Tomcat中CAS Client + Spring 的設定

這幾天終於搞定了, CAS Client + Spring 的認證機制…
結果, 原來與Spring Security 的差異僅在於 web.xml 以及 securityContext.xml
 
web.xml  加入以下設定:
 <context-param>
  <param-name>contextConfigLocation</param-name>
  <param-value>/WEB-INF/applicationContext.xml</param-value>
 </context-param>
 <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>
P.S. 一個詭異的地方….springSecurityFilterChain 名稱不能變耶….好神奇唷!!…
 
 securityContext.xml 
就把下面這個貼出去就對了啦!!….XD
 
 <sec:http entry-point-ref="casProcessingFilterEntryPoint">
        <sec:intercept-url pattern="/index.jsp" filters="none" />
        <sec:intercept-url pattern="/protect/**" access="ROLE_SUPERVISOR"/>
        <sec:intercept-url pattern="/protect/**" access="IS_AUTHENTICATED_REMEMBERED" />
        <sec:concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
        <sec:logout logout-url="https://localhost:8443/cas/logout" logout-success-url="/loggedout.html" />
 </sec:http>
 <sec:authentication-manager alias="casAuthenticationManager"/>
 
 <bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties"
        p:service="https://localhost:8443/cas-client1/j_acegi_cas_security_check"
        p:sendRenew="false" />
     
 <bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter"
       p:authenticationManager-ref="casAuthenticationManager"
       p:authenticationFailureUrl="/authorizationFailure.jsp"
       p:alwaysUseDefaultTargetUrl="true"
       p:filterProcessesUrl="/j_acegi_cas_security_check"
       p:defaultTargetUrl="/intranet/home.jsp">
       <sec:custom-filter after="CAS_PROCESSING_FILTER" />
 </bean>
 <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint"
       p:loginUrl="https://localhost:8443/cas/login"
       p:serviceProperties-ref="serviceProperties" />
 <bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider"
       p:key="my_password_for_this_auth_provider_only"
       p:serviceProperties-ref="serviceProperties"
       p:userDetailsService-ref="userDetailsService">
     <sec:custom-authentication-provider />
     <property name="ticketValidator">
       <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
         <constructor-arg index="0" value="https://localhost:8443/cas" />
         </bean>
     </property>
 </bean>
    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" destroy-method="close">
        <property name="driverClassName" value="com.mysql.jdbc.Driver" />
        <property name="url" value="jdbc:mysql://127.0.0.1:3306/usertable" />
        <property name="username" value="username" />
        <property name="password" value="password" />
    </bean>
 <bean id="userDetailsService" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
        <property name="dataSource" ref="dataSource"/>
        <property name="usersByUsernameQuery" value="SELECT username, password, status  FROM users WHERE username = ?" />
        <property name="authoritiesByUsernameQuery" value="SELECT username, role FROM roles WHERE username = ?" />
    </bean>
 <!–
 <bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
     <property name="userMap">
         <value>
         username=password,ROLE_ADMIN
         </value>
     </property>
 </bean>
 –>
</beans> 
 
廣告

About fenjj

Perfect !!??...
本篇發表於 Uncategorized。將永久鏈結加入書籤。

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com Logo

您的留言將使用 WordPress.com 帳號。 登出 / 變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 / 變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 / 變更 )

Google+ photo

您的留言將使用 Google+ 帳號。 登出 / 變更 )

連結到 %s