yanhua365 · May 16, 2014 06:47
diff --git a/applicationContext-security-sso.xml b/applicationContext-security-sso.xml
 <beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:context="http://www.springframework.org/schema/context"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.2.xsd
           http://www.springframework.org/schema/context
           http://www.springframework.org/schema/context/spring-context-3.2.xsd" default-lazy-init="false">

    <context:property-placeholder ignore-resource-not-found="true" location="file:${BX_HOME}/config/platform-config.properties"/>

    <http  pattern="/resources/**"  security="none"></http>
    <http  pattern="/api/**"  security="none"></http>
    <http  pattern="/rest/**"  security="none"></http>

    <http entry-point-ref="casEntryPoint" access-decision-manager-ref="accessDecisionManager">
        <intercept-url pattern="/login/*" access="ROLE_ANONYMOUS"/>
        <intercept-url pattern="/logout" access="ROLE_ANONYMOUS"/>
        <intercept-url pattern="/**" access="ROLE_USER" />
        <custom-filter ref="singleLogoutFilter" before="LOGOUT_FILTER"/>
        <custom-filter ref="casFilter" position="CAS_FILTER"/>

        <logout logout-url="/logout"
                logout-success-url="http://${sso.server.host}/sso/logout"/>

        <custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
        <custom-filter ref="casFilter" after="CAS_FILTER"/>
    </http>

    <!-- 客户端配置 -->
    <beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
        <beans:property name="service" value="http://${sso.client.host}/j_spring_cas_security_check" />
        <beans:property name="sendRenew" value="false" />
    </beans:bean>

    <!-- CAS 认证入口 -->
    <beans:bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
        <beans:property name="loginUrl" value="http://${sso.server.host}/sso/login" />
        <beans:property name="serviceProperties" ref="serviceProperties" />
    </beans:bean>

    <!-- CAS 认证过滤器，认证管理器、成功、失败配置 -->
    <beans:bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
        <beans:property name="authenticationManager" ref="authenticationManager" />
        <beans:property name="authenticationFailureHandler">
            <beans:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
                <beans:property name="defaultFailureUrl" value="/casfailed.jsp"/>
            </beans:bean>
        </beans:property>
    </beans:bean>

    <authentication-manager alias="authenticationManager">
        <authentication-provider ref="casAuthenticationProvider"/>
    </authentication-manager>

    <beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
        <beans:property name="authenticationUserDetailsService">
            <beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
                <beans:constructor-arg ref="userDetailsService" />
            </beans:bean>
        </beans:property>
        <beans:property name="serviceProperties" ref="serviceProperties" />
        <beans:property name="ticketValidator">
            <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                <beans:constructor-arg index="0" value="http://${sso.server.host}/sso" />
            </beans:bean>
        </beans:property>
        <beans:property name="key" value="cas_core_uic_internal_key" />
    </beans:bean>

    <!-- CAS 登出过滤器 -->
    <beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />
    <beans:bean id="accessDecisionManager"  class="cn.boxiao.bxn.common.security.AccessDecisionManagerImpl"/>
    <beans:bean id="userDetailsService" class="cn.boxiao.bxn.uic.service.CoreUserDetailsServiceImpl"/>
 </beans:beans>
	<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-3.2.xsd
	http://www.springframework.org/schema/context
	http://www.springframework.org/schema/context/spring-context-3.2.xsd" default-lazy-init="false">

	<context:property-placeholder ignore-resource-not-found="true" location="file:${BX_HOME}/config/platform-config.properties"/>

	<http pattern="/resources/**" security="none"></http>
	<http pattern="/api/**" security="none"></http>
	<http pattern="/rest/**" security="none"></http>

	<http entry-point-ref="casEntryPoint" access-decision-manager-ref="accessDecisionManager">
	<intercept-url pattern="/login/*" access="ROLE_ANONYMOUS"/>
	<intercept-url pattern="/logout" access="ROLE_ANONYMOUS"/>
	<intercept-url pattern="/**" access="ROLE_USER" />
	<custom-filter ref="singleLogoutFilter" before="LOGOUT_FILTER"/>
	<custom-filter ref="casFilter" position="CAS_FILTER"/>

	<logout logout-url="/logout"
	logout-success-url="http://${sso.server.host}/sso/logout"/>

	<custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
	<custom-filter ref="casFilter" after="CAS_FILTER"/>
	</http>

	<!-- 客户端配置 -->
	<beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
	<beans:property name="service" value="http://${sso.client.host}/j_spring_cas_security_check" />
	<beans:property name="sendRenew" value="false" />
	</beans:bean>

	<!-- CAS 认证入口 -->
	<beans:bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
	<beans:property name="loginUrl" value="http://${sso.server.host}/sso/login" />
	<beans:property name="serviceProperties" ref="serviceProperties" />
	</beans:bean>

	<!-- CAS 认证过滤器，认证管理器、成功、失败配置 -->
	<beans:bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
	<beans:property name="authenticationManager" ref="authenticationManager" />
	<beans:property name="authenticationFailureHandler">
	<beans:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
	<beans:property name="defaultFailureUrl" value="/casfailed.jsp"/>
	</beans:bean>
	</beans:property>
	</beans:bean>

	<authentication-manager alias="authenticationManager">
	<authentication-provider ref="casAuthenticationProvider"/>
	</authentication-manager>

	<beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
	<beans:property name="authenticationUserDetailsService">
	<beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
	<beans:constructor-arg ref="userDetailsService" />
	</beans:bean>
	</beans:property>
	<beans:property name="serviceProperties" ref="serviceProperties" />
	<beans:property name="ticketValidator">
	<beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
	<beans:constructor-arg index="0" value="http://${sso.server.host}/sso" />
	</beans:bean>
	</beans:property>
	<beans:property name="key" value="cas_core_uic_internal_key" />
	</beans:bean>

	<!-- CAS 登出过滤器 -->
	<beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />
	<beans:bean id="accessDecisionManager" class="cn.boxiao.bxn.common.security.AccessDecisionManagerImpl"/>
	<beans:bean id="userDetailsService" class="cn.boxiao.bxn.uic.service.CoreUserDetailsServiceImpl"/>
	</beans:beans>