使用Grails Spring Security CAS插件重定向循环

Question

我正在使用涉及CAS服务器的项目与使用单点登录(SSO)的其他基于Spring的项目一起工作,但我收到一个涉及Grails spring-security-cas插件的重定向循环(版本:":spring-security- CAS号:2.0 RC1" ).我查看了插件的文档.我知道CAS重定向问题看起来很常见,但我还没有找到与此类情况相关的帖子.我是Grails和CAS世界的新手,所以我们提前感谢您向正确的方向努力.

访问grails应用程序上的安全页面最初会使用相应的服务参数正确地重定向到CAS服务器登录页面:https:// example.com:8443/cas/login？service = http:// example.com:8080/grailsapp/j_spring_cas_security_check

用户成功登录并CAS重定向回服务后,会出现此问题.grails应用程序中的j_spring_cas_security_check将重定向回https://example.com:8443/cas登录页面,该页面会看到TGC并重定向回服务j_spring_cas_security_check页面,该页面无限制地重定向[直到浏览器提供重定向循环错误].看起来每次迭代都会创建新的服务票据.

我的Config.groovy有:

grails.plugin.springsecurity.cas.loginUri = /login
grails.plugin.springsecurity.cas.serviceUrl = http://example.com:8080/grailsapp/j_spring_cas_security_check
grails.plugin.springsecurity.cas.serverUrlPrefix = https://example.com:8443/cas
# we aren't using cas with proxy
# logout details not shown here

根据其他问题/答案尝试了不成功的尝试:

• 我不认为问题出在cas服务器上:当我直接转到另一个已经使用CAS的项目时,他们检测到票证cookie并登录就好了而用户不必再进行身份验证.
• SSL证书是自签名的,并已添加到Java的cacert商店.不会发生SSLHandshake或与证书相关的异常等.
• 这不是一个糟糕的凭据或代理情况,如问题19710841,但我已经尝试将/ j_spring_cas_security_check添加到Annotation staticRules,但仍然获得相同的循环.

cas服务器的日志包括:

=============================================================
WHO: [username: sampleuser]
WHAT: supplied credentials: [username: sampleuser]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Fri Jan 03 23:52:41 GMT 2014
CLIENT IP ADDRESS: XXX.XXX.XXX.XXX
SERVER IP ADDRESS: example.com
=============================================================
=============================================================
WHO: [username: sampleuser]
WHAT: TGT-24-Rttmt5i5raWcV1Z5wZavVopigQc4xeIckEUfMKdG3EwEzI3LUI-cas.service
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Fri Jan 03 23:52:41 GMT 2014
CLIENT IP ADDRESS: XXX.XXX.XXX.XXX
SERVER IP ADDRESS: example.com
=============================================================

INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-77-cneJOIwmnoOdKqkscaiy-cas.service] for service [http://example.com:8080/grailsapp/j_spring_cas_security_check] for user [sampleuser]>

####### FIRST ITERATION OF LOOP BELOW #############

=============================================================
WHO: sampleuser
WHAT: ST-77-cneJOIwmnoOdKqkscaiy-cas.service for http://example.com:8080/grailsapp/j_spring_cas_security_check
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Fri Jan 03 23:52:41 GMT 2014
CLIENT IP ADDRESS: XXX.XXX.XXX.XXX
SERVER IP ADDRESS: example.com
=============================================================
=============================================================
WHO: audit:unknown
WHAT: ST-77-cneJOIwmnoOdKqkscaiy-cas.service
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Fri Jan 03 23:52:41 GMT 2014
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: example.com
=============================================================

DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in FlowScope: http://example.com:8080/grailsapp/j_spring_cas_security_check>
INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-78-6qsbaVNNOess4VhGOQE4-cas.service] for service [http://example.com:8080/grailsapp/j_spring_cas_security_check] for user [sampleuser]>

####### SERVICE_TICKET_CREATED and SERVICE_TICKET_VALIDATED LOOP CONTINUES A FEW MORE TIMES BEFORE BROWSER GIVES UP #############

Answer 1

问题是在 Grails 客户端中我没有创建 userDetailsS​​ervice。我在 Grails 的 services 文件夹中实现了一个自定义类（请参阅http://grails-plugins.github.io/grails-spring-security-core/guide/userDetailsS ​​ervice.html ）：

public class MyUserDetailsService implements UserDetailsService {
    // Required methods here
}

然后在 resources.groovy 中引用它：

beans = {
    userDetailsService(MyUserDetailsService)
}