+-
  1. 首页
  2. JAVA
  3. 正文
java – 中央身份验证服务(CAS).关于POST请求的警告
对于授权,我使用CAS.我的设置如下:
web.xml中: 

...
    <listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>
    <filter>
       <filter-name>CAS Single Sign Out Filter</filter-name>
       <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
    </filter>
    <filter-name>CAS Single Sign Out Filter</filter-name>
       <url-pattern>/*</url-pattern>
    </filter-mapping>
...

弹簧security.xml文件:

<security:http entry-point-ref="casProcessingFilterEntryPoint" access-denied-page="/denied.jsp">
    <security:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
    <security:custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
    <security:custom-filter ref="casAuthenticationFilter" after="CAS_FILTER"/>
</security:http>

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="casAuthenticationProvider"/>
</security:authentication-manager>

<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationFailureHandler">
        <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
            <property name="defaultFailureUrl" value="/denied.jsp"/>
        </bean>
    </property>
    <property name="authenticationSuccessHandler">
        <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
            <property name="defaultTargetUrl" value="/index.jsp"/>
        </bean>
    </property>
    <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
    <property name="proxyReceptorUrl" value="/secure/receptor" />
</bean>

<bean id="casProcessingFilterEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
    <property name="loginUrl" value="https://localhost:8443/cas/login"/>
    <property name="serviceProperties" ref="serviceProperties"/>
</bean>

<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
    <property name="userDetailsService" ref="jdbcUserService"/>
    <property name="serviceProperties" ref="serviceProperties" />
    <property name="ticketValidator">
        <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
            <constructor-arg index="0" value="https://localhost:8443/cas" />
            <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
            <property name="proxyCallbackUrl" value="https://localhost:8443/mywebsite/secure/receptor" />
        </bean>
    </property>
    <property name="key" value="an_id_for_this_auth_provider_only"/>
</bean>

<bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />

<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
    <property name="service" value="https://localhost:8443/mywebsite/j_spring_cas_security_check"/>
    <property name="sendRenew" value="false"/>
</bean>

 <!-- This filter handles a Single Logout Request from the CAS Server -->
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
<!-- This filter redirects to the CAS Server to signal Single Logout should be performed -->
<bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
    <property name="filterProcessesUrl" value="/j_spring_cas_security_logout"/>
    <constructor-arg value="https://localhost:8443/cas/logout"/>
    <constructor-arg>
        <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
    </constructor-arg>
</bean>

<bean id="jdbcUserService"
    ...
</bean>

一切都运作良好.但是我有一个页面,每秒都会向另一个页面发送一个POST请求,并且在每个请求中我都会在控制台中收到以下消息:

WARN [org.jasig.cas.client.util.CommonUtils] (http–0.0.0.0-8443-2)
safeGetParameter called on a POST HttpServletRequest for
LogoutRequest. Cannot complete check safely. Reverting to standard
behavior for this Parameter.

在源代码中,我找到了一个打印警告的方法:

public static String safeGetParameter(final HttpServletRequest request, final String parameter) {
    if ("POST".equals(request.getMethod()) && "logoutRequest".equals(parameter)) {
        LOG.warn("safeGetParameter called on a POST HttpServletRequest for LogoutRequest.  Cannot complete check safely.  Reverting to standard behavior for this Parameter");
        return request.getParameter(parameter);
    }
    return request.getQueryString() == null || request.getQueryString().indexOf(parameter) == -1 ? null : request
            .getParameter(parameter);
}

事实证明,如果请求方法是POST,则输出警告.
我该如何解决?

最佳答案
找到解决方案.有必要更新cas-client-core.
点击查看更多相关文章

转载注明原文:java – 中央身份验证服务(CAS).关于POST请求的警告 - 乐贴网

JAVAcc++goswiftjavascriptNginxUI/UE 小程序PythonC#phpasp

热门推荐