Part I:
bean
public class SecurityConfig extends WebSecurityConfigurerAdapter { // ... }
1. Service Ticket Authentication
I: sso
1) serviceProperties
org.springframework.security.cas.ServiceProperties
2) CAS authentication process
(1) casFilter
org.springframework.security.cas.web.CasAuthenticationFilter
override
(1) constructor
Assign a value
(2) config
authenticationProvider
(3) authenticationManager
(2) casEntryPoint
org.springframework.security.cas.web.CasAuthenticationEntryPoint
3) casAuthenticationProvider
org.springframework.security.cas.authentication.CasAuthenticationProvider
II: ssl
1) singleLogoutFilter
2. Proxy Ticket Authentication
1) ticketValidator
org.jasig.cas.client.validation.Cas30ProxyTicketValidator
Part II: config
permitAll(不拦截)
authenticated(请求认证)
1. HttpSecurity
1) login
authorizeRequests()
regexMatchers("/secured.*", "/login")
authenticated()
2) other
.authorizeRequests()
.regexMatchers("/")
.permitAll()
3)http basic
.httpBasic()
.authenticationEntryPoint(authenticationEntryPoint);