" /> <tx:method name="getTicket" read-only="true" /> <tx:method name="getTickets" read-only="true" /> <tx:method name="add*" read-only="false"/> <tx:method name="delete*" read-only="false"/> <tx:method name="save*" read-only="false"/> <tx:method name="update*" read-only="false"/> <tx:method name="get*" read-only="true"/> <tx:method name="grant*" read-only="false"/> <tx:method name="validate*" read-only="true"/> <tx:method name="sessionCount" read-only="true" /> <tx:method name="serviceTicketCount" read-only="true" /> </tx:attributes> </tx:advice> <tx:advice id="txRegistryLockingAdvice" transaction-manager="transactionManager"> <tx:attributes> <tx:method name="getOwner" read-only="true" /> <tx:method name="acquire" read-only="false" /> <tx:method name="release" read-only="false" /> </tx:attributes> </tx:advice> <aop:config> <aop:pointcut id="ticketRegistryOperations" expression="execution(* org.jasig.cas.ticket.registry.JpaTicketRegistry.*(..))"/> <aop:pointcut id="ticketRegistryLockingOperations" expression="execution(* org.jasig.cas.ticket.registry.support.JpaLockingStrategy.*(..))"/> <aop:pointcut id="centralAuthenticationServiceOperations" expression="execution(* org.jasig.cas.CentralAuthenticationService.*(..))"/> <aop:advisor advice-ref="txRegistryAdvice" pointcut-ref="ticketRegistryOperations"/> <aop:advisor advice-ref="txRegistryLockingAdvice" pointcut-ref="ticketRegistryLockingOperations"/> <aop:advisor advice-ref="txRegistryAdvice" pointcut-ref="centralAuthenticationServiceOperations"/> </aop:config> <!--Quartz --> <!-- TICKET REGISTRY CLEANER --> <bean id="cleanerLock" class="org.jasig.cas.ticket.registry.support.JpaLockingStrategy" p:uniqueId="${host.name}" p:applicationId="cas-ticket-registry-cleaner" /> <bean id="ticketRegistryCleaner" class="org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner" c:centralAuthenticationService-ref="centralAuthenticationService" c:ticketRegistry-ref="ticketRegistry" p:lock-ref="cleanerLock"/> <bean id="jobDetailTicketRegistryCleaner" class="org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean" p:targetObject-ref="ticketRegistryCleaner" p:targetMethod="clean"/> <bean id="triggerJobDetailTicketRegistryCleaner" class="org.springframework.scheduling.quartz.SimpleTriggerFactoryBean" p:jobDetail-ref="jobDetailTicketRegistryCleaner" p:startDelay="20000" p:repeatInterval="5000000"/> ``` Nginx.conf配置文件: ``` upstream cas { server 10.0.0.8:8082 weight=1; server 10.0.0.8:8083 weight=1; } server { listen 8080; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { #proxy_redirect off; proxy_set_header Host $host; proxy_set_header Referer $http_referer; proxy_set_header Cookie $http_cookie; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://cas; } ``` 两个tomcat使用memcached-session-manager实现session共享: ``` <Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager" memcachedNodes="n1:localhost:11211" sticky="false" sessionBackupAsync="false" lockingMode="auto" requestUriIgnorePattern=".*\.(ico|png|gif|jpg|css|js)$" transcoderFactoryClass="de.javakaffee.web.msm.serializer.kryo.KryoTranscoderFactory" /> ``` 客户端SpringMVC项目web.xml文件: ``` <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://h4:8080/cas</param-value> </init-param> </filter> <!-- 该过滤器负责用户的认证工作,必须启用它 --> <filter> <filter-name>CASFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <!-- 下面的URL是Cas服务器的登录地址 --> <param-value>http://h4:8080/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8888</param-value> </init-param> </filter> <!-- 该过滤器负责对Ticket的校验工作,必须启用它 --> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <!-- 下面的URL是Cas服务器的认证地址 --> <param-value>http://h4:8080/cas</param-value><!-- /login --> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8888</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>useSession</param-name> <param-value>true</param-value> </init-param> <!--<init-param>--> <!--<param-name>renew</param-name>--> <!--<param-value>false</param-value>--> <!--</init-param>--> <!--<init-param>--> <!--<param-name>gateway</param-name>--> <!--<param-value>false</param-value>--> <!--</init-param>--> </filter> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 比如AssertionHolder.getAssertion().getPrincipal().getName()。 --> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter> <filter-name>CasForInvokeContextFilter</filter-name> <filter-class>javacommon.filter.LoginFilter</filter-class> </filter> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> ``` 客户端项目退出时报错: 2016-10-18 10:58:35,558 ERROR [org.springframework.transaction.interceptor.TransactionInterceptor] - Application exception overridden by commit exception INVALID_TICKET at org.jasig.cas.CentralAuthenticationServiceImpl.getTicket(CentralAuthenticationServiceImpl.java:520) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
spring security cas单点登录拒绝访问
[b]cas服务端和cas客户端都已经配合,访问cas服务端可以登录,访问客户端应用资源的时候出现拒绝访问问题,但是[color=red]能成功跳转到cas服务端的login页面,输入账号密码后控制台打印显示出服务端登录成功,但是关于客户端的打印出现拒绝访问异常,而且httpSession不为null但是里面没值[/color][/b]。 初次使用spring security和cas望多多指教. 异常信息: [color=red][b]首次登录直接出现拒绝访问,但是却能跳转到cas 登录页面,[/b][/color] [quote] 信息: Server startup in 21955 ms 2012-6-6 11:51:31 org.apache.catalina.core.ApplicationContext log 信息: HTMLManager: init: Associated with Deployer 'Catalina:type=Deployer,host=localhost' 2012-6-6 11:51:31 org.apache.catalina.core.ApplicationContext log 信息: HTMLManager: init: Global resources are available 2012-6-6 11:51:31 org.apache.catalina.core.ApplicationContext log 信息: HTMLManager: list: Listing contexts for virtual host 'localhost' 2012-06-06 11:51:32,593 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Beginning ticket cleanup.> 2012-06-06 11:51:32,593 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <0 tickets found to be removed.> 2012-06-06 11:51:32,593 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Finished ticket cleanup.> 11:51:33,906 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 11:51:33,921 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:127 - No HttpSession currently exists 11:51:33,921 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:85 - No SecurityContext was available from the HttpSession: null. A new one will be created. 11:51:33,921 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter' 11:51:33,921 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 3 of 12 in additional filter chain; firing Filter: 'CasAuthenticationFilter' 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:311 - serviceTicketRequest = false 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:362 - proxyReceptorConfigured = false 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:349 - proxyReceptorRequest = false 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:327 - proxyTicketRequest = false 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:262 - requiresAuthentication = false 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 11:51:33,937 DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter' 11:51:33,937 DEBUG org.springframework.security.web.session.SessionManagementFilter:91 - Requested session IDFED78FFF2BDBC0647461CBFA29AB9B23 is invalid. 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 11:51:33,937 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor:193 - Secure object: FilterInvocation: URL: /index.jsp; Attributes: [ROLE_USER] 11:51:33,937 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor:298 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS 11:51:33,937 DEBUG org.springframework.security.access.vote.AffirmativeBased:65 - Voter: org.springframework.security.access.vote.RoleVoter@13e02ed, returned: -1 11:51:33,953 DEBUG org.springframework.security.access.vote.AffirmativeBased:65 - Voter: org.springframework.security.access.vote.AuthenticatedVoter@322394, returned: 0 11:51:33,968 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter:165 - Access is denied (user is anonymous); redirecting to authentication entry point org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:205) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:877) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:594) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1675) at java.lang.Thread.run(Thread.java:662) 11:51:33,984 DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache:41 - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/Cas_Client/] 11:51:33,984 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter:185 - Calling Authentication entry point. 11:51:33,984 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:269 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 11:51:34,015 DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed 2012-06-06 11:51:34,921 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies to: /casServer/> [/quote] [color=red][b]跳转到登录页面后输入账号密码出现cas服务端的信息正常,但是关于cas客户端的和上面的异常一样:[/b][/color] 打印信息: [quote] 2012-06-06 12:03:21,625 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.> 2012-06-06 12:03:21,625 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 0 services.> start[1338955402531] time[603] tag[QueryDatabaseAuthenticationHandler] 2012-06-06 12:03:23,125 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler successfully authenticated the user which provided the following credentials: [username: wucht]> 2012-06-06 12:03:23,234 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <Resolved principal wucht> 2012-06-06 12:03:23,234 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <Principal found: wucht> 2012-06-06 12:03:23,250 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [username: wucht] WHAT: supplied credentials: [username: wucht] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Wed Jun 06 12:03:23 CST 2012 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2012-06-06 12:03:23,250 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [username: wucht] WHAT: TGT-1-0WNh4MDLT57myMG77eF54B9ix5oQP0OItPnVBGDZBYac9Bj42E-casServer ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Wed Jun 06 12:03:23 CST 2012 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2012-06-06 12:03:23,265 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-1-eOK4CG7zd7cApkahlva9-casServer] for service [http://localhost:8080/Cas_Client/j_acegi_cas_security_check] for user [wucht]> 2012-06-06 12:03:23,265 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: wucht WHAT: ST-1-eOK4CG7zd7cApkahlva9-casServer for http://localhost:8080/Cas_Client/j_acegi_cas_security_check ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Wed Jun 06 12:03:23 CST 2012 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 12:03:23,296 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:139 - HttpSession returned null object for SPRING_SECURITY_CONTEXT 12:03:23,296 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:85 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@1ef3d12. A new one will be created. 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 3 of 12 in additional filter chain; firing Filter: 'CasAuthenticationFilter' 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:311 - serviceTicketRequest = false 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:362 - proxyReceptorConfigured = false 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:349 - proxyReceptorRequest = false 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:327 - proxyTicketRequest = false 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:262 - requiresAuthentication = false 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 12:03:23,296 DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest:309 - pathInfo: both null (property equals) 12:03:23,296 DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest:317 - queryString: arg1=null; arg2=ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer (property not equals) 12:03:23,296 DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache:75 - saved request doesn't match 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 12:03:23,296 DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fa86552: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd148a: RemoteIpAddress: 127.0.0.1; SessionId: 659060E504E41E2F28CF873803A07F81; Granted Authorities: ROLE_ANONYMOUS' 12:03:23,312 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter' 12:03:23,312 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 12:03:23,312 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 12:03:23,312 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor:193 - Secure object: FilterInvocation: URL: /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer; Attributes: [ROLE_USER] 12:03:23,312 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor:298 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6fa86552: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd148a: RemoteIpAddress: 127.0.0.1; SessionId: 659060E504E41E2F28CF873803A07F81; Granted Authorities: ROLE_ANONYMOUS 12:03:23,312 DEBUG org.springframework.security.access.vote.AffirmativeBased:65 - Voter: org.springframework.security.access.vote.RoleVoter@13e02ed, returned: -1 12:03:23,312 DEBUG org.springframework.security.access.vote.AffirmativeBased:65 - Voter: org.springframework.security.access.vote.AuthenticatedVoter@322394, returned: 0 12:03:23,312 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter:165 - Access is denied (user is anonymous); redirecting to authentication entry point org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:205) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:877) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:594) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1675) at java.lang.Thread.run(Thread.java:662) 12:03:23,312 DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache:41 - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/Cas_Client/j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer] 12:03:23,312 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter:185 - Calling Authentication entry point. 12:03:23,312 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:269 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 12:03:23,343 DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed [/quote] [b]cas服务端配置:[/b] cas.properties [quote] #server.prefix=http://localhost:8080/cas #server.prefix=http://cas.wucht.com:8080/casServer server.prefix=http://localhost:8080/casServer cas.securityContext.serviceProperties.service=${server.prefix}/j_acegi_cas_security_check # Names of roles allowed to access the CAS service manager cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${server.prefix}/login cas.securityContext.ticketValidator.casServerUrlPrefix=${server.prefix} cas.themeResolver.defaultThemeName=cas-theme-default #cas.themeResolver.defaultThemeName=default cas.viewResolver.basename=default_views #host.name=cas host.name=casServer #database.hibernate.dialect=org.hibernate.dialect.OracleDialect database.hibernate.dialect=org.hibernate.dialect.MySQLDialect #database.hibernate.dialect=org.hibernate.dialect.HSQLDialect [/quote] deployerConfigContext.xml [quote] <?xml version="1.0" encoding="UTF-8"?> <!-- | deployerConfigContext.xml centralizes into one file some of the declarative configuration that | all CAS deployers will need to modify. | | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment. | The beans declared in this file are instantiated at context initialization time by the Spring | ContextLoaderListener declared in web.xml. It finds this file because this | file is among those declared in the context parameter "contextConfigLocation". | | By far the most common change you will need to make in this file is to change the last bean | declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with | one implementing your approach for authenticating usernames and passwords. +--> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:sec="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <!-- | This bean declares our AuthenticationManager. The CentralAuthenticationService service bean | declared in applicationContext.xml picks up this AuthenticationManager by reference to its id, | "authenticationManager". Most deployers will be able to use the default AuthenticationManager | implementation and so do not need to change the class of this bean. We include the whole | AuthenticationManager here in the userConfigContext.xml so that you can see the things you will | need to change in context. +--> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <!-- | This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate. | The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which | supports the presented credentials. | | AuthenticationManagerImpl uses these resolvers for two purposes. First, it uses them to identify the Principal | attempting to authenticate to CAS /login . In the default configuration, it is the DefaultCredentialsToPrincipalResolver | that fills this role. If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are | using. | | Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket. | In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose. | You will need to change this list if you are identifying services by something more or other than their callback URL. +--> <property name="credentialsToPrincipalResolvers"> <list> <!-- | UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login | by default and produces SimplePrincipal instances conveying the username from the credentials. | | If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also | need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the | Credentials you are using. +--> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"> <!--增加此属性,为认证过的用户的Principal添加属性--> <property name="attributeRepository" ref="attributeRepository"></property> </bean> <!-- | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials. It supports the CAS 2.0 approach of | authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a | SimpleService identified by that callback URL. | | If you are representing services by something more or other than an HTTPS URL whereat they are able to | receive a proxy callback, you will need to change this bean declaration (or add additional declarations). +--> <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> </list> </property> <!-- | Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate, | AuthenticationHandlers actually authenticate credentials. Here we declare the AuthenticationHandlers that | authenticate the Principals that the CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn | until it finds one that both supports the Credentials presented and succeeds in authenticating. +--> <property name="authenticationHandlers"> <list> <!-- | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating | a server side SSL certificate. +--> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <!-- | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your | local authentication strategy. You might accomplish this by coding a new such handler and declaring | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules. +--> <!-- <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> --> <!-- 数据库认证.wucht--> <bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"> <property name="dataSource" ref="dataSource" /> <property name="sql" value="select password from users where name=?" /> </bean> </list> </property> </bean> <!-- DATABASE 增加数据源配置 --> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property> <property name="url"><value>jdbc:mysql://localhost:3306/mysql?useUnicode=true&amp;characterEncoding=utf-8</value></property> <property name="username"><value>root</value></property> <property name="password"><value>root</value></property> </bean> <!-- This bean defines the security roles for the Services Management application. Simple deployments can use the in-memory version. More robust deployments will want to use another option, such as the Jdbc version. The name of this should remain "userDetailsService" in order for Spring Security to find it. --> <!-- <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />--> <sec:user-service id="userDetailsService"> <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" /> </sec:user-service> <!-- Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation may go against a database or LDAP server. The id should remain "attributeRepository" though. --> <!-- <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"> <property name="backingMap"> <map> <entry key="uid" value="uid" /> <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> <entry key="groupMembership" value="groupMembership" /> </map> </property> </bean> --> <!-- 使用SingleRowJdbcPersonAttributeDao 获取更多用户的信息 --> <bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao"> <constructor-arg index="0" ref="dataSource"/> <constructor-arg index="1" value="select role_name from role where login_name = ?"/> <!--这里的key需写username,value对应数据库用户名字段 --> <property name="queryAttributeMapping"> <map> <entry key="username" value="login_name"/> </map> </property> <!--key对应数据库字段,value对应客户端获取参数 --> <!-- 返回数据认证后的数据 --> <property name="resultAttributeMapping"> <map> <!--这个从数据库中获取的角色,用于在应用中security的权限验证--> <entry key="role_name" value="authorities"/> </map> </property> </bean> <!-- Sample, in-memory data store for the ServiceRegistry. A real implementation would probably want to replace this with the JPA-backed ServiceRegistry DAO The name of this bean should remain "serviceRegistryDao". --> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> <!-- <property name="registeredServices"> <list> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="0" /> <property name="name" value="HTTP" /> <property name="description" value="Only Allows HTTP Urls" /> <property name="serviceId" value="http://**" /> <property name="evaluationOrder" value="10000001" /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="1" /> <property name="name" value="HTTPS" /> <property name="description" value="Only Allows HTTPS Urls" /> <property name="serviceId" value="https://**" /> <property name="evaluationOrder" value="10000002" /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="2" /> <property name="name" value="IMAPS" /> <property name="description" value="Only Allows HTTPS Urls" /> <property name="serviceId" value="imaps://**" /> <property name="evaluationOrder" value="10000003" /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="3" /> <property name="name" value="IMAP" /> <property name="description" value="Only Allows IMAP Urls" /> <property name="serviceId" value="imap://**" /> <property name="evaluationOrder" value="10000004" /> </bean> </list> </property> --> </bean> <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> </beans> [/quote] [b]spring的配置代码如下:[/b][code="ruby"] <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd" default-lazy-init="true"> <!-- entry-point-ref="casEntryPoint"作用是认证的入口,是一个实现AuthenticationEntryPoint接口的类 ,为ExceptionTranslationFilter类提供认证依据, <custom-filter position="FORM_LOGIN_FILTER" ref="casFilter"/> 使用自定义的Filter,放置在过滤器链的FORM_LOGIN_FILTER的位置 casEntryPoint只是提供认证入口的作用,当没有权限,将跳转到该地址。 casFilter是处理CAS service ticket的,当无权访问时,会使用casEntryPoint提供认证入口 --> <http auto-config="true" entry-point-ref="casEntryPoint" access-denied-page="/403.jsp"> <intercept-url pattern="/**" access="ROLE_USER" /> <!-- ROLE_ADMIN--> <!-- logout-success-url="/login.html" --> <!-- 注销时需要先注销应用程序,再注销cas中心认证服务 --> <logout logout-url="/logout.html" success-handler-ref="casLogoutSuccessHandler" /> <custom-filter position="CAS_FILTER" ref="casFilter" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider ref="casAuthenticationProvider" /> </authentication-manager> <!-- cas中心认证服务入口 --> <beans:bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"> <beans:property name="loginUrl" value="http://localhost:8080/casServer/login" /> <beans:property name="serviceProperties" ref="serviceProperties" /> </beans:bean> <!-- cas中心认证服务配置 --> <beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"> <beans:property name="service" value="http://localhost:8080/Cas_Client/j_acegi_cas_security_check" /> <beans:property name="sendRenew" value="false" /> </beans:bean> <!-- CAS service ticket(中心认证服务凭据)验证 --> <beans:bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"> <beans:property name="authenticationManager" ref="authenticationManager" /> <!-- <beans:property name="authenticationFailureHandler">--> <!-- <beans:bean--> <!-- class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">--> <!-- <beans:property name="defaultFailureUrl"--> <!-- value="/logout.html" />--> <!-- </beans:bean>--> <!-- </beans:property>--> <!-- 登录成功后的页面,如果是固定的。否则 ref="authenticationSuccessHandler" --> <!-- <beans:property name="authenticationSuccessHandler">--> <!-- <beans:bean--> <!-- class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">--> <!-- <beans:property name="defaultTargetUrl"--> <!-- value="/index.jsp" />--> <!-- </beans:bean>--> <!-- </beans:property>--> </beans:bean> <!-- 从Cas Server得到用户信息 --> <beans:bean id="authenticationUserDetailsService" class="org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService"> <beans:constructor-arg> <beans:array> <beans:value>authorities</beans:value> </beans:array> </beans:constructor-arg> </beans:bean> <beans:bean id="userDetailsService" class="com.reportstart.security.service.impl.BocUserDetaislServiceImpl"> <!-- <beans:property name="userDao">--> <!-- <beans:ref bean="userDao" />--> <!-- </beans:property>--> </beans:bean> <!-- <beans:bean id="authenticationUserDetailsService"--> <!-- class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">--> <!-- <beans:property name="userDetailsService">--> <!-- <beans:ref local="userDetailsService" />--> <!-- </beans:property>--> <!-- </beans:bean>--> <beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> <!-- 使用自定义service获取用户信息 --> <!-- <beans:property name="authenticationUserDetailsService"--> <!-- ref="casAuthenticationUserDetailsService" />--> <!-- 通过Cas Server获取用户信息 --> <beans:property name="authenticationUserDetailsService" ref="authenticationUserDetailsService" /> <beans:property name="serviceProperties" ref="serviceProperties" /> <beans:property name="ticketValidator"> <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <beans:constructor-arg index="0" value="http://localhost:8080/casServer" /> </beans:bean> </beans:property> <!-- 自定义cas客户端应用标示.wucht.2012-6-4(每个cas客户端都需要一个key标示用于区分不同cas客户端) --> <beans:property name="key" value="Cas_Client" /> </beans:bean> <!-- 注销 --> <beans:bean id="casLogoutSuccessHandler" class="com.wucht.test.CasLogoutSuccessHandler"> </beans:bean> </beans:beans>[/code]
CAS单点登录如何集成非Java工程的客户端?
需求:公司有若干老系统,想弄个平台,个人在平台上登录后,就可以互访在他的平台上所有的公司系统(那若干老系统中他有权限的系统) 让我实现,我的想法是运用SSO单点登录的CAS, 实现思路:开发一个工程(就叫“平台”),登录"平台"后,进入页面,页面展示若干老系统图标,每一个图标就对应一个公司系统;另外解压开下载的”cas-server-3.5.2-release"包,改造为我的CAS服务器,如下图: ![图片说明](https://img-ask.csdn.net/upload/201606/17/1466131852_665257.jpg) “平台”和上面老系统 就都是CAS客户端,在CAS客户端配上拦截器,修改登录方式,权限认证之类的,然后就实现了单点登录 现在问题:公司老系统很多,(非重点:而且希望尽量少在老系统中修改代码,希望有套标准来修改各个老系统)老系统很多不是Java工程,如何去实现? 不是Java工程意味着拦截器都不能用了啊,而且能通过rest服务,去判断是否需要认证,是否认证通过吗?请教详细解说
使用yale cas做sso的问题
这段时间在试用下cas做下身份人证发现了个奇怪的问题,在此提出来下,希望知道的同学给解答一下,感激不尽! 证书我已经生成了,证书的cn是localhost,并且tomcat的ssl已经配置好了,证书也导入到jdk了,我访问客户端,如(http://localhost:8080/myapp/test),第一次由于还没有通过cas的身份认证,所以会重定向到(https://localhost:8443/cas/login?service=http%3A%2F%2Flocalhost%3A8080%2Fmyapp%2Ftest)进行身份认证,我输入正确的用户和密码之后,认证成功,返回的地址是(http://localhost:8080/myapp/test?ticket=ST-1-ydkGooyveb6vnb3TLYnm),到此,貌似是正确的.奇怪的是,当我把http://localhost:8080/myapp/test?ticket=ST-1-ydkGooyveb6vnb3TLYnm这个地址拷贝下来,再打开一个浏览器访问http://localhost:8080/myapp/test?ticket=ST-1-ydkGooyveb6vnb3TLYnm的时候,就报错: [myapp] 21:32:38.937 [http-8080-1] ERROR edu.yale.its.tp.cas.client.CASReceipt - validation of [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/proxyValidate] ticket=[ST-1-ydkGooyveb6vnb3TLYnm] service=[http%3A%2F%2Flocalhost%3A8080%2Fmyapp%2Ftest] errorCode=[INVALID_TICKET] errorMessage=[???????? 'ST-1-ydkGooyveb6vnb3TLYnm'??] renew=false entireResponse=[<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationFailure code='INVALID_TICKET'> ???????? 'ST-1-ydkGooyveb6vnb3TLYnm'?? </cas:authenticationFailure> </cas:serviceResponse> ]]]] was not successful. [myapp] 21:32:38.937 [http-8080-1] ERROR edu.yale.its.tp.cas.client.filter.CASFilter - edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/proxyValidate] ticket=[ST-1-ydkGooyveb6vnb3TLYnm] service=[http%3A%2F%2Flocalhost%3A8080%2Fmyapp%2Ftest] errorCode=[INVALID_TICKET] errorMessage=[???????? 'ST-1-ydkGooyveb6vnb3TLYnm'??] renew=false entireResponse=[<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationFailure code='INVALID_TICKET'> ???????? 'ST-1-ydkGooyveb6vnb3TLYnm'?? </cas:authenticationFailure> </cas:serviceResponse> ]]]] 2009-7-5 21:32:38 org.apache.catalina.core.StandardWrapperValve invoke 严重: Servlet.service() for servlet default threw exception edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/proxyValidate] ticket=[ST-1-ydkGooyveb6vnb3TLYnm] service=[http%3A%2F%2Flocalhost%3A8080%2Fmyapp%2Ftest] errorCode=[INVALID_TICKET] errorMessage=[???????? 'ST-1-ydkGooyveb6vnb3TLYnm'??] renew=false entireResponse=[<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationFailure code='INVALID_TICKET'> ???????? 'ST-1-ydkGooyveb6vnb3TLYnm'?? </cas:authenticationFailure> </cas:serviceResponse> ]]]] at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:62) at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455) at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) 我实在是找不出原因来了,请各位同学帮忙了!
CAS 跨域的问题
[color=red]麻烦各位了,有以下问题:[/color] CAS 是通过 TGT(Ticket Granting Ticket) 来获取 ST(Service Ticket) ,通过 ST 来访问服务。网上说配置好后。 CAS是基于agent的。一次完整的sso过程为 1.用户第一次打开系统A的页面 2.系统A发现当前用户没有登录 3.系统将登录过程委托给本地的agent,比如CAS的java client或者web client 4.本地agent将页面转向给sso系统,并且生成一个随机的token 5.用户在sso系统上输入账号密码,登录成功 6.sso系统调用系统A上agent的一个url,将账号信息加密发送回A 7.该agent通过生成的token解密账号信息,传送到系统A内部。 8.系统A接收到该账号随后进行授权操作。 如果用户打开系统B页面,而该系统也运行同一个SSO的agent,那么过程同上面类似,只是跳过第5步。这时用户浏览器都是处于SSO系统所在域,所以可以直接将以前用户的账号信息发回。 ------------------------------ [color=red]不是很明白,用户先访问A后,再本地访问访问B的时候,系统B收到什么信息可以确认改用户访问过A!系统A与系统B的域名不一样,不会是cookie,那是什么?在网上看了看,下面一段[/color] 上图是一个最基础的 CAS 协议, CAS Client 以 Filter 方式保护 Web 应用的受保护资源,过滤从客户端过来的每一个 Web 请求,同时, CAS Client 会分析 HTTP 请求中是否包请求 Service Ticket( 上图中的 Ticket) ,如果没有,则说明该用户是没有经过认证的,于是, CAS Client 会重定向用户请求到 CAS Server ( Step 2 )。 Step 3 是用户认证过程,如果用户提供了正确的 Credentials , CAS Server 会产生一个随机的 Service Ticket ,然后,缓存该 Ticket ,并且重定向用户到 CAS Client (附带刚才产生的 Service Ticket ), Service Ticket 是不可以伪造的,最后, Step 5 和 Step6 是 CAS Client 和 CAS Server 之间完成了一个对用户的身份核实,用 Ticket 查到 Username ,因为 Ticket 是 CAS Server 产生的,因此,所以 CAS Server 的判断是毋庸置疑的。 ----------------- [color=red]CAS Client 会分析 HTTP 请求中是否包请求 Service Ticket,这个st 是怎么放到http请求中去的?网上那些例子好像直接输入一个url,不带参数的,也有单点登录效果。[/color] [b]问题补充:[/b] 7.原理剖析 Yale CAS使用了Ticket Granting Cookie (简称TGC)去作为获取Service Ticket(简称ST)的凭据,这个TGC 是保存在客户端的cookie,即当第2次被其他CAS Client重定向的时候,CAS Server实际上已经从用户的Cookie中抓取到TGC,然后知道TGC对应的用户,因此避免了再次登录,如果CAS Server抓取不到TGC,则用户需要登陆。 众所周知,cookie是不能跨域的。但是CAS能够做abc.com和xyz.com的sso,因为CAS Server缓存了所有的ticket,所以Client无需共享cookies。 ------------------ 是不是这个CAS server 也可以通过http访问的 应用场景是不是这样 :一个应用 是 domain1.com一个应用是domain2.com cas server 的 域名 是 domain.com ,所有对 domain1和domain2 的请求都会转发到domain.com,没有登录的话,在domain.com登陆,设置的cookie TGC的域是doamin.com,以后所有对domain1和domain2的请求都会转发到domain.com,也就是CAS server ,这个时候便可以获得这个cookie TGC进行验证。 是不是这样? [b]问题补充:[/b] 呵呵 谢谢 我先前不清楚的地方就是 我觉得先登录A后,再进入B时候,必须携带一个标志,才能证明这个用户先前已经登陆了,而A 与B的域不同,进入B的时候不能拿到cookie的,原来都会转发到一个统一的域拿到这个cookie,也就是标志,而这个cookie也是通过cas server进行设置的,cas server是可以通过http访问的,所以可以在浏览器下设置这个cookie。当然也可以在登录完后在A ,B各自的域设置cookie。 那这种模式,我也可以自己实现 ,不用cas了?? 好像配置cas的时候有什么key的 是用来干什么的,加密信息吗?加密什么信息?谢谢 我没有配置过,之前在做一个单点登录的时候碰到问题就百度到了 cas 呵呵
cas + shiro 的问题 求大神解救~!!
我的项目地址为localhost:8090/admin cas-server地址为 localhost:8080/cas 登入后localhost:8090/admin后网页出现 localhost 将您重定向的次数过多的提示。 然后浏览器地址栏上面显示 http://localhost:8090/admin/shiro-cas/?ticket=ST-138-v4C4tODiTvNFVmXwNCKz-cas01.example.org 然后我看后台 提示 WHO: kkk WHAT: ST-136-WIcLSycjM9JasRLpionF-cas01.example.org for http://localhost:8090/admin/shiro-cas/ ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Wed Feb 27 21:32:34 CST 2019 CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1 SERVER IP ADDRESS: 0:0:0:0:0:0:0:1 ============================================================= > 2019-02-27 21:32:34,357 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-137-1neSWAn4taN2zY4Efgzd-cas01.example.org] for service [http://localhost:8090/admin/shiro-cas/] for user [kkk]> 2019-02-27 21:32:34,357 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: kkk WHAT: ST-137-1neSWAn4taN2zY4Efgzd-cas01.example.org for http://localhost:8090/admin/shiro-cas/ ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Wed Feb 27 21:32:34 CST 2019 CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1 SERVER IP ADDRESS: 0:0:0:0:0:0:0:1 ============================================================= > 2019-02-27 21:32:34,362 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-138-v4C4tODiTvNFVmXwNCKz-cas01.example.org] for service [http://localhost:8090/admin/shiro-cas/] for user [kkk]> 2019-02-27 21:32:34,362 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: kkk WHAT: ST-138-v4C4tODiTvNFVmXwNCKz-cas01.example.org for http://localhost:8090/admin/shiro-cas/ ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Wed Feb 27 21:32:34 CST 2019 CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1 SERVER IP ADDRESS: 0:0:0:0:0:0:0:1 ============================================================= > 貌似一直在创建票根,好像没有验证,这个怎么解决啊 求大神~!! 以下是我的shiro配置 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd" default-lazy-init="true"> <description>Shiro安全配置</description> <!-- Shiro Filter --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="http://localhost:8080/cas/login?service=http://localhost:8090/admin/shiro-cas/"/> <property name="successUrl" value="/" /> <property name="filters"> <map> <!-- 添加casFilter到shiroFilter --> <entry key="casFilter" value-ref="casFilter" /> <entry key="logout" value-ref="logout" /> </map> </property> <property name="filterChainDefinitions"> <value> <!-- 默认可以访问的 或者登陆可以访问的资源 --> /shiro-cas=casFilter /static/**= anon /manage=anon /getCode=anon /home=anon /error/**=anon /rest/**=anon /ssoReport/**=anon /logincheck=anon /logout = logout <!-- 日志文件查看 --> /logs/**=user <!-- 过滤条件 --> /**=authc </value> </property> </bean> <bean id="casFilter" class="org.apache.shiro.cas.CasFilter"> <!-- 配置验证错误时的失败页面 ,这里配置为登录页面 --> <property name="failureUrl" value="http://localhost:8080/cas/login?service=http://localhost:8090/admin/index/" /> </bean> <!-- 退出登录过滤器 --> <bean id="logout" class="org.apache.shiro.web.filter.authc.LogoutFilter"> <property name="redirectUrl" value="http://localhost:8080/cas/logout?service=http://localhost:8090/admin/index/" /> </bean> <bean id="casRealm" class="com.admin.shiro.ShiroDbRealm"> <!-- <property name="defaultRoles" value="ROLE_USER" /> --> <!-- 配置cas服务器地址 --> <property name="casServerUrlPrefix" value="http://localhost:8080/cas/" /> <!-- 客户端的回调地址设置,必须和上面的shiro-cas过滤器casFilter拦截的地址一致 --> <property name="casService" value="http://localhost:8090/admin/shiro-cas/" /> <!-- <property name="credentialsMatcher"> <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="md5"/> <property name="hashIterations" value="1"/> <property name="storedCredentialsHexEncoded" value="true"/> </bean> </property> --> </bean> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManagerConfigFile" value="classpath:security/ehcache-shiro.xml" /> </bean> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="casRealm" /> <property name="subjectFactory" ref="casSubjectFactory" /> <property name="cacheManager" ref="cacheManager" /> <property name="sessionManager" ref="shiroSessionManager" /> </bean> <!-- 如果要实现cas的remember me的功能,需要用到下面这个bean,并设置到securityManager的subjectFactory中 --> <bean id="casSubjectFactory" class="org.apache.shiro.cas.CasSubjectFactory" /> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager" /> <property name="arguments" ref="securityManager" /> </bean> <bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"> </bean> <bean id="shiroSessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> <property name="sessionDAO" ref="sessionDAO" /> <property name="sessionValidationInterval" value="10800000" /> <!-- 相隔多久检查一次session的有效性 --> <property name="globalSessionTimeout" value="10800000" /> <!-- session 有效时间为三个小时 (毫秒单位) --> <property name="sessionIdCookie.name" value="jsid" /> </bean> </beans>
130 个相见恨晚的超实用网站,一次性分享出来
相见恨晚的超实用网站 持续更新中。。。
Java学习的正确打开方式
在博主认为,对于入门级学习java的最佳学习方法莫过于视频+博客+书籍+总结,前三者博主将淋漓尽致地挥毫于这篇博客文章中,至于总结在于个人,实际上越到后面你会发现学习的最好方式就是阅读参考官方文档其次就是国内的书籍,博客次之,这又是一个层次了,这里暂时不提后面再谈。博主将为各位入门java保驾护航,各位只管冲鸭!!!上天是公平的,只要不辜负时间,时间自然不会辜负你。 何谓学习?博主所理解的学习,它是一个过程,是一个不断累积、不断沉淀、不断总结、善于传达自己的个人见解以及乐于分享的过程。
程序员必须掌握的核心算法有哪些?
由于我之前一直强调数据结构以及算法学习的重要性,所以就有一些读者经常问我,数据结构与算法应该要学习到哪个程度呢?,说实话,这个问题我不知道要怎么回答你,主要取决于你想学习到哪些程度,不过针对这个问题,我稍微总结一下我学过的算法知识点,以及我觉得值得学习的算法。这些算法与数据结构的学习大多数是零散的,并没有一本把他们全部覆盖的书籍。下面是我觉得值得学习的一些算法以及数据结构,当然,我也会整理一些看过...
写了很久,这是一份最适合/贴切普通大众/科班/非科班的『学习路线』
说实话,对于学习路线这种文章我一般是不写的,大家看我的文章也知道,我是很少写建议别人怎么样怎么样的文章,更多的是,写自己的真实经历,然后供大家去参考,这样子,我内心也比较踏实,也不怕误导他人。 但是,最近好多人问我学习路线,而且很多大一大二的,说自己很迷茫,看到我那篇 普普通通,我的三年大学 之后很受激励,觉得自己也能行,(是的,别太浪,你一定能行)希望我能给他个学习路线,说...
计算机专业的书普遍都这么贵,你们都是怎么获取资源的?
介绍几个可以下载编程电子书籍的网站。 1.Github Github上编程书资源很多,你可以根据类型和语言去搜索。推荐几个热门的: free-programming-books-zh_CN:58K 星的GitHub,编程语言、WEB、函数、大数据、操作系统、在线课程、数据库相关书籍应有尽有,共有几百本。 Go语言高级编程:涵盖CGO,Go汇编语言,RPC实现,Protobuf插件实现,Web框架实...
小白学 Python 爬虫(25):爬取股票信息
人生苦短,我用 Python 前文传送门: 小白学 Python 爬虫(1):开篇 小白学 Python 爬虫(2):前置准备(一)基本类库的安装 小白学 Python 爬虫(3):前置准备(二)Linux基础入门 小白学 Python 爬虫(4):前置准备(三)Docker基础入门 小白学 Python 爬虫(5):前置准备(四)数据库基础 小白学 Python 爬虫(6):前置准备(...
4岁小女孩给Linux内核贡献提交
今天在reddit上看到一个有趣的讨论,一个4岁的小女孩给Linux提交了一个补丁,并且这个补丁合并到了代码中。链接如下:https://www.reddit.com/r/linux/c...
卸载 x 雷某度!GitHub 标星 1.5w+,从此我只用这款全能高速下载工具!
作者 | Rocky0429 来源 | Python空间 大家好,我是 Rocky0429,一个喜欢在网上收集各种资源的蒟蒻… 网上资源眼花缭乱,下载的方式也同样千奇百怪,比如 BT 下载,磁力链接,网盘资源等等等等,下个资源可真不容易,不一样的方式要用不同的下载软件,因此某比较有名的 x 雷和某度网盘成了我经常使用的工具。 作为一个没有钱的穷鬼,某度网盘几十 kb 的下载速度让我...
2019年还剩1天,我从外包公司离职了
这日子过的可真快啊,2019年还剩1天,外包公司干了不到3个月,我离职了
我一个37岁的程序员朋友
周末了,人一旦没有点事情干,心里就瞎想,而且跟几个老男人坐在一起,更容易瞎想,我自己现在也是 30 岁了,也是无时无刻在担心自己的职业生涯,担心丢掉工作没有收入,担心身体机能下降,担心突...
一名大专同学的四个问题
【前言】   收到一封来信,赶上各种事情拖了几日,利用今天要放下工作的时机,做个回复。   2020年到了,就以这一封信,作为开年标志吧。 【正文】   您好,我是一名现在有很多困惑的大二学生。有一些问题想要向您请教。   先说一下我的基本情况,高考失利,不想复读,来到广州一所大专读计算机应用技术专业。学校是偏艺术类的,计算机专业没有实验室更不用说工作室了。而且学校的学风也不好。但我很想在计算机领...
计算机电子书 2019 归档
2017 运营技能成长地图 Gitee 下载 Github 下载 SourceForge 下载 5 分钟商学院精细笔记 000_185 Gitee 下载 Github 下载 SourceForge 下载 A Comprehensive Guide to Machine Learning (UCB CS189) Gitee 下载 Github 下载 SourceForge 下载 Algo...
复习一周,京东+百度一面,不小心都拿了Offer
京东和百度一面都问了啥,面试官百般刁难,可惜我全会。
Java 14 都快来了,为什么还有这么多人固守Java 8?
从Java 9开始,Java版本的发布就让人眼花缭乱了。每隔6个月,都会冒出一个新版本出来,Java 10 , Java 11, Java 12, Java 13, 到2020年3月份,...
轻松搭建基于 SpringBoot + Vue 的 Web 商城应用
首先介绍下在本文出现的几个比较重要的概念: 函数计算(Function Compute): 函数计算是一个事件驱动的服务,通过函数计算,用户无需管理服务器等运行情况,只需编写代码并上传。函数计算准备计算资源,并以弹性伸缩的方式运行用户代码,而用户只需根据实际代码运行所消耗的资源进行付费。Fun: Fun 是一个用于支持 Serverless 应用部署的工具,能帮助您便捷地管理函数计算、API ...
Python+OpenCV实时图像处理
目录 1、导入库文件 2、设计GUI 3、调用摄像头 4、实时图像处理 4.1、阈值二值化 4.2、边缘检测 4.3、轮廓检测 4.4、高斯滤波 4.5、色彩转换 4.6、调节对比度 5、退出系统 初学OpenCV图像处理的小伙伴肯定对什么高斯函数、滤波处理、阈值二值化等特性非常头疼,这里给各位分享一个小项目,可通过摄像头实时动态查看各类图像处理的特点,也可对各位调参、测试...
2020年一线城市程序员工资大调查
人才需求 一线城市共发布岗位38115个,招聘120827人。 其中 beijing 22805 guangzhou 25081 shanghai 39614 shenzhen 33327 工资分布 2020年中国一线城市程序员的平均工资为16285元,工资中位数为14583元,其中95%的人的工资位于5000到20000元之间。 和往年数据比较: yea...
为什么猝死的都是程序员,基本上不见产品经理猝死呢?
相信大家时不时听到程序员猝死的消息,但是基本上听不到产品经理猝死的消息,这是为什么呢? 我们先百度搜一下:程序员猝死,出现将近700多万条搜索结果: 搜索一下:产品经理猝死,只有400万条的搜索结果,从搜索结果数量上来看,程序员猝死的搜索结果就比产品经理猝死的搜索结果高了一倍,而且从下图可以看到,首页里面的五条搜索结果,其实只有两条才是符合条件。 所以程序员猝死的概率真的比产品经理大,并不是错...
害怕面试被问HashMap?这一篇就搞定了!
声明:本文以jdk1.8为主! 搞定HashMap 作为一个Java从业者,面试的时候肯定会被问到过HashMap,因为对于HashMap来说,可以说是Java集合中的精髓了,如果你觉得自己对它掌握的还不够好,我想今天这篇文章会非常适合你,至少,看了今天这篇文章,以后不怕面试被问HashMap了 其实在我学习HashMap的过程中,我个人觉得HashMap还是挺复杂的,如果真的想把它搞得明明白...
毕业5年,我问遍了身边的大佬,总结了他们的学习方法
我问了身边10个大佬,总结了他们的学习方法,原来成功都是有迹可循的。
推荐10个堪称神器的学习网站
每天都会收到很多读者的私信,问我:“二哥,有什么推荐的学习网站吗?最近很浮躁,手头的一些网站都看烦了,想看看二哥这里有什么新鲜货。” 今天一早做了个恶梦,梦到被老板辞退了。虽然说在我们公司,只有我辞退老板的份,没有老板辞退我这一说,但是还是被吓得 4 点多都起来了。(主要是因为我掌握着公司所有的核心源码,哈哈哈) 既然 4 点多起来,就得好好利用起来。于是我就挑选了 10 个堪称神器的学习网站,推...
这些软件太强了,Windows必装!尤其程序员!
Windows可谓是大多数人的生产力工具,集娱乐办公于一体,虽然在程序员这个群体中都说苹果是信仰,但是大部分不都是从Windows过来的,而且现在依然有很多的程序员用Windows。 所以,今天我就把我私藏的Windows必装的软件分享给大家,如果有一个你没有用过甚至没有听过,那你就赚了????,这可都是提升你幸福感的高效率生产力工具哦! 走起!???? NO、1 ScreenToGif 屏幕,摄像头和白板...
(总结)阿里面试问了ArrayList,都问了啥?
我是真的没想到,面试官会这样问我ArrayList。
曾经优秀的人,怎么就突然不优秀了。
职场上有很多辛酸事,很多合伙人出局的故事,很多技术骨干被裁员的故事。说来模板都类似,曾经是名校毕业,曾经是优秀员工,曾经被领导表扬,曾经业绩突出,然而突然有一天,因为种种原因,被裁员了,...
大学四年因为知道了这32个网站,我成了别人眼中的大神!
依稀记得,毕业那天,我们导员发给我毕业证的时候对我说“你可是咱们系的风云人物啊”,哎呀,别提当时多开心啦????,嗯,我们导员是所有导员中最帅的一个,真的???? 不过,导员说的是实话,很多人都叫我大神的,为啥,因为我知道这32个网站啊,你说强不强????,这次是绝对的干货,看好啦,走起来! PS:每个网站都是学计算机混互联网必须知道的,真的牛杯,我就不过多介绍了,大家自行探索,觉得没用的,尽管留言吐槽吧???? 社...
Linux命令使用汇总
修改下载源 sudo cp /etc/apt/sources.list /etc/apt/sources.list.backup #备份当前也就是默认官方的源列表 sudo gedit /etc/apt/sources.list #修改sources.list文件中源的列表,删除全部内容,替换为国内源地址。 保存编辑好的文件。 sudo apt-get update #更新源列表,换源后必须执...
良心推荐,我珍藏的一些Chrome插件
上次搬家的时候,发了一个朋友圈,附带的照片中不小心暴露了自己的 Chrome 浏览器插件之多,于是就有小伙伴评论说分享一下我觉得还不错的浏览器插件。 我下面就把我日常工作和学习中经常用到的一些 Chrome 浏览器插件分享给大家,随便一个都能提高你的“生活品质”和工作效率。 Markdown Here Markdown Here 可以让你更愉快的写邮件,由于支持 Markdown 直接转电子邮...
【程序人生】程序员接私活常用平台汇总
00. 目录 文章目录00. 目录01. 前言02. 程序员客栈03. 码市04. 猪八戒网05. 开源众包06. 智城外包网07. 实现网08. 猿急送09. 人人开发10. 开发邦11. 电鸭社区12. 快码13. 英选14. Upwork15. Freelancer16. Dribbble17. Remoteok18. Toptal19. AngelList20. Topcoder21. ...
看完这篇HTTP,跟面试官扯皮就没问题了
我是一名程序员,我的主要编程语言是 Java,我更是一名 Web 开发人员,所以我必须要了解 HTTP,所以本篇文章就来带你从 HTTP 入门到进阶,看完让你有一种恍然大悟、醍醐灌顶的感觉。 最初在有网络之前,我们的电脑都是单机的,单机系统是孤立的,我还记得 05 年前那会儿家里有个电脑,想打电脑游戏还得两个人在一个电脑上玩儿,及其不方便。我就想为什么家里人不让上网,我的同学 xxx 家里有网,每...
史上最全的IDEA快捷键总结
现在Idea成了主流开发工具,这篇博客对其使用的快捷键做了总结,希望对大家的开发工作有所帮助。
阿里程序员写了一个新手都写不出的低级bug,被骂惨了。
这种新手都不会范的错,居然被一个工作好几年的小伙子写出来,差点被当场开除了。
谁是华为扫地僧?
是的,华为也有扫地僧!2020年2月11-12日,“养在深闺人不知”的华为2012实验室扫地僧们,将在华为开发者大会2020(Cloud)上,和大家见面。到时,你可以和扫地僧们,吃一个洋...
这是一份集合一线大厂Android工程师必备技能体系+学习路线!
一份学习路线图,非常赞,推荐给大家。 目录 Java基础 Java Object类方法 HashMap原理,Hash冲突,并发集合,线程安全集合及实现原理 HashMap 和 HashTable 区别 HashCode 作用,如何重载hashCode方法 ArrayList与LinkList区别与联系 GC机制 Java反射机制,Java代理模式 Java泛型 S...
AI 没让人类失业,搞 AI 的人先失业了
最近和几个 AI 领域的大佬闲聊 根据他们讲的消息和段子 改编出下面这个故事 如有雷同 都是巧合 1. 老王创业失败,被限制高消费 “这里写我跑路的消息实在太夸张了。” 王葱葱哼笑一下,把消息分享给群里。 阿杰也看了消息,笑了笑。在座几位也都笑了。 王葱葱是个有名的人物,21岁那年以全额奖学金进入 KMU 攻读人工智能博士,累计发表论文 40 余篇,个人技术博客更是成为深度学习领域内风向标。 ...
2020年,冯唐49岁:我给20、30岁IT职场年轻人的建议
点击“技术领导力”关注∆每天早上8:30推送 作者|Mr.K 编辑| Emma 来源|技术领导力(ID:jishulingdaoli) 前天的推文《冯唐:职场人35岁以后,方法论比经验重要》,收到了不少读者的反馈,觉得挺受启发。其实,冯唐写了不少关于职场方面的文章,都挺不错的。可惜大家只记住了“春风十里不如你”、“如何避免成为油腻腻的中年人”等不那么正经的文章。 本文整理了冯...
tomcat部署项目的三种方式
文章目录一、直接将项目放在webapps目录下二、修改conf下的server.xml文件三、在conf\Catalina\localhost创建一个XML文件(推荐) 一、直接将项目放在webapps目录下 简化部署:在一些情况下,项目比较大,copy时间较长,可以将项目打包成后缀名为.war的形式后放入webapps中,当想要拿掉项目时只需要删除.war文件就可以了。 缺点:需要拷贝,不灵活...
作为一名大学生,如何在B站上快乐的学习?
B站是个宝,谁用谁知道???? 作为一名大学生,你必须掌握的一项能力就是自学能力,很多看起来很牛X的人,你可以了解下,人家私底下一定是花大量的时间自学的,你可能会说,我也想学习啊,可是嘞,该学习啥嘞,不怕告诉你,互联网时代,最不缺的就是学习资源,最宝贵的是啥? 你可能会说是时间,不,不是时间,而是你的注意力,懂了吧! 那么,你说学习资源多,我咋不知道,那今天我就告诉你一个你必须知道的学习的地方,人称...
那些年,我们信了课本里的那些鬼话
教材永远都是有错误的,从小学到大学,我们不断的学习了很多错误知识。 斑羚飞渡 在我们学习的很多小学课文里,有很多是错误文章,或者说是假课文。像《斑羚飞渡》: 随着镰刀头羊的那声吼叫,整个斑羚群迅速分成两拨,老年斑羚为一拨,年轻斑羚为一拨。 就在这时,我看见,从那拨老斑羚里走出一只公斑羚来。公斑羚朝那拨年轻斑羚示意性地咩了一声,一只半大的斑羚应声走了出来。一老一少走到伤心崖,后退了几步,突...
一个程序在计算机中是如何运行的?超级干货!!!
强烈声明:本文很干,请自备茶水!???? 开门见山,咱不说废话! 你有没有想过,你写的程序,是如何在计算机中运行的吗?比如我们搞Java的,肯定写过这段代码 public class HelloWorld { public static void main(String[] args) { System.out.println("Hello World!"); } ...
那个在阿里养猪的工程师,5年了……
简介: 在阿里,走过1825天,没有趴下,依旧斗志满满,被称为“五年陈”。他们会被授予一枚戒指,过程就叫做“授戒仪式”。今天,咱们听听阿里的那些“五年陈”们的故事。 下一个五年,猪圈见! 我就是那个在养猪场里敲代码的工程师,一年多前我和20位工程师去了四川的猪场,出发前总架构师慷慨激昂的说:同学们,中国的养猪产业将因为我们而改变。但到了猪场,发现根本不是那么回事:要个WIFI,没有;...
立即提问