Acegi和cas整合
查看wiki版本的Acegi和cas整合

一、首先配置cas Server
我下载的最新的cas-server-3.3.2,去http://www.acegisecurity.org/downloads.html可下载,这个比较容易配置,建好对应的表,然后配置deployerConfigContext.xml中的

<bean class=
"org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />改为<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
       <property name=
"sql" value="select password from t_user where username=?" />
       <property name=
"dataSource" ref="dataSource" />
</bean>当然如果QueryDatabaseAuthenticationHandler满足不了需求可修改一下或继承AbstractJdbcUsernamePasswordAuthenticationHandler自己重写一个。
二、配置acegi
security.xml包含了acegi和cas所有的配置,代码如下:
<?xml version=
"1.0" encoding="UTF-8"?>
<beans xmlns=
"http://www.springframework.org/schema/beans"
       xmlns:xsi=
"http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation=
"http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"
>

    <!--========================================================================
         认证管理器
    =========================================================================-->

    <bean id=
"authenticationManager" class="org.acegisecurity.providers.ProviderManager">
        <property name=
"providers">
            <list>
                <!-- 替换<ref bean=
"daoAuthenticationProvider" />为(1)  -->
                <ref local=
"casAuthenticationProvider"/><!-- (1) -->
                <ref bean=
"rememberMeAuthenticationProvider" />
            </list>
        </property>
    </bean>
    
    <!-- 新增的cas验证器 -->
    <bean id=
"casAuthenticationProvider" class="org.acegisecurity.providers.cas.CasAuthenticationProvider">
              <property name=
"ticketValidator">
                     <ref bean=
"ticketValidator"/>
              </property>
              <property name=
"casProxyDecider">
                     <ref bean=
"casProxyDecider"/>
              </property>
              <property name=
"statelessTicketCache">
                     <ref bean=
"statelessTicketCache"/>
              </property>
              <property name=
"casAuthoritiesPopulator">
                     <ref bean=
"casAuthritiesPopulator"/>
              </property>
              <property name=
"key">
                     <value>some_unique_key</value>
              </property>
       </bean>
      
        <!-- 新增的票据验证器 -->
       <bean id=
"ticketValidator" class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">
              <property name=
"casValidate">
                     <value>https:
//ssoserver.com:8443/proxyValidate</value>
              </property>
              <!-- <property name=
"proxyCallbackUrl"><value>https://localhost:8443/Spring_Acegi/casProxy/receptor</value></property> -->
              <property name=
"serviceProperties">
                     <ref bean=
"serviceProperties"/>
              </property>
       </bean>
    
         <!-- 新增的cas服务对象属性 -->
       <bean id=
"serviceProperties" class="org.acegisecurity.ui.cas.ServiceProperties">
              <property name=
"service">
                     <value>https:
//localhost:8443/Spring_Acegi/j_acegi_cas_security_check</value>
              </property>  
              <property name=
"sendRenew"><value>false</value></property>
       </bean>
    
     <!-- 新增 -->
       <bean id=
"casProxyDecider" class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets"/>

       <bean id=
"statelessTicketCache" class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache">
              <property name=
"cache">
                     <bean class=
"org.springframework.cache.ehcache.EhCacheFactoryBean">
                            <property name=
"cacheManager">
                                   <bean class=
"org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
                            </property>
                            <property name=
"cacheName" value="userCache"/>
                     </bean>
              </property>
       </bean>
    
     <!-- 新增 -->
       <bean id=
"casAuthritiesPopulator" class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator">
              <property name=
"userDetailsService">
                     <ref bean=
"userDetailsService"/>
              </property>
  </bean>


    <!-- 基于DAO验证的AuthenticationProvider -->
    <bean id=
"daoAuthenticationProvider"
        class=
"org.acegisecurity.providers.dao.DaoAuthenticationProvider">
        <property name=
"userDetailsService" ref="userDetailsService" />
    </bean>

    <bean id=
"rememberMeAuthenticationProvider"
        class=
"org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
        <property name=
"key" value="remember_Me" />
    </bean>

    <!-- 使用内存DAO,实际应用时可用JdbcDao代替
    <bean id=
"userDetailsService"
        class=
"org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
        <property name=
"userMap">
            <value>
                admin=password,enabled,ROLE_ADMIN,ROLE_USER,ROLE_TEST
                test=test,enabled,ROLE_USER
                guest=guest,enabled,ROLE_TEST
            </value>
        </property>
        <property name=
"userProperties">
         <bean class=
"org.springframework.beans.factory.config.PropertiesFactoryBean">
         <property name=
"location" value="/WEB-INF/users.properties"/>
         </bean>
        </property>
    </bean>
    -->
    <bean id=
"userDetailsService"
class=
"org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name=
"dataSource" ref="dataSource" />
<property name=
"usersByUsernameQuery">
<value>
SELECT username,password,1 FROM t_user WHERE status='1'
AND username = ?
</value>
</property>
<property name=
"authoritiesByUsernameQuery">
<value>
SELECT u.username,p.priv_name FROM t_user u,t_user_priv
p WHERE u.user_id =p.user_id AND u.username = ?
</value>
</property>
</bean>

    <!--========================================================================
         决策管理器
    =========================================================================-->

    <bean id=
"accessDecisionManager"
        class=
"org.acegisecurity.vote.AffirmativeBased">
        <property name=
"decisionVoters">
            <list>
                <bean class=
"org.acegisecurity.vote.RoleVoter" />
            </list>
        </property>
        <property name=
"allowIfAllAbstainDecisions" value="false" />
    </bean>

    <!--========================================================================
         过滤器链
    =========================================================================-->

    <bean id=
"filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
        <property name=
"filterInvocationDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,rememberMeFilter,exceptionFilter,securityInterceptor
            </value>
        </property>
    </bean>

    <!-- 从Session中获得用户信息并放入SecurityContextHolder -->
    <bean id="httpSessionContextIntegrationFilter"
        class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />

    <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
        <!-- URL redirected to after logout -->
        <constructor-arg value="/helloWorld.jsp" />
        <constructor-arg>
            <list>
                <ref bean="rememberMeServices" />
                <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
            </list>
        </constructor-arg>
        <property name="filterProcessesUrl" value="/j_logout.do" />
    </bean>

    <!-- 验证用户身份 替换为(2)
    <bean id="authenticationProcessingFilter"
        class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="authenticationFailureUrl" value="/login.jsp?login_error=Login%20failed." />
        <property name="defaultTargetUrl" value="/helloWorld.jsp" />
        <property name="filterProcessesUrl" value="/j_login.do" />
        <property name="rememberMeServices" ref="rememberMeServices" />
    </bean> -->

<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.cas.CasProcessingFilter"><!-- (2) -->
              <property name="authenticationManager" ref="authenticationManager"/>
              <property name="authenticationFailureUrl" value="https://ssoserver.com:8443/login?login_error=Login%20failed."/>
              <property name="defaultTargetUrl" value="/helloWorld.jsp"/>
              <property name="filterProcessesUrl" value="/j_acegi_cas_security_check"/>
              <property name="rememberMeServices" ref="rememberMeServices"/>
</bean>


    <!-- 记住用户登录信息 -->
    <bean id="rememberMeFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="rememberMeServices" ref="rememberMeServices" />
    </bean>

    <!-- 处理登录异常或权限异常的Filter -->
    <bean id="exceptionFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
        <!-- 出现AuthenticationException时的登录入口 -->
        <property name="authenticationEntryPoint">
            <!--<bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">替换为(3)
                <property name="loginFormUrl" value="/login.jsp" />
                <property name="forceHttps" value="false" />
            </bean>-->
            <bean class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint">
                     <property name="loginUrl">
                            <value>https://ssoserver.com:8443/login</value><!-- (3) -->
                     </property>
                     <property name="serviceProperties">
                            <ref bean="serviceProperties"/>
                     </property>
           </bean>
        </property>
        <!-- 出现AccessDeniedException时的Handler -->
        <property name="accessDeniedHandler">
            <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl" />
            <!-- 可?∈粜?: property name="errorPage" value="/denied.html" -->
        </property>
    </bean>

    <!-- 基于URL的安全拦截器 -->
    <bean id="securityInterceptor"
        class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="accessDecisionManager" ref="accessDecisionManager" />
        <property name="objectDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /admin/**=ROLE_ADMIN
                /user/**=ROLE_USER
                /jsp/**=ROLE_TEST
            </value>
        </property>
    </bean>

    <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
        <property name="userDetailsService" ref="userDetailsService" />
        <property name="parameter" value="j_remember_me" />
        <property name="key" value="remember_Me" />
        <property name="tokenValiditySeconds" value="31536000" />
    </bean>

</beans>

参考资料一
参考资料二www.acegisecurity.org/guide/springsecurity.html]参考资料二[/url]2;

</beans>

<a href ="http://blog.csdn.net/hitman9099/archive/2008/07/11/2637658.aspx" target="_blank">参考资料一</a>
<a href ="http://www.acegisecurity.org/guide/springsecurity.html" target="_blank">参考
lunzi   2009-06-12 14:51:08 评论:0   阅读:1870   引用:0

发表评论>>

署名发表(评论可管理,不必输入下面的姓名)

姓名:

主题:

内容: 最少15个,最长1000个字符

认证码: (如不清楚,请刷新)


Copyright@2004-2010 powered by YuLog