1
我正在编写一个应用程序,需要为员工使用CAS认证,并为用户提供用户名/密码表单登录(用于验证数据库表)。带有CAS和表单的弹簧安全登录
这个想法是首页将有一个链接,将他们发送给CAS的员工(“请点击这里,如果你是一名员工”),并在该用户名下面输入密码框&。
我都在单独的测试应用程序中工作 - 基于Spring Security中的示例应用程序 - 但我不清楚如何将两个AuthenticationProviders合并为一个。
当前配置 - 主要来自CAS配置使用表单配置补充说:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!--Set up the url based security features-->
<security:http entry-point-ref="casEntryPoint" use-expressions="true" >
<security:custom-filter position="FORM_LOGIN_FILTER" ref="casFilter" />
<security:logout logout-success-url="${cas.sso}/logout" />
<security:access-denied-handler ref="accessDeniedHandler" />
<!-- Set up the form login -->
<security:form-login login-page="/login.jsp" authentication-failure- url="/login.jsp?login_error=1"/>
</security:http>
<!-- Specify a destinatation for 403 errors raised by the above URL patterns
this is performed as a 'forward' internally -->
<bean id="accessDeniedHandler"
class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
<property name="errorPage" value="/error/403.html"/>
</bean>
<!--Hook in the properties for the CAS-->
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="${cas.service}"/>
<property name="sendRenew" value="true"/>
</bean>
<!--Set up the CAS filter-->
<bean id="casFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureHandler" ref="accessFailureHandler" />
</bean>
<!-- Specify a destinatation for 401 errors raised by casFilter (and UserService) -->
<bean id='accessFailureHandler'
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/error/401.html" />
<property name="useForward" value='true' />
<property name="allowSessionCreation" value="false" />
</bean>
<!--Set up the entry point for CAS-->
<bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="${cas.sso}"/>
<property name="serviceProperties" ref="serviceProperties"/>
<property name="encodeServiceUrlWithSessionId" value="false"/>
</bean>
<!--Setup authentication managers-->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="casAuthenticationProvider"/>
<security:authentication-provider ref="customAuthenticationProvider"/>
</security:authentication-manager>
<!-- Our own user details service, which hooks in to the database -->
<bean id='userService' class='test.security.UserDetailsServiceImpl' />
<!-- Enable annotations -->
<security:global-method-security pre-post-annotations="enabled"/>
<!-- Customise an auth provider with the local specifics-->
<bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="userDetailsService" ref="userService"/>
<property name="serviceProperties" ref="serviceProperties"/>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="${cas.sso}"/>
</bean>
</property>
<property name="key" value="testSSO"/>
</bean>
<!-- Custom auth provider that validates usernames&pwds against DB -->
<bean id="customAuthenticationProvider" class="test.security.CustomAuthenticationProvider" />
</beans>
这给了错误消息:
Filter beans '<casFilter>' and '<org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0>' have the same 'order' value.
我怎样才能把两个过滤器进入连锁?或者是否需要编写自己的过滤器(以某种方式?)知道选择了哪种方法,然后委派相关的特定过滤器?
我是Spring Security的新手,那么有没有更好的方法来完成这一切?
谢谢!