http://www.open-open.com/home/space-31167-do-blog-id-4556.html
https://blog.csdn.net/wenzi_li/article/details/83220232
https://sunjiesh.iteye.com/blog/405327
https://blog.csdn.net/pengchua/article/details/3758422
1.下载acegi-security-cas-1.0.3.jar
2.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
- Application context containing authentication, channel
- security and web URI beans.
-
- Only used by "filter" artifact.
-
- $Id: applicationContext-security-acegi.xml,v 1.23 2011/04/07 01:53:42 litingwei Exp $
-->
<beans>
<!-- ======================== FILTER CHAIN ======================= -->
<!-- if you wish to use channel security, add "channelProcessingFilter," in front
of "httpSessionContextIntegrationFilter" in the list belowchannelProcessingFilter, -->
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,captchaValidationProcessingFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,concurrentSessionFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<!-- ======================== AUTHENTICATION ======================= -->
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<!--<ref local="daoAuthenticationProvider"/>-->
<ref local="casAuthenticationProvider"></ref>
<ref local="anonymousAuthenticationProvider"/>
<ref local="rememberMeAuthenticationProvider"/>
</list>
</property>
<property name="sessionController"><ref bean="concurrentSessionController"/></property>
</bean>
<bean id="casAuthenticationProvider" class="org.acegisecurity.providers.cas.CasAuthenticationProvider">
<property name="ticketValidator">
<ref bean="ticketValidator"/>
</property>
<property name="casProxyDecider">
<ref bean="casProxyDecider"/>
</property>
<property name="statelessTicketCache">
<ref bean="statelessTicketCache"/>
</property>
<property name="casAuthoritiesPopulator">
<ref bean="casAuthritiesPopulator"/>
</property>
<property name="key">
<value>my_password_for_this_auth_provider_only</value>
</property>
</bean>
<bean id="ticketValidator" class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">
<property name="casValidate">
<value>http://localhost:8080/cas/proxyValidate</value>
</property>
<property name="serviceProperties">
<ref bean="serviceProperties"/>
</property>
</bean>
<bean id="serviceProperties" class="org.acegisecurity.ui.cas.ServiceProperties">
<property name="service">
<value>http://localhost:8081/MIS_Release20181121/j_acegi_cas_security_check</value>
</property>
</bean>
<bean id="casProxyDecider" class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets"/>
<bean id="statelessTicketCache" class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache">
<property name="cache">
<bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
</property>
<property name="cacheName" value="userCache"/>
</bean>
</property>
</bean>
<bean id="casAuthritiesPopulator" class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator">
<property name="userDetailsService">
<ref bean="jdbcDaoImpl"/>
</property>
</bean>
<bean id="jdbcDaoImpl" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource"><ref bean="dataSource"/></property>
<property name="usersByUsernameQuery">
<value>SELECT COM_NUM,User_Password,User_Validity FROM UserT WHERE COM_NUM=? and User_Validity=1</value>
</property>
<property name="authoritiesByUsernameQuery">
<value>
<!-- SELECT u.COM_NUM,re.RESOURCE_AUTH FROM UserT u,T_USER_ROLE ru,Role r,T_AUTHORITIES au,T_PERMISSION p,T_PERMIS_RESC pr,T_RESOURCES re
WHERE u.User_ID=ru.USER_ID
and ru.ROLE_ID=r.Role_ID
and au.ROLE_ID=r.Role_ID
and p.ID = au.PERMISSION_ID
and p.ID =pr.PSERMIS_ID
and pr.RESOURCE_ID=re.ID
and u.COM_NUM = ?-->
SELECT COM_NUM,RESOURCE FROM T_USER_RESOURCES where COM_NUM=?
</value>
</property>
</bean>
<bean id="passwordEncoder" class="com.dayang.common.util.security.passEncoder.Md5PasswordEncoder"/>
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService"><ref local="jdbcDaoImpl"/></property>
<property name="userCache"><ref local="userCache"/></property>
<property name="passwordEncoder"><ref local="passwordEncoder"/></property>
</bean>
<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
<bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<ref local="cacheManager"/>
</property>
<property name="cacheName">
<value>userCache</value>
</property>
</bean>
<bean id="userCache" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache"><ref local="userCacheBackend"/></property>
</bean>
<!-- Automatically receives AuthenticationEvent messages -->
<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
<bean id="basicProcessingFilter" class="org.acegisecurity.ui.basicauth.BasicProcessingFilter">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
</bean>
<bean id="basicProcessingFilterEntryPoint" class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName"><value>MIS Realm</value></property>
</bean>
<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key"><value>foobar</value></property>
<property name="userAttribute"><value>anonymousUser,AUTH_ANONYMOUS</value></property>
</bean>
<bean id="anonymousAuthenticationProvider" class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key"><value>foobar</value></property>
</bean>
<!--org.acegisecurity.context.HttpSessionContextIntegrationFilter -->
<bean id="httpSessionContextIntegrationFilter" class="com.dayang.common.util.security.HttpSessionContextIntegrationFilter">
<!--add this property is because of a bug in org.acegisecurity.captcha.CaptchaSecurityContextImpl -->
<property name="context"><value>org.acegisecurity.captcha.CaptchaSecurityContextImpl</value></property>
</bean>
<!--org.acegisecurity.ui.rememberme. -->
<bean id="rememberMeProcessingFilter" class="com.dayang.common.util.security.RememberMeProcessingFilter">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="rememberMeServices"><ref local="rememberMeServices"/></property>
<property name="userBO"><ref bean="userBO"/></property>
</bean>
<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService"><ref local="jdbcDaoImpl"/></property>
<property name="key"><value>springRocks</value></property>
</bean>
<bean id="rememberMeAuthenticationProvider" class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key"><value>springRocks</value></property>
</bean>
<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/index.jsp"/>
<constructor-arg>
<list>
<ref bean="rememberMeServices"/>
<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>
<bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
<!-- 可以阻止某个用户名在已经成功登录进web应用的同时再进行一次成功的登录 -->
<bean id="concurrentSessionFilter" class="com.dayang.common.util.security.ConcurrentSessionFilter">
<property name="sessionRegistry">
<ref local="sessionRegistry" />
</property>
<property name="expiredUrl">
<value>/loginAgain.jsp</value>
</property>
</bean>
<bean id="concurrentSessionController" class="org.acegisecurity.concurrent.ConcurrentSessionControllerImpl">
<property name="maximumSessions">
<value>4</value>
</property>
<property name="sessionRegistry">
<ref local="sessionRegistry" />
</property>
<!--<property name="exceptionIfMaximumExceeded" value="true"/>
--></bean>
<bean id="sessionRegistry" class="com.dayang.common.util.security.SessionRegistryImpl" />
<!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== -->
<!-- You will need to uncomment the "Acegi Channel Processing Filter"
<filter-mapping> in web.xml for the following beans to be used -->
<bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter">
<property name="channelDecisionManager"><ref local="channelDecisionManager"/></property>
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/secure/.*\Z=REQUIRES_SECURE_CHANNEL
\A/index.jsp.*\Z=REQUIRES_SECURE_CHANNEL
\A/welcome.action.*\Z=REQUIRES_SECURE_CHANNEL
\A/login.jsp.*\Z=REQUIRES_SECURE_CHANNEL
\A/j_acegi_security_check.*\Z=REQUIRES_SECURE_CHANNEL
\A.*\Z=REQUIRES_INSECURE_CHANNEL
<!-- /index.jsp=REQUIRES_CAPTCHA_ONCE_ABOVE_THRESOLD_REQUESTS
/*.html=REQUIRES_CAPTCHA_ONCE_ABOVE_THRESOLD_REQUESTS
/*.jsp=REQUIRES_CAPTCHA_ONCE_ABOVE_THRESOLD_REQUESTS
/*.html=REQUIRES_CAPTCHA_BELOW_AVERAGE_TIME_IN_MILLIS_REQUESTS
/*.html=REQUIRES_CAPTCHA_AFTER_THRESOLD_IN_MILLIS
/*.html=REQUIRES_CAPTCHA_ABOVE_THRESOLD_REQUESTS
--></value>
</property>
</bean>
<bean id="channelDecisionManager" class="com.dayang.common.util.security.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<!--<ref local="testOnceAfterMaxRequestsCaptchaChannelProcessor"/>
<ref local="alwaysTestAfterTimeInMillisCaptchaChannelProcessor"/>
<ref local="alwaysTestAfterMaxRequestsCaptchaChannelProcessor"/>
<ref local="alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor"/>
--><ref local="secureChannelProcessor"/>
<ref local="insecureChannelProcessor"/>
</list>
</property>
</bean>
<bean id="testOnceAfterMaxRequestsCaptchaChannelProcessor" class="org.acegisecurity.captcha.TestOnceAfterMaxRequestsCaptchaChannelProcessor">
<property name="thresold">
<value>4</value>
</property>
<property name="entryPoint">
<ref bean="captchaEntryPoint" />
</property>
<property name="keyword" value="REQUIRES_CAPTCHA_ONCE_ABOVE_THRESOLD_REQUESTS"></property>
</bean>
<bean id="alwaysTestAfterTimeInMillisCaptchaChannelProcessor"
class="org.acegisecurity.captcha.AlwaysTestAfterTimeInMillisCaptchaChannelProcessor">
<property name="thresold">
<value>5000</value>
</property>
<property name="entryPoint">
<ref bean="captchaEntryPoint" />
</property>
<property name="keyword" value="REQUIRES_CAPTCHA_AFTER_THRESOLD_IN_MILLIS"></property>
</bean>
<bean id="alwaysTestAfterMaxRequestsCaptchaChannelProcessor"
class="org.acegisecurity.captcha.AlwaysTestAfterMaxRequestsCaptchaChannelProcessor">
<property name="thresold">
<value>5</value>
</property>
<property name="entryPoint">
<ref bean="captchaEntryPoint" />
</property>
<property name="keyword" value="REQUIRES_CAPTCHA_ABOVE_THRESOLD_REQUESTS"></property>
</bean>
<bean id="alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor"
class="org.acegisecurity.captcha.AlwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor">
<property name="thresold">
<value>20000</value>
</property>
<property name="entryPoint">
<ref bean="captchaEntryPoint" />
</property>
<property name="keyword" value="REQUIRES_CAPTCHA_BELOW_AVERAGE_TIME_IN_MILLIS_REQUESTS"></property>
</bean>
<bean id="captchaEntryPoint" class="org.acegisecurity.captcha.CaptchaEntryPoint">
<property name="captchaFormUrl">
<value>/captcha.htm</value>
</property>
</bean>
<bean id="secureChannelProcessor" class="org.acegisecurity.securechannel.SecureChannelProcessor"/>
<bean id="insecureChannelProcessor" class="org.acegisecurity.securechannel.InsecureChannelProcessor"/>
<!-- ===================== CaptchaService SECURITY ==================== -->
<bean id="captchaValidationProcessingFilter" class="com.dayang.common.util.security.CaptchaValidationProcessingFilter">
<property name="captchaService">
<ref bean="captchaService" />
</property>
<property name="captchaValidationParameter">
<value>j_captcha_response</value>
</property>
<property name="validFailedUrl">
<value>http://localhost:8080/cas/login</value>
</property>
</bean>
<bean id="captchaService" class="com.dayang.common.util.security.JCaptchaServiceProxyImpl" >
<property name="jcaptchaService" ref="jcaptchaService" />
</bean>
<!-- jcaptchaService is injected into captchaImageCreateController as well as to captchaService beans
<bean id="jcaptchaService" class="com.octo.captcha.service.image.DefaultManageableImageCaptchaService" />-->
<bean id="jcaptchaService"
class="com.octo.captcha.service.multitype.GenericManageableCaptchaService">
<constructor-arg index="0">
<ref bean="imageEngine"/>
</constructor-arg>
<constructor-arg index="1"><value>180</value></constructor-arg>
<constructor-arg index="2"><value>180000</value></constructor-arg>
</bean>
<!-- jcaptcha image style-->
<bean class="com.octo.captcha.engine.GenericCaptchaEngine" id="imageEngine">
<constructor-arg index="0">
<list>
<ref bean="imageCaptchaFactory"/>
</list>
</constructor-arg>
</bean>
<bean id="imageCaptchaFactory" class="com.octo.captcha.image.gimpy.GimpyFactory" >
<constructor-arg><ref bean="wordgen"/></constructor-arg>
<constructor-arg><ref bean="wordtoimage"/></constructor-arg>
</bean>
<bean id="wordgen" class= "com.octo.captcha.component.word.wordgenerator.ComposeDictionaryWordGenerator" >
<constructor-arg><ref bean="filedict"/></constructor-arg>
</bean>
<bean id="filedict" class="com.octo.captcha.component.word.FileDictionary" >
<constructor-arg index="0"><value>toddlist</value></constructor-arg>
</bean>
<bean id="wordtoimage" class="com.octo.captcha.component.image.wordtoimage.DeformedComposedWordToImage" >
<constructor-arg index="0"><ref bean="fontGenRandom"/></constructor-arg>
<constructor-arg index="1"><ref bean="backGenUni"/></constructor-arg>
<constructor-arg index="2"><ref bean="simpleWhitePaster"/></constructor-arg>
<constructor-arg index="3"><ref bean="none"/></constructor-arg>
<constructor-arg index="4"><ref bean="none"/></constructor-arg>
<constructor-arg index="5"><ref bean="none"/></constructor-arg>
</bean>
<bean id="ripple3Def" class="com.octo.captcha.component.image.deformation.ImageDeformationByFilters" >
<constructor-arg index="0">
<list>
<ref bean="ripple3"/>
</list>
</constructor-arg>
</bean>
<bean id="ripple3" class="com.jhlabs.image.RippleFilter" >
<property name="waveType"><value>5</value></property>
<property name="XAmplitude"><value>5</value></property>
<property name="YAmplitude"><value>5</value></property>
<property name="XWavelength"><value>10</value></property>
<property name="YWavelength"><value>10</value></property>
<property name="edgeAction"><value>1</value></property>
</bean>
<!-- Constructs the "null" deformation component-->
<bean id="none" class="com.octo.captcha.component.image.deformation.ImageDeformationByFilters" >
<constructor-arg index="0">
<null/>
</constructor-arg>
</bean>
<bean id="fontGenRandom" class="com.octo.captcha.component.image.fontgenerator.RandomFontGenerator" >
<constructor-arg index="0"><value>40</value></constructor-arg>
<constructor-arg index="1"><value>50</value></constructor-arg>
<constructor-arg index="2">
<list>
<ref bean="fontArial"/>
<ref bean="fontTahoma"/>
<ref bean="fontVerdana"/>
<ref bean="fontComic"/>
<ref bean="fontLucida"/>
</list>
</constructor-arg>
</bean>
<bean id="fontArial" class="java.awt.Font" >
<constructor-arg index="0"><value>Arial</value></constructor-arg>
<constructor-arg index="1"><value>0</value></constructor-arg>
<constructor-arg index="2"><value>10</value></constructor-arg>
</bean>
<bean id="fontTahoma" class="java.awt.Font" >
<constructor-arg index="0"><value>Tahoma</value></constructor-arg>
<constructor-arg index="1"><value>0</value></constructor-arg>
<constructor-arg index="2"><value>10</value></constructor-arg>
</bean>
<bean id="backGenUni" class="com.octo.captcha.component.image.backgroundgenerator.UniColorBackgroundGenerator" >
<constructor-arg index="0"><value>200</value></constructor-arg>
<constructor-arg index="1"><value>100</value></constructor-arg>
</bean>
<bean id="fontVerdana" class="java.awt.Font" >
<constructor-arg index="0"><value>Verdana</value></constructor-arg>
<constructor-arg index="1"><value>0</value></constructor-arg>
<constructor-arg index="2"><value>10</value></constructor-arg>
</bean>
<bean id="fontComic" class="java.awt.Font" >
<constructor-arg index="0"><value>Comic sans MS</value></constructor-arg>
<constructor-arg index="1"><value>0</value></constructor-arg>
<constructor-arg index="2"><value>10</value></constructor-arg>
</bean>
<bean id="fontLucida" class="java.awt.Font" >
<constructor-arg index="0"><value>Lucida console</value></constructor-arg>
<constructor-arg index="1"><value>0</value></constructor-arg>
<constructor-arg index="2"><value>10</value></constructor-arg>
</bean>
<bean id="simpleWhitePaster" class="com.octo.captcha.component.image.textpaster.SimpleTextPaster" >
<constructor-arg type="java.lang.Integer" index="0"><value>4</value></constructor-arg>
<constructor-arg type="java.lang.Integer" index="1"><value>6</value></constructor-arg>
<constructor-arg type="com.octo.captcha.component.image.color.ColorGenerator" index="2">
<ref bean="colorGenRandomDark"/>
</constructor-arg>
<constructor-arg index="3"><value>true</value></constructor-arg>
</bean>
<!-- Constructs a color generator which generate dark color correspond to the different ranges-->
<bean id="colorGenRandomDark" class="com.octo.captcha.component.image.color.RandomRangeColorGenerator" >
<constructor-arg index="0">
<list>
<value>0</value>
<value>150</value>
</list>
</constructor-arg>
<constructor-arg index="1">
<list>
<value>0</value>
<value>150</value>
</list>
</constructor-arg>
<constructor-arg index="2">
<list>
<value>0</value>
<value>150</value>
</list>
</constructor-arg>
<constructor-arg index="3">
<list>
<value>255</value>
<value>255</value>
</list>
</constructor-arg>
</bean>
<!-- ===================== HTTP REQUEST SECURITY ==================== -->
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
<!--<property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>-->
<property name="authenticationEntryPoint"><ref local="casProcessingFilterEntryPoint"/></property>
<property name="accessDeniedHandler">
<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp"/>
</bean>
</property>
</bean>
<!--org.acegisecurity.ui.webapp.AuthenticationProcessingFilter -->
<!--<bean id="authenticationProcessingFilter" class="com.dayang.common.util.security.AuthenticationProcessingFilter">-->
<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.cas.CasProcessingFilter">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="authenticationFailureUrl"><value>http://localhost:8080/cas/login?login_error=1</value></property>
<!--<property name="defaultTargetUrl"><value>/index.jsp</value></property>
-->
<property name="defaultTargetUrl"><value>/welcome.action</value></property>
<property name="filterProcessesUrl"><value>/j_acegi_cas_security_check</value></property>
<property name="rememberMeServices"><ref local="rememberMeServices"/></property>
</bean>
<!--<bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">-->
<bean id="casProcessingFilterEntryPoint" class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint">
<property name="loginUrl">
<value>http://localhost:8080/cas/login</value>
</property>
<property name="serviceProperties">
<ref bean="serviceProperties"/>
</property>
<!--<property name="loginFormUrl"><value>/login.jsp</value></property>
<property name="forceHttps"><value>false</value></property>-->
</bean>
<bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter"/>
</list>
</property>
</bean>
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
<property name="rolePrefix" value="AUTH_"/>
</bean>
<!-- Note the order that entries are placed against the objectDefinitionSource is critical.
The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
<property name="objectDefinitionSource">
<ref local="filterInvocationDefinitionSourceImp"/>
</property>
</bean>
<bean id="filterInvocationDefinitionSourceImp" class="com.dayang.common.util.security.FilterInvocationDefinitionSourceImp">
<property name="jdbcTemplate"> <ref bean="jdbcTemplate"/> </property>
<property name="sql">
<value><!--
select ro.AUTH_NAME,re.PROTECTED_DES from T_RESOURCES re,T_AUTHORITIES au,T_ROLE ro where re.ID=au.RESOURCE_ID and au.ROLE_ID=ro.ROLE_ID and re.RESOURCE_TYPE='URL'
-->
select re.RESOURCE_AUTH,re.PROTECTED_DES from T_RESOURCES re where re.RESOURCE_TYPE='URL'
</value>
</property>
</bean>
<!--==================================Method Security==================================-->
<bean id="customEditorConfigurer" class="org.springframework.beans.factory.config.CustomEditorConfigurer">
<property name="customEditors">
<map>
<entry key="org.acegisecurity.intercept.method.MethodDefinitionSource">
<bean class="com.dayang.common.util.security.DataSourceMethodDefinitionSourceEditor">
<property name="jdbcTemplate"> <ref bean="jdbcTemplate"/> </property>
</bean>
</entry>
</map>
</property>
</bean>
<bean id="methodSecurity" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
<!-- <property name="afterInvocationManager" ref="afterInvocationManager" />-->
<property name="objectDefinitionSource">
<value><!--
SELECT ro.AUTH_NAME, re.PROTECTED_DES FROM T_RESOURCES re INNER JOIN T_AUTHORITIES au ON re.ID = au.RESOURCE_ID INNER JOIN T_ROLE ro ON au.ROLE_ID = ro.ROLE_ID WHERE (re.RESOURCE_TYPE = 'FUNCTION')
-->
SELECT re.RESOURCE_AUTH, re.PROTECTED_DES FROM T_RESOURCES re WHERE (re.RESOURCE_TYPE = 'FUNCTION')
</value>
</property>
</bean>
<!-- 个人定义的安全bean-->
<bean id="userDetailUtil" class="com.dayang.common.util.security.UserDetailUtil">
<property name="userBO" ref="userBO"/>
</bean>
</beans>
坑:
下载含edu.yale.its.tp.cas.的casclient2.Xjar包
ERROR [edu.yale.its.tp.cas.util.SecureURL] retrieve(http://localhost:8080/cas/proxyValidate?service=http://localhost:8081/MIS_Release20181121/j_acegi_cas_security_check&ticket=ST-1136-IGr-vure3fQ-rfDxqErfCgAQOHA-WORK42196-1) on an illegal URL since protocol was not https.
1.修改edu.yale.its.tp.cas.client.filter.CASFilter将init方法中的https判断屏蔽
2.修改edu.yale.its.tp.cas.util.SecureURL的retrieve方法
未能够识别出目标 'ST-1023-uqmfBvCEYUfFxiDw9OxH3TwAimQ-WORK42196-1'票根
在cas server 的application.properties里添加
# ticket过期设置
cas.ticket.st.numberOfUses=10
cas.ticket.st.timeToKillInSeconds=600
java.lang.IllegalArgumentException: Authentication.getDetails() required
at org.springframework.util.Assert.notNull(Assert.java:112)
at org.acegisecurity.concurrent.SessionRegistryUtils.obtainSessionIdFromAuthentication(SessionRegistryUtils.java:31)
at org.acegisecurity.concurrent.ConcurrentSessionControllerImpl.checkAuthenticationAllowed(ConcurrentSessionControllerImpl.java:90)
https://sunjiesh.iteye.com/blog/405327
SessionRegistryUtils.obtainSessionIdFromAuthentication.auth.getDetails:null
java.lang.IllegalArgumentException: Authentication.getDetails() required
at org.springframework.util.Assert.notNull(Assert.java:112)
at org.acegisecurity.concurrent.SessionRegistryUtils.obtainSessionIdFromAuthentication(SessionRegistryUtils.java:31)
at org.acegisecurity.concurrent.ConcurrentSessionControllerImpl.checkAuthenticationAllowed(ConcurrentSessionControllerImpl.java:90)
at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:117)
at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
at org.acegisecurity.ui.cas.CasProcessingFilter.attemptAuthentication(CasProcessingFilter.java:32)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:199)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.ui.logout.LogoutFilter.doFilter(LogoutFilter.java:106)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:229)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
at com.dayang.common.util.security.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:96)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:148)
at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.dayang.common.filter.CharacterEncoding.doFilter(CharacterEncoding.java:67)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:662)