`
jnwzping
  • 浏览: 17908 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

pentaho5 CAS 单点登录

阅读更多

pentaho5 CAS 单点登录 

项目中添加两个jar包:cas-client-core-3.1.5.jar 和 spring-security-cas-client-2.0.5.RELEASE.jar

 

并修改项目下的applicationContext-spring-security.xml 文件,可以实现CAS单点登录:

 

以下出现“http://cas.grandsoft.com.cn” 请替换成自己的CAS地址。

 

 

<?xml version="1.0" encoding="UTF-8"?>

<!--+
  | Application context containing FilterChainProxy.
  +-->
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:pen="http://www.pentaho.com/schema/pentaho-system"
       xsi:schemaLocation="
	   http://www.springframework.org/schema/beans 
	   http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
       http://www.pentaho.com/schema/pentaho-system 
	   http://www.pentaho.com/schema/pentaho-system.xsd">

  <!-- ======================== FILTER CHAIN ======================= -->
  <!--
      if you wish to use channel security, add "channelProcessingFilter," in
      front of "httpSessionContextIntegrationFilter" in the list below
  -->
  <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
    <property name="filterInvocationDefinitionSource">
      <value>
        <![CDATA[CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
        PATTERN_TYPE_APACHE_ANT
        /webservices/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
        /api/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
        /plugin/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
        /**=securityContextHolderAwareRequestFilter,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,httpSessionReuseDetectionFilter,casProcessingFilter,logoutFilter,basicProcessingFilter,requestParameterProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
		,casSingleSignOutFilter]]>
      </value>
    </property>
  </bean>
  
  <!-- ======================== AUTHENTICATION ======================= -->
<bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter" autowire="default" dependency-check="default" lazy-init="default">
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="authenticationFailureUrl" value="/Home"/>
<property name="defaultTargetUrl" value="/Home"/>
<property name="filterProcessesUrl" value="/j_spring_cas_security_check"/>
</bean>

<bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
<property name="userDetailsService">
<ref bean="userDetailsService"/>
</property>
<property name="serviceProperties">
<ref local="serviceProperties"/>
</property>
<property name="ticketValidator">
<ref local="ticketValidator"/>
</property>
<property name="key" value="my_password_for_this_auth_provider_only"/>
</bean>
<bean id="anonymousAuthenticationProvider"
	class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key" value="foobar" />
</bean>
<bean id="ticketValidator" class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator" autowire="default" dependency-check="default" lazy-init="default">
<constructor-arg value="http://cas.grandsoft.com.cn" />
</bean>

<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager" autowire="default" dependency-check="default" lazy-init="default">
<property name="providers">
<list>
<!--ref bean="daoAuthenticationProvider" /-->
<ref bean="anonymousAuthenticationProvider"/>
<ref bean="casAuthenticationProvider"/>
</list>
</property>
</bean>

  <!-- Automatically receives AuthenticationEvent messages -->
  <bean id="loggerListener"
        class="org.springframework.security.event.authentication.LoggerListener" />
  <bean id="basicProcessingFilter"
        class="org.pentaho.platform.web.http.security.PentahoBasicProcessingFilter">
    <property name="authenticationManager">
      <ref local="authenticationManager" />
    </property>
    <property name="authenticationEntryPoint">
      <ref local="basicProcessingFilterEntryPoint" />
    </property>
  </bean>
<!--   <bean id="basicAuthPostFilter"
        class="org.pentaho.platform.web.http.security.PentahoBasicPostProcessingFilter">
  </bean> -->
  <bean id="basicProcessingFilterEntryPoint"
        class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
    <property name="realmName" value="Pentaho Realm" />
  </bean>

  <!-- custom Pentaho begin -->

  <!-- replaces Spring's default ApplicationEventMulticaster; do not change bean id -->
  <bean id="applicationEventMulticaster" class="org.pentaho.platform.engine.security.event.OrderedApplicationEventMulticaster" />

  <!-- next two beans replace SecurityStartupFilter -->
  <bean class="org.pentaho.platform.engine.security.event.PentahoAuthenticationSuccessListener" />
  <bean class="org.pentaho.platform.engine.security.event.PentahoSessionStartupAuthenticationSuccessListener" />

  <bean id="httpSessionReuseDetectionFilter"
        class="org.pentaho.platform.web.http.security.HttpSessionReuseDetectionFilter">
    <property name="filterProcessesUrl" value="/j_spring_security_check" />
    <property name="sessionReuseDetectedUrl" value="/Login?login_error=2" />
  </bean>


  <bean id="requestParameterProcessingFilter"
        class="org.pentaho.platform.web.http.security.RequestParameterAuthenticationFilter">
    <property name="authenticationManager">
      <ref local="authenticationManager" />
    </property>
    <property name="authenticationEntryPoint">
      <ref local="requestParameterProcessingFilterEntryPoint" />
    </property>
  </bean>
  <bean id="requestParameterProcessingFilterEntryPoint"
        class="org.pentaho.platform.web.http.security.RequestParameterFilterEntryPoint" />

  <bean id="httpSessionPentahoSessionContextIntegrationFilter"
        class="org.pentaho.platform.web.http.filters.HttpSessionPentahoSessionIntegrationFilter" />

		
  <!-- custom Pentaho end -->
  <bean id="anonymousProcessingFilter"
        class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
    <property name="key" value="foobar" />
    <property name="userAttribute" value="anonymousUser,Anonymous" />
  </bean>

  <bean id="httpSessionContextIntegrationFilter"
        class="org.springframework.security.context.HttpSessionContextIntegrationFilter" />
		
  <bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter" autowire="default" dependency-check="default" lazy-init="default">
	<constructor-arg value="http://cas.grandsoft.com.cn/logout"/>
	<constructor-arg>
	<list>
	<bean class="org.pentaho.platform.web.http.security.PentahoLogoutHandler"/>
	<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
	</list>
	</constructor-arg>
	<property name="filterProcessesUrl" value="/Logout"/>
  </bean>

  <bean id="securityContextHolderAwareRequestFilter"
        class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter" />

  <bean id="securityContextHolderAwareRequestFilterForWS" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter">
    <!-- override so that SavedRequestAwareWrapper is not used -->
    <property name="wrapperClass" value="org.springframework.security.wrapper.SecurityContextHolderAwareRequestWrapper" />
  </bean>



  <!--
      ===================== HTTP REQUEST SECURITY ====================
  -->
<bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties" autowire="default" dependency-check="default" lazy-init="default">
<property name="service" value="http://bi.glodon.com/pentaho/j_spring_cas_security_check"/>
<property name="sendRenew" value="false"/>
</bean>

<bean id="exceptionTranslationFilter"  class="org.springframework.security.ui.ExceptionTranslationFilter" autowire="default" dependency-check="default" lazy-init="default">
<property name="authenticationEntryPoint">
<ref local="casProcessingFilterEntryPoint"/>
</property>
<property name="accessDeniedHandler">
<bean class="org.springframework.security.ui.AccessDeniedHandlerImpl" />
</property>
</bean>

<bean id="casSingleSignOutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter">
</bean>
<bean id="casSingleSignOutHttpSessionListener" class="org.jasig.cas.client.session.SingleSignOutHttpSessionListener">
</bean>

<bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint" autowire="default" dependency-check="default" lazy-init="default">
<property name="loginUrl" value="http://cas.grandsoft.com.cn/login"/>
<property name="serviceProperties">
<ref local="serviceProperties"/>
</property>
</bean>



  <bean id="exceptionTranslationFilterForWS" class="org.springframework.security.ui.ExceptionTranslationFilter">
    <property name="authenticationEntryPoint">
      <ref local="basicProcessingFilterEntryPoint" />
    </property>
    <property name="accessDeniedHandler">
      <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl" />
    </property>
  </bean>


<!--   <bean id="authenticationProcessingFilter"
  class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
    <property name="authenticationManager">
      <ref local="authenticationManager" />
    </property>
    <property name="authenticationFailureUrl" value="/Login?login_error=1" />
    <property name="defaultTargetUrl" value="/Home" />
    <property name="filterProcessesUrl" value="/j_spring_security_check" />
    <property name="targetUrlResolver">
      <bean id="targetUrlResolver" class="org.springframework.security.ui.TargetUrlResolverImpl">
        <property name="justUseSavedRequestOnGet" value="true" />
      </bean>
    </property>
  </bean> -->
<!--   <bean id="authenticationProcessingFilterEntryPoint"
        class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    <property name="loginFormUrl" value="/Login" />
    <property name="forceHttps" value="false" />
  </bean> -->
  
  <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
    <property name="allowIfAllAbstainDecisions" value="false" />
    <property name="decisionVoters">
      <list>
        <ref bean="roleVoter" />
      </list>
    </property>
  </bean>
  <!--
      Note the order that entries are placed against the
      objectDefinitionSource is critical. The FilterSecurityInterceptor will
      work from the top of the list down to the FIRST pattern that matches
      the request URL. Accordingly, you should place MOST SPECIFIC (ie
      a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*)
      expressions last
  -->
  <bean id="filterInvocationInterceptor"
        class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
    <property name="authenticationManager">
      <ref local="authenticationManager" />
    </property>
    <property name="accessDecisionManager">
      <ref local="httpRequestAccessDecisionManager" />
    </property>
    <property name="objectDefinitionSource">
      <value>
        <!--
            Note - the "=Nobody" below is saying that resource URLs with those
            patterns not be available through a web call.
        -->
        <![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/.*require-js-cfg.js\Z=Anonymous,Authenticated
\A/js/require.js\Z=Anonymous,Authenticated
\A/js/require-cfg.js\Z=Anonymous,Authenticated
\A/content/data-access/resources/gwt/.*css\Z=Anonymous,Authenticated
\A/webcontext.js.*\Z=Anonymous,Authenticated
\A/content/common-ui/resources/web/cache/cache-service.js.*\Z=Anonymous,Authenticated
\A/cacheexpirationservice.*\Z=Anonymous,Authenticated
\A/js/theme.*\Z=Anonymous,Authenticated
\A/content/common-ui/resources/themes/.*\Z=Anonymous,Authenticated
\A/content/common-ui/resources/web/dojo/djconfig.js.*\Z=Anonymous,Authenticated
\A/content/pentaho-mobile/resources/.*\Z=Anonymous,Authenticated
\A/docs/.*\Z=Anonymous,Authenticated
\A/mantlelogin/.*\Z=Anonymous,Authenticated
\A/mantle/mantleloginservice/*\Z=Anonymous,Authenticated
\A/mantle/.*\Z=Authenticated
\A/welcome/.*\Z=Anonymous,Authenticated
\A/public/.*\Z=Anonymous,Authenticated
\A/login.*\Z=Anonymous,Authenticated
\A/ping/alive.gif.*\Z=Anonymous,Authenticated
\A/j_spring_security_check.*\Z=Anonymous,Authenticated
\A/getimage.*\Z=Anonymous,Authenticated
\A/getresource.*\Z=Anonymous,Authenticated
\A/admin.*\Z=Admin
\A/auditreport.*\Z=Admin
\A/auditreportlist.*\Z=Admin
\A/versioncontrol.*\Z=Admin
\A/propertieseditor.*\Z=Admin
\A/propertiespanel.*\Z=Admin
\A/subscriptionadmin.*\Z=Admin
\A/resetrepository.*\Z=Admin
\A/viewaction.*solution.admin.*\Z=Admin
\A/scheduleradmin.*\Z=Admin
\A/publish.*\Z=Admin
\A/logout.*\Z=Anonymous
\A/solutionrepositoryservice.*component=delete.*solution=system.*\Z=Nobody
\A/solutionrepositoryservice.*solution=system.*component=delete.*\Z=Nobody
.*system.*pentaho.xml.*=Nobody
.*system.*applicationcontext.*.xml.*=Nobody
.*system.*pentahoobjects.spring.xml.*=Nobody
.*system.*pentahosystemconfig.xml.*=Nobody
.*system.*adminplugins.xml.*=Nobody
.*system.*plugin.properties.*=Nobody
.*system.*sessionstartupactions.xml.*=Nobody
.*system.*systemlisteners.xml.*=Nobody
.*system.*hibernate.*=Nobody
.*system.*birt/.*=Nobody
.*system.*dialects/.*=Nobody
.*system.*google/.*=Nobody
.*system.*jasperreports/.*=Nobody
.*system.*kettle/.*=Nobody
.*system.*logs/.*=Nobody
.*system.*mondrian/.*=Nobody
.*system.*quartz/.*=Nobody
.*system.*simple-jndi/.*=Nobody
.*system.*smtp-email/.*=Nobody
.*system.*ui/.*=Nobody
.*system.*\.\./.*=Nobody
\A/.*\Z=Authenticated
        ]]>
      </value>
    </property>
  </bean>

  <bean id="filterInvocationInterceptorForWS" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
    <property name="authenticationManager">
      <ref local="authenticationManager" />
    </property>
    <property name="accessDecisionManager">
      <ref local="httpRequestAccessDecisionManager" />
    </property>
    <!-- allow anyone to see the wsdl of various services -->
    <property name="objectDefinitionSource">
      <value>
        <![CDATA[CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/webservices/unifiedrepository\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/userrolelistservice\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/userroleservice\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/authorizationpolicy\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/rolebindingdao\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/scheduler\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/repositorysync\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/datasourcemgmtservice\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/.*\Z=Authenticated
\A/api/.*require-js-cfg.js\Z=Anonymous,Authenticated
\A/api/.*\Z=Authenticated
\A/plugin/.*\Z=Authenticated
      ]]>
      </value>
    </property>
  </bean>

  <bean id="defaultRole" class="java.lang.String">
    <constructor-arg value="Authenticated" />
  </bean>

  <bean id="anonymousRole" class="java.lang.String">
    <constructor-arg value="Anonymous" />
  </bean>

  <!-- used by ExtraRolesUserRoleListServiceDecorator beans -->
  <bean id="extraRoles" class="org.springframework.beans.factory.config.ListFactoryBean">
    <property name="sourceList">
      <list>
        <ref bean="defaultRole" />
        <ref bean="anonymousRole" />
      </list>
    </property>
  </bean>
</beans>

 

 

0
0
分享到:
评论
3 楼 hunter123456 2016-08-01  
您好!
  我用的是pentaho5.4 按你的步骤试了一下,首页打不开。
cas登陆框在 服务器上,pentaho5.4装在本机,
请问该如何设置。
 
2 楼 fengjidly 2016-05-23  
你好,请问saiku的单点登录也可以这样做吗?

我现在需要把saiku部署到公司的服务器,公司系统是CAS实现的单点登录,用的是http,

谢谢
1 楼 u013189769 2015-08-26  
多谢分享!
这几天也在弄pentaho的单点登录,官网的是修改applicationContext-spring-security-cas.xml ,可是根本找不到这个文件,
现在用这个配置已经成功登录,不过修改了个地方
  1:去掉了id=httpSessionReuseDetectionFilter这个bean
  2:在id=filterChainProxy中删除了httpSessionReuseDetectionFilter
(我现在用的是pentaho5.3,单点登录用的是http)
再次感谢

相关推荐

Global site tag (gtag.js) - Google Analytics