JSP+Spring 忽略 CAS Single Sign Out 请求

发布于 2024-07-29 20:40:43 字数 2825 浏览 5 评论 0原文

我已经使用 Spring+JSP Web 应用程序设置了 CAS 进行单点登录,但现在我发现单点退出实际上并没有让我退出应用程序。 我已确认,如果我进入 CAS 注销页面,我确实会收到来自 CAS 的 SAMLP 注销请求。 然而,当我返回应用程序中的安全页面时,我无需重新登录 CAS 即可进入。 如果我进入本地应用程序注销页面 (/j_spring_security_logout),那么我将被注销并立即重定向到 CAS 登录页面。

简而言之,本地应用程序似乎没有注册来自 CAS 的注销请求并调用自己的注销过程。

这是我的 web.xml 的 CAS 部分

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>

<filter>
    <filter-name>CAS Authentication Filter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
        <param-name>targetBeanName</param-name>
        <param-value>authenticationFilter</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
    <filter-name>CAS Ticket Validation Filter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
        <param-name>targetBeanName</param-name>
        <param-value>ticketValidationFilter</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>CAS Ticket Validation Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>

<filter>
    <filter-name>CAS Assertion Thread Local Filter</filter-name>
    <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>

我是否需要创建一个特定的 CAS bean 来处理 applicationContext.xml 文件中的注销? 还是完全通过web.xml文件来配置?

I've set up CAS for single sign on with my Spring+JSP webapp, but now I've found out that single sign out isn't actually logging me out of the applications. I've confirmed that if I go to the CAS logout page, I do receive a SAMLP logout request from CAS. When I go back to a secured page in the app, however, I get in without logging back in to CAS. If I go to the local app logout page (/j_spring_security_logout), then I will get logged out and immediately redirected to the CAS login page.

In a nutshell, it appears that the local app isn't registering the logout request from CAS and calling its own logout procedure.

Here's the CAS portion of my web.xml

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>

<filter>
    <filter-name>CAS Authentication Filter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
        <param-name>targetBeanName</param-name>
        <param-value>authenticationFilter</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
    <filter-name>CAS Ticket Validation Filter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
        <param-name>targetBeanName</param-name>
        <param-value>ticketValidationFilter</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>CAS Ticket Validation Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>

<filter>
    <filter-name>CAS Assertion Thread Local Filter</filter-name>
    <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>

Do I need a specific CAS bean created to handle logouts in my applicationContext.xml files? Or is configured completely through the web.xml file?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

倾城花音 2024-08-05 20:40:43

当您调试 SingleSignOutFilter 时,它会使用户会话无效吗? 也许 CAS 令牌保存在其中,或者保存在 SecurityContextHolder 中,因此它不会要求新的登录。 我有类似的问题,很抱歉无法完全理解 SS + CAS。

When you debug the SingleSignOutFilter does it invalidate the user session? Maybe the CAS Token is being held in it, or in the SecurityContextHolder so it doesn't ask for a new login. I have a similar issue and am sorry to not be able to fully understand SS + CAS.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文