CAS SSO を Web アプリの 1 つに統合するときに、ここ数日間、リダイレクト ループでつまずいていました。これは、CAS のおかげでログインした直後に発生します
CAS と Web アプリの間で交換されている要求を監視しており、機能しているようです。
問題は、ユーザー権限/トークンの不適切な実装に起因する可能性があると思われます。
これが私のファイルです:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:sec="http://www.springframework.org/schema/security" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">
<bean id="userAuditService" class="net.UserAuditServiceImpl">
<property name="passwordEncoder" ref="passwordEncoder" />
<property name="seedGenerator" ref="seedGenerator" />
<property name="canResetPassword" value="${security.resetPassword.enabled}" />
</bean>
<sec:http entry-point-ref="casEntryPoint">
<sec:intercept-url pattern="/**" access="ROLE_USER"/>
<sec:custom-filter position="CAS_FILTER" ref="casFilter" />
</sec:http>
<bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="http://localhost:8080/cas/login" />
<property name="serviceProperties" ref="serviceProperties" />
</bean>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="http://localhost:8088/myapp/supervision"/>
<property name="sendRenew" value="false"/>
</bean>
<bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationSuccessHandler">
<bean
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler" />
</property>
<property name="filterProcessesUrl" value="http://localhost:8088/myapp/supervision"/>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="casAuthenticationProvider" />
</sec:authentication-manager>
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService">
<bean id="authenticationUserDetailsService" class="net.spAuthenticationUserDetailsService" >
<constructor-arg ref="userAuditService" />
</bean>
</property>
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="http://localhost:8080/cas" />
</bean>
</property>
<property name="key" value="an_id_for_this_auth_provider_only"/>
</bean>
</beans>
私の AuthenticationUserDetailsService クラス:
public class spAuthenticationUserDetailsService implements AuthenticationUserDetailsService {
private final Logger logger = LoggerFactory.getLogger(getClass());
private UserAuditService userAuditService;
public spAuthenticationUserDetailsService(final UserAuditService userAuditService) {
this.userAuditService = userAuditService;
}
@Override
public UserDetails loadUserDetails(Authentication token) throws UsernameNotFoundException {
AuditUser user = userAuditService.findByLogin(token.getName());
logger.info(">> loadUserDetails : user name : " + user.getLogin());
return new UserDetailsAdapter(user);
}
}
私が間違っていることは何ですか?
ありがとう !