0
다음 구성을 사용하면 다른 응용 프로그램에서 작동하는 CAS 서버로 리디렉션 루프가 발생합니다. 내가 로그인 할 수있어 그 결과 URL은 다음과 같습니다CAS 스프링 보안을 사용한 리디렉션 루프 받기
http://localhost:18080/ourapp/app/j_spring_cas_security_check?ticket=ST-18-CQMfGMeDPcXkdKGjosfj-localsso.subdomain.mycompany.com
의 ApplicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- Enable security, let the casAuthenticationEntryPoint handle all intercepted
urls. The CAS_FILTER needs to be in the right position within the filter
chain. -->
<security:http entry-point-ref="casEntryPoint" use-expressions="true" auto-config="false">
<!--<security:intercept-url pattern="/**" access="permitAll"/> -->
<security:anonymous username="guest" granted-authority="isAnonymous()"/>
<security:intercept-url pattern="/app/resources/**" access="hasAnyRole('ROLE_ANONYMOUS', 'cm_user')"/>
<security:intercept-url pattern="/app/**" access="hasRole('cm_user')"/>
<security:custom-filter position="CAS_FILTER" ref="casFilter"/>
<security:session-management>
<security:concurrency-control max-sessions="5" error-if-maximum-exceeded="true"/>
</security:session-management>
</security:http>
<!-- Required for the casProcessingFilter, so define it explicitly set and
specify an Id Even though the authenticationManager is created by default
when namespace based config is used. -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="casAuthenticationProvider"/>
</security:authentication-manager>
<!-- This section is used to configure CAS. The service is the actual redirect
that will be triggered after the CAS login sequence. -->
<bean id="serviceProperties"
class="org.springframework.security.cas.ServiceProperties"
p:service="http://localhost:18080/ourapp/app/j_spring_cas_security_check"
p:sendRenew="false"/>
<!-- The CAS filter handles the redirect from the CAS server and starts
the ticket validation. -->
<bean id="casFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<!-- The entryPoint intercepts all the CAS authentication requests. It redirects
to the CAS loginUrl for the CAS login page. -->
<bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"
p:serviceProperties-ref="serviceProperties"
p:loginUrl="https://devmcauth01.nexus.mycompany.com:5443/login"/>
<!-- Handles the CAS ticket processing. -->
<bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"/>
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="https://devmcauth01.nexus.mycompany.com:5443" />
</bean>
</property>
<property name="key" value="cas"/>
</bean>
<bean id="permissionConversionService"
class="com.mycompany.connmgmt.misc.security.PermissionConversionServiceImpl"/>
<bean id="userDetailsService"
class="com.mycompany.connmgmt.misc.security.CmUserDetailsService">
<property name="userRepository" ref="userRepository"/>
<property name="permissionConversionService" ref="permissionConversionService"/>
</bean>
<bean id="accessDecisionManager"
class="org.springframework.security.access.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions">
<value>false</value>
</property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter"/>
</list>
</property>
</bean>
<bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter">
<property name="rolePrefix" value=""/>
</bean>
<bean id="loggerListener"
class="org.springframework.security.access.event.LoggerListener"/>
<!-- Enable JSR250 annotations, disable Spring Security annotations for now -->
<security:global-method-security secured-annotations="disabled"
jsr250-annotations="enabled"
access-decision-manager-ref="accessDecisionManager"/>
web.xml을
HTTP ://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd " version =" 2.4 ">이 관련된 오류는 다른 문제입니다
<display-name>Our App</display-name>
<filter>
<filter-name>OpenPersistenceManagerInViewFilter</filter-name>
<filter-class>
org.springframework.orm.jdo.support.OpenPersistenceManagerInViewFilter
</filter-class>
<init-param>
<param-name>persistenceManagerFactoryBeanName</param-name>
<param-value>internalPersistenceManagerFactory</param-value>
</init-param>
</filter>
<filter>
<filter-name>dsmProdOpenPersistenceManagerInViewFilter</filter-name>
<filter-class>
org.springframework.orm.jdo.support.OpenPersistenceManagerInViewFilter
</filter-class>
<init-param>
<param-name>persistenceManagerFactoryBeanName</param-name>
<param-value>dsmProdInternalPersistenceManagerFactory</param-value>
</init-param>
</filter>
<filter>
<filter-name>dsmTestOpenPersistenceManagerInViewFilter</filter-name>
<filter-class>
org.springframework.orm.jdo.support.OpenPersistenceManagerInViewFilter
</filter-class>
<init-param>
<param-name>persistenceManagerFactoryBeanName</param-name>
<param-value>dsmTestInternalPersistenceManagerFactory</param-value>
</init-param>
</filter>
<filter>
<filter-name>onboarderOpenPersistenceManagerInViewFilter</filter-name>
<filter-class>
org.springframework.orm.jdo.support.OpenPersistenceManagerInViewFilter
</filter-class>
<init-param>
<param-name>persistenceManagerFactoryBeanName</param-name>
<param-value>onboarderInternalPersistenceManagerFactory</param-value>
</init-param>
</filter>
<filter>
<filter-name>OpenEntityManagerInViewFilter</filter-name>
<filter-class>
org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter
</filter-class>
<init-param>
<param-name>entityManagerFactoryBeanName</param-name>
<param-value>orgDataDir_EntityManagerFactory</param-value>
</init-param>
</filter>
<!--
Route all requests through Spring Security for A&A
-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<!--
There are three means to configure Wickets configuration mode and they are
tested in the order given.
1) A system property: -Dwicket.configuration
2) servlet specific <init-param>
3) context specific <context-param>
The value might be either "development" (reloading when templates change)
or "deployment". If no configuration is found, "development" is the default.
-->
<filter>
<filter-name>wicket</filter-name>
<filter-class>
org.apache.wicket.protocol.http.WicketFilter
</filter-class>
<init-param>
<param-name>applicationFactoryClassName</param-name>
<param-value>
org.apache.wicket.spring.SpringWebApplicationFactory
</param-value>
</init-param>
</filter>
<!-- The SpringWebApplicationFactory will need access to a Spring Application context, configured like this... -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/applicationSecurityContext.xml
classpath:/applicationContext.xml
classpath:/orgDataDir-config.xml
classpath:/dsm-prod-spring-jdo-config.xml
classpath:/dsm-test-spring-jdo-config.xml
classpath:/dsm-prod-beans.xml
classpath:/dsm-test-beans.xml
classpath:/exchange-config.xml
classpath:/reporting.xml
classpath:/profile-conversion.xml
classpath:/com/mycompany/connmgmt/integration/jms/jms-client.xml
classpath:/com/mycompany/connmgmt/integration/jms/test-jms-client.xml
classpath:/com/mycompany/connmgmt/integration/jms/jms-consumers.xml
classpath:/com/mycompany/connmgmt/integration/jms/jms-producers.xml
classpath*:/com/mycompany/core/odd/odd-applicationContext.xml
classpath:/task-support.xml
</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- Support for session- and request-scoped beans -->
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener
</listener-class>
</listener>
<!--
Listen for Session events and publish for Spring Security's consumption
-->
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>
<filter-mapping>
<filter-name>OpenPersistenceManagerInViewFilter</filter-name>
<url-pattern>/app/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>dsmProdOpenPersistenceManagerInViewFilter</filter-name>
<url-pattern>/app/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>dsmTestOpenPersistenceManagerInViewFilter</filter-name>
<url-pattern>/app/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>onboarderOpenPersistenceManagerInViewFilter</filter-name>
<url-pattern>/app/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>OpenEntityManagerInViewFilter</filter-name>
<url-pattern>/app/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/app/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>wicket</filter-name>
<url-pattern>/app/*</url-pattern>
</filter-mapping>
<session-config>
<!-- 10 hours [TRAC-83] -->
<session-timeout>600</session-timeout>
</session-config>
</web-app>
참고 : 이는 봄/CAS 워드 프로세서 또는 예를 들어 응용 프로그램 당 요구하지 않아야 사전 인증 필터, 제안 : How to prevent JA-SIG CAS spring security redirect loop?
가이것은 j_spring_cas_security_check가 CasAuthenticationFilter에 의해 보호되고 URL을 아래에있을 필요가 있음을 언급 : Redirect loop with CAS and Spring Security
이 내가 가지고있는 사용자 정보 서비스가 필요하다고 언급 : Redirect loop with Grails Spring Security CAS plugin