2. 질의 응답
  3. 스프링 보안 CAS를 통한 인증이지만 데이터베이스 사용 권한 부여

스프링 보안 CAS를 통한 인증이지만 데이터베이스 사용 권한 부여

2013-10-23 1 views
0

CAS에 대해 이미 인증을 관리했습니다. 하지만 잃어버린 DB에 대한 역할을 승인하도록 조정하고 싶습니다.스프링 보안 CAS를 통한 인증이지만 데이터베이스 사용 권한 부여

실용적인 예제가 도움이 될 것입니다.

Security.xml

<?xml version="1.0" encoding="UTF-8"?> 
<bean:beans xmlns:bean="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns="http://www.springframework.org/schema/security" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd 
     http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 

    <http pattern="/resources/**" security="none"/> 
    <http use-expressions="true" entry-point-ref="casEntryPoint"> 
     <intercept-url pattern="/" 
       access="permitAll"/> 
     <intercept-url pattern="/login/*" 
       access="permitAll"/> 
     <intercept-url pattern="/logout" 
       access="permitAll"/> 
     <intercept-url pattern="/errors/**" 
       access="permitAll"/> 
     <intercept-url pattern="/events/" 
       access="hasRole('ROLE_ADMIN')"/> 
     <intercept-url pattern="/admin/**" 
       access="hasRole('ROLE_ADMIN')"/> 
     <intercept-url pattern="/**" 
       access="hasRole('ROLE_USER')"/> 
     <access-denied-handler error-page="/errors/403"/> 

     <custom-filter ref="casFilter" position="CAS_FILTER"/> 

     <logout logout-url="/logout" 
       logout-success-url="/login/form?logout"/> 
    </http> 
    <authentication-manager alias="authenticationManager"> 
     <authentication-provider ref="casAuthProvider" /> 
    </authentication-manager> 
    <user-service id="userDetailsService"> 
     <user name="[email protected]" 
       password="user1" 
       authorities="ROLE_USER"/> 
     <user name="[email protected]" 
       password="admin1" 
       authorities="ROLE_USER,ROLE_ADMIN"/> 
     <user name="ifridman" 
       password="idan" 
       authorities="ROLE_USER,ROLE_ADMIN"/> 
    </user-service> 
</bean:beans>

보안-cas.xml :

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:context="http://www.springframework.org/schema/context" 
    xmlns:util="http://www.springframework.org/schema/util" 
    xmlns:task="http://www.springframework.org/schema/task" 
    xsi:schemaLocation="http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.1.xsd 
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 
    http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd 
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd"> 

    <bean id="serviceProperties" 
      class="org.springframework.security.cas.ServiceProperties"> 
     <property name="service" 
       value="http://${cas.service.host}/calendar/login"/> 
    </bean> 
    <!-- 
     Allows changing where the CAS Server and CAS Service are easily 
     by specifying System Arguments or replacing the values only in one place. 
     Could also use external properties file --> 
    <context:property-placeholder 
      system-properties-mode="OVERRIDE" properties-ref="environment"/> 
    <util:properties id="environment"> 
     <prop key="cas.service.host">192.168.108.195:8080</prop> 
     <prop key="cas.server.host">192.168.2.101:8443</prop> 
    </util:properties> 

    <!-- sends to the CAS Server, must be in entry-point-ref of security.xml --> 
    <bean id="casEntryPoint" 
     class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"> 
     <property name="serviceProperties" ref="serviceProperties"/> 
     <property name="loginUrl" value="http://${cas.server.host}/cas/login" /> 
    </bean> 

    <!-- authenticates CAS tickets, must be in custom-filter of security.xml --> 
    <bean id="casFilter" 
     class="org.springframework.security.cas.web.CasAuthenticationFilter"> 
     <property name="authenticationManager" ref="authenticationManager"/> 
     <property name="filterProcessesUrl" value="/login"/> 
    </bean> 

    <bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> 
     <property name="ticketValidator" ref="ticketValidator"/> 
     <property name="serviceProperties" ref="serviceProperties"/> 
     <property name="key" value="casJbcpCalendar"/> 
     <property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/> 
    </bean> 

    <bean id="ticketValidator" class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"> 
     <constructor-arg value="http://${cas.server.host}/cas" /> 
    </bean> 
    <bean id="authenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper"> 
     <constructor-arg ref="userDetailsService" /> 
    </bean> 
</beans>

덕분에, 레이 내 현재 구성을 이잖아.

출처

2013-10-23 rayman

답변

-1

UserDetailsService를 구현하고 자체 인증 논리를 관리하여 관리 할 수있었습니다.

출처

2013-10-24 14:14:34 rayman

관련 문제

 관련 문제