cas-security-spring-boot-starter icon indicating copy to clipboard operation
cas-security-spring-boot-starter copied to clipboard

Published 20 hours ago verified publisher icon kakawait

Invalid custom permission validation

Open liyiorg opened this issue 5 years ago • 5 comments

Hello, I have a service with name 'system1' , I want limit user mast has permission "SERVICE_SYSTEM_1" , The following code is not valid in version 1.0.0 , But invalid in version 0.8.1。

public class ServiceCasSecurityConfigurerAdapter extends CasSecurityConfigurerAdapter {

       @Override
       public void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests()
                   .anyRequest().hasAuthority("SERVICE_SYSTEM_1");
        }
  
}

Quote CasLoginSecurityConfiguration version 1.0.0

@Override
        protected void configure(HttpSecurity http) throws Exception {
            String[] paths = getSecurePaths();
            if (paths.length > 0) {
                http.requestMatchers().antMatchers(paths);
                CasHttpSecurityConfigurer.cas().configure(http);

                CasSecurityProperties.SecurityAuthorizeMode mode = casSecurityProperties.getAuthorization().getMode();
                if (mode == CasSecurityProperties.SecurityAuthorizeMode.ROLE) {
                    String[] roles = casSecurityProperties.getAuthorization().getRoles();
                    http.authorizeRequests().anyRequest().hasAnyRole(roles);
                } else if (mode == CasSecurityProperties.SecurityAuthorizeMode.AUTHENTICATED) {
                    http.authorizeRequests().anyRequest().authenticated();
                } else if (mode == CasSecurityProperties.SecurityAuthorizeMode.NONE) {
                    http.authorizeRequests().anyRequest().permitAll();
                } else if(mode == CasSecurityProperties.SecurityAuthorizeMode.NOT_DO){
                   // ======================
                   //TODO   Can you add a enum, not do any thing.  thanks!
                   // ======================
                }
            }
        }

liyiorg avatar Oct 22 '19 08:10 liyiorg

@liyiorg

The following code is not valid in version 1.0.0 , But invalid in version 0.8.1。

Do you mean valid in version 0.8.1 ?

And what do you mean by valid / invalid ?

kakawait avatar Oct 22 '19 08:10 kakawait

@kakawait Sorry, I am try again, The both version invalid . We have five system integrate CAS , But not all systems can be accessed by users .
I find the default SecurityAuthorizeMode not same in both version.

liyiorg avatar Oct 22 '19 09:10 liyiorg

@liyiorg do you have small project to test, or if not possible could you please share with me your security.cas.* configuration?

kakawait avatar Oct 22 '19 09:10 kakawait

@kakawait thanks

security:
  cas:
    server:
      base-url: https://xxx.sso.com/cas 
    service:
      base-url: http://service1/index

liyiorg avatar Oct 22 '19 09:10 liyiorg

@kakawait I am add a enum for SecurityAuthorizeMode solve this problem, It's name CUSTOM .

liyiorg avatar Oct 28 '19 06:10 liyiorg