Kri*_*hna 5 tomcat spring-security single-sign-on
我在同一个tomcat实例中使用了两个不同的Web应用程序.Web应用程序之一,另一个是REST服务.当用户登录Web应用程序并调用REST服务时,REST应该使用Web应用程序登录的用户进行身份验证.如何在tomcat中实现SSO>如果有人实现了它,请帮助mw.
更新: 我在我的第一个Web应用程序中实现了Spring Security和J2EEPreAuthentication机制.该应用程序使用DOJO(JavaScript框架)调用第二个应用程序(REST服务).
更新: 我找到了解决方案.请阅读下面的答案.
我们可以在传统的Web应用程序和非基于Web的应用程序(如RESTful Web服务)之间实现SSO.此示例显示了在Web应用程序和RESTful Web服务之间实现SSO的示例代码.以下是spring-security.xml文件中的配置
<security:http create-session="never" use-expressions="true"
auto-config="false"
entry-point-ref="preAuthenticatedProcessingFilterEntryPoint" >
<security:intercept-url pattern="/**" access="permitAll"/>
<security:intercept-url pattern="/admin/**" access="hasRole('tomcat')"/>
<security:intercept-url pattern="/**" access="hasRole('tomcat')"/>
<security:custom-filter position="PRE_AUTH_FILTER" ref="preAuthFilter"/>
<!-- Required for Tomcat, will prompt for username / password twice otherwise -->
<security:session-management session-fixation-protection="none"/>
</security:http>
<bean id="preAuthenticatedProcessingFilterEntryPoint"
class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
<bean id="preAuthFilter"
class="org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
<property name="authenticationManager" ref="appControlAuthenticationManager"/>
<property name="authenticationDetailsSource"
ref="j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource"/>
</bean>
<security:authentication-manager alias="appControlAuthenticationManager">
<security:authentication-provider ref="preAuthenticatedAuthenticationProvider"/>
</security:authentication-manager>
<bean id="preAuthenticatedAuthenticationProvider"
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService" ref="inMemoryAuthenticationUserDetailsService"/>
</bean>
<bean id="j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource"
class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
<property name="mappableRolesRetriever" ref="webXmlMappableAttributesRetriever"/>
<property name="userRoles2GrantedAuthoritiesMapper" ref="simpleAttributes2GrantedAuthoritiesMapper"/>
</bean>
<bean id="webXmlMappableAttributesRetriever"
class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever"/>
<bean id="simpleAttributes2GrantedAuthoritiesMapper"
class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper">
<property name="attributePrefix" value=""/>
</bean>
<bean id="inMemoryAuthenticationUserDetailsService"
class="com.org.InMemoryAuthenticationUserDetailsService"/>
上面的代码在Web应用程序中.同样的代码也可以在REST项目的spring security xml文件中.将以下代码添加到web.xml文件中:
<security-constraint>
<web-resource-collection>
<web-resource-name>Wildcard means whole app requires authentication</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
<user-data-constraint>
<!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
上面的代码应该只在普通的Web应用程序中.然后在tomcat的server.xml文件中启用SSO阀.Tomcat使用基于cookie的SSO登录.会话ID存储在cookie中.如果您的浏览器禁用了cookie,则SSO将无法运行.
希望这个解释有所帮助
| 归档时间: |
|
| 查看次数: |
6711 次 |
| 最近记录: |