How to prevent JA-SIG CAS spring security redirect loop?

不想你离开。 提交于 2019-12-23 02:17:10

问题


I'm using grails with spring security and the JA-SIG CAS spring security plugin.

One way I get this problem is when I have logged into the CAS server and I restart my application.

Another way is if I log into another application via the same CAS server and then when I access my application then spring reports me as being logged out. If I try and go to a secured page then the login controller sends the browser into the same redirect loop.

I can observer a stream of get requests to the cas server which is redirecting back to the application.

Basically the problem is that spring security isn't aware that I've already logged in to the CAS server, so bounces back to CAS server which says I'm logged in and bounces back to the app

I'm also using the single sign out. One workaround is to force a renew login when the application thinks someone is not logged in but it's not really a satisfactory solution.


回答1:


Basically the problem is that spring security isn't aware that I've already logged in to the CAS server, so bounces back to CAS server which says I'm logged in and bounces back to the app

Check PreAuthentication docs. You'd have to implement a pre-auth-filter to let Spring know of an external authentication.



来源:https://stackoverflow.com/questions/8360405/how-to-prevent-ja-sig-cas-spring-security-redirect-loop

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!