问题
i am building SSO application with CAS. in spring client, no attributes came with CasAssertionAuthenticationToken
.
there are lots of samples on net, they seems to have no problem with this ( is something obvious missing?)
for cas server, its all default configuration except i changed registered service default to make sure that is not the problem. this part look like this:
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="1"/>
<property name="name" value="HTTP and IMAP"/>
<property name="description" value="Allows HTTP(S) and IMAP(S)"/>
<property name="serviceId" value="^(https?|imaps?)://.*"/>
<property name="evaluationOrder" value="0"/>
<property name="ignoreAttributes" value="true"/>
<property name="attributeFilter">
<bean class="org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter"/>
</property>
</bean>
when debugging results there are 3 predefined attributes that are going to get released!!
in the spring, the server response when verifying ticket is like this:
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>casuser</cas:user>
</cas:authenticationSuccess>
</cas:serviceResponse>
it contains no attributes at all. can not figure out what is missing. considering cas config is almost default configurations, this is my spring config (i used spring boot for configuring client):
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class Security extends WebSecurityConfigurerAdapter {
@Bean
public ServiceProperties serviceProperties() {
ServiceProperties prop = new ServiceProperties();
prop.setService("http://localhost:8180/j_spring_cas_security_check");
prop.setSendRenew(true);
return prop;
}
@Bean
public AuthenticationProvider casAuthenticationProvider() {
CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
casAuthenticationProvider.setAuthenticationUserDetailsService(authenticationUserDetailsService());
casAuthenticationProvider.setServiceProperties(serviceProperties());
casAuthenticationProvider.setTicketValidator(ticketValidator());
casAuthenticationProvider.setKey("test_app_key");
return casAuthenticationProvider;
}
@Bean
public AuthenticationUserDetailsService<CasAssertionAuthenticationToken> authenticationUserDetailsService() {
return new TestCasAuthenticationUserDetailsService();
}
@Bean
public TicketValidator ticketValidator() {
return new Cas20ServiceTicketValidator("https://localhost:8443/cas");
}
@Bean
public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
casAuthenticationEntryPoint.setLoginUrl("https://localhost:8443/cas/login");
casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
return casAuthenticationEntryPoint;
}
@Bean
public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
casAuthenticationFilter.setAuthenticationManager(authenticationManager());
return casAuthenticationFilter;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilter(casAuthenticationFilter());
http
.exceptionHandling()
.authenticationEntryPoint(casAuthenticationEntryPoint());
http.authorizeRequests()
.anyRequest().authenticated();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.authenticationProvider(casAuthenticationProvider());
}
}
can anyone tell me what is that obvious part that i am missing?
回答1:
wow. I can not believe it.
All this time for just a p3!!!
The TicketValidator
url must end with /p3
so that it use cas 3.0 protocol and return values. This is the change:
@Bean
public TicketValidator ticketValidator() {
return new Cas20ServiceTicketValidator("https://localhost:8443/cas/p3");
}
The documentation could be a bit more clear about it (Now that i know the answer it seems really obvious though). Hope this can help someone who need to config spring security with cas.
来源:https://stackoverflow.com/questions/29744496/cas-no-attributes-come-to-client