Cas+shiro implementation to request CAs for authentication

Source: Internet
Author: User

Cas+shiro do not always go to CAs to verify identity information, need to use Shiro in the current system has a complete certification body.

Then there is a question, when to go to CAS checksum information, the current configuration method:

CAS system sets the default browser session survival time, the current system session survival time is 30 minutes, then when the current system authentication failure is, go to CAS checksum.

Here is a very important node, that is, how the internal Shiro framework for CAS validation, see the code:

Org.apache.shiro.web.filter.AccessControlFilterd is also the parent class for all default validation classes,

The Redirecttologin method in the parent class is to request the CAS server and retrieve the authentication information again.

/*** Convenience method for subclasses that merely acquires the {@link#getLoginUrl () Getloginurl} and redirects * the request to the URL. * <p/> * <b>N.B.</b> If you want to issue a redirect with the intention of allowing the user to the  n return to their * Originally requested URL, and don ' t use this method directly. Instead should call * {@link#saveRequestAndRedirectToLogin (javax.servlet.ServletRequest, Javax.servlet.ServletResponse) * Saverequestandredirecttologin (Request,response)}, which'll save the current request state so the it can * is recons     Tructed and re-used after a successful login. *     * @paramrequest the incoming <code>ServletRequest</code> *@paramresponse the outgoing <code>ServletResponse</code> *@throwsIOException If an error occurs. */    protected voidRedirecttologin (ServletRequest request, servletresponse response)throwsIOException {String loginurl=Getloginurl ();    Webutils.issueredirect (Request, response, loginurl); }

    

Now to solve the problem is that the current system's authentication information expires, this time the page to the background of an AJAX request, then the background to get this request directly forwarded to the CAS service there is a problem: cross-domain issues.

Reference workaround: Because all of my backstage is authenticated with the default Org.apache.shiro.web.filter.authc.AnonymousFilter class in addition to the home page, all other requests are through

Org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter authorization, and because  Permissionsauthorizationfilter inherited Accesscontrolfilterd.
So my solution is to create one of my own permissionsauthorizationfilter covering accesscontrolfilterd Redirecttologin Method

    

Importjava.io.IOException;Importjavax.servlet.ServletRequest;ImportJavax.servlet.ServletResponse;ImportOrg.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;Importcom.chenrd.shiro.AuthorRuntimeException;/*** The most important point, resolved the page does not refresh the click function, but the background of the author has been written off the case will be sent to send a CAS request cross-domain problem * *@authorCHENRD *@versionDecember 11, 2015 *@seeMypermissionsauthorizationfilter *@since */ Public classMypermissionsauthorizationfilterextendspermissionsauthorizationfilter{@Overrideprotected voidRedirecttologin (ServletRequest request, servletresponse response)throwsIOException {Throw NewAuthorruntimeexception ("Identity exception, do not forward to login page"); /*String loginurl = Getloginurl (); Webutils.issueredirect (Request, response, loginurl);*/    }}

Then modify the following in the Shiro configuration file:

  

    <BeanID= "Mypermissionsauthorizationfilter"class= "Com.chenrd.shiro.filter.MyPermissionsAuthorizationFilter"/>        <BeanID= "Filterchainmanager"class= "Com.chenrd.shiro.filter.CustomDefaultFilterChainManager">        < Propertyname= "Loginurl"value= "${cas.url}/login?service=${apply.url}/cas"/>        < Propertyname= "Successurl"value="/"/>        < Propertyname= "Unauthorizedurl"value= "/authority"/>        < Propertyname= "Customfilters">              <Util:map>                  <entryKey= "CAS"Value-ref= "Casfilter"/>
<!--replace the default permission control class-<entryKey= "Perms"Value-ref= "Mypermissionsauthorizationfilter"/> </Util:map> </ Property> < Propertyname= "Defaultfilterchaindefinitions"> <value>/login=anon/cas=cas/jaxws/services/**=anon/**=authc </value> </ Property> </Bean>

  

Cas+shiro implementation to request CAs for authentication

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.