我在本地主机上设置了一个简单的Grails站点(使用SSL),配置了spring安全性,并使用s2-quickstart设置了用户。然后,我将其配置为使用CAS服务器身份验证。根据CAS日志,它似乎确实在进行身份验证,但是在身份验证之后,它会继续返回grails应用程序的index.gsp页面,而不是返回所请求的URL。这是application.groovy中的配置。
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.helloworld.SecUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.helloworld.SecUserSecRole'
grails.plugin.springsecurity.authority.className = 'com.helloworld.SecRole'
grails.plugin.springsecurity.providerNames = ['casAuthenticationProvider']
grails.plugin.springsecurity.cas.active = true
grails.plugin.springsecurity.cas.sendRenew = false
grails.plugin.springsecurity.cas.loginUri = '/login'
grails.plugin.springsecurity.cas.serviceUrl = 'https://localhost:8080/'
grails.plugin.springsecurity.cas.serverUrlPrefix = 'https://localhost:8443/cas'
grails.plugin.springsecurity.cas.serverUrlEncoding = 'UTF-8'
grails.plugin.springsecurity.cas.key = 'grails-spring-security-cas'
grails.plugin.springsecurity.cas.artifactParameter = 'ticket'
grails.plugin.springsecurity.cas.serviceParameter = 'service'
grails.plugin.springsecurity.cas.filterProcessesUrl = '/j_spring_cas_security_check'
grails.plugin.springsecurity.cas.proxyCallbackUrl = 'https://localhost:8080/secure/receptor'
grails.plugin.springsecurity.cas.proxyReceptorUrl = '/secure/receptor'
grails.plugin.springsecurity.cas.useSingleSignout = true
grails.plugin.springsecurity.cas.logout.afterLogoutUrl = 'https://localhost:8443/cas/logout?url=https://localhost:8080/logout'
grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.successHandler.alwaysUseDefaultTargetUrl = false
grails.plugin.springsecurity.interceptUrlMap = [
'/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/logout/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/secure/receptor': ['IS_AUTHENTICATED_ANONYMOUSLY'], // <- allows CAS to contact the receptor
'/**': ['IS_AUTHENTICATED_FULLY']
]
你能建议出什么问题吗?
最佳答案
嗯,grails.plugin.springsecurity.cas.serviceUrl值应以/ j_spring_cas_security_check结尾。
我们用:
grails.plugin.springsecurity.cas.active = true
grails.plugin.springsecurity.cas.loginUri = "/login"
grails.plugin.springsecurity.cas.serverUrlPrefix = "<cas server url>"
grails.plugin.springsecurity.cas.serviceUrl = "<grails server url>/j_spring_cas_security_check"
grails.plugin.springsecurity.cas.proxyCallbackUrl = null
grails.plugin.springsecurity.cas.proxyReceptorUrl = null
我还发现最初进行最小配置只是为了使事情正常进行,这很有帮助。我已经通过多次配置不同的插件来锁定我的grails服务器,而我认为这些插件从一开始就很有值(value)。
关于grails - 身份验证后,Grails + SpringSecurity + CAS不会重定向到targetUrl,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39844726/