spring security集成cas单点登录，认证后一直/sign/authz/cas/login接口与/sign/authz/cas/granting接口循环跳转

输入图片说明
日志如下：
2024-01-02 14:00:01,754 DEBUG [http-nio-9527-exec-4] org.maxkey.web.contorller.LoginEntryPoint:112 - /get.
2024-01-02 14:00:01,780 DEBUG [http-nio-9527-exec-9] org.maxkey.authn.jwt.AuthJwtService:127 - JWT Validate true
2024-01-02 14:00:13,747 DEBUG [http-nio-9527-exec-3] org.maxkey.authn.jwt.AuthJwtService:127 - JWT Validate true
2024-01-02 14:00:13,747 DEBUG [http-nio-9527-exec-3] org.maxkey.web.contorller.LoginEntryPoint:223 - Login AuthN Type normal
2024-01-02 14:00:13,748 DEBUG [http-nio-9527-exec-3] org.maxkey.authn.provider.impl.NormalAuthenticationProvider:72 - Trying to authenticate user 'admin' via normalAuthenticationProvider
2024-01-02 14:00:13,749 DEBUG [http-nio-9527-exec-3] org.maxkey.authn.provider.impl.NormalAuthenticationProvider:76 - authentication LoginCredential [congress=null, username=admin, password=maxkey, state=eyJhbGciOiJIUzUxMiJ9.eyJleHAiOjE3MDQxNzU4MDEsImp0aSI6IjkzOTU2MDczNzk1OTgzNzY5NiJ9.azErouXB3rUPRRikNtoO_KFqD0YLTDEPfQFnae9-TbQKjT4RapF_hOA4WfXmsiEyvvyOpI7I9POd1x
c1e2BDnQ, mobile=null, captcha=7209, otpCaptcha=null, remeberMe=false, authType=normal, jwtToken=null, onlineTicket=null, provider=null, code=null, message=success, instId=null, grantedAuthority=null, authenticated=false, roleAdministrators=false]
2024-01-02 14:00:13,750 DEBUG [http-nio-9527-exec-3] org.maxkey.authn.jwt.AuthTokenService:130 - captcha : 7209, momentary Captcha : 7209
2024-01-02 14:00:13,787 DEBUG [http-nio-9527-exec-3] org.maxkey.persistence.repository.LoginRepository:94 - load UserInfo : UserInfo [id=1, username=admin, sharedSecret=$2a$10$9fCKfqQuZNSJMD1BG76eA.9c1aeea18524bb4e28326f725bab917c7b0bfa87594aa38ee5c90f4875f1758616ac3520dc30309900e8e38e79b92529b8e5dbda092c5b40, sharedCounter=0, userType=EMPLOYEE, userState=null,
windowsAccount=adsystemadmin, displayName=系统管理员, nickName=系统管理员, nameZhSpell=null, nameZhShortSpell=null, givenName=admin, middleName=admin, familyName=admin, honorificPrefix=null, honorificSuffix=null, formattedName=null, married=1, gender=1, birthDate=null, idType=1, idCardNo=2342342343242344234, webSite=http://login.maxkey.org/, startWorkDate=null, authnType=0, email=s
himingxy@qq.com, emailVerified=0, mobile=15618726256, mobileVerified=0, passwordQuestion=5, passwordAnswer=wusdfdsf, appLoginAuthnType=0, appLoginPassword=96ba45115416faf22791c13ade20f437, protectedApps=,41065fe3-ae67-4172-a460-fd0079e88294,52f0002d-4ef7-4b27-8c5b-41b9ee80835d,3f57d0b2-99ab-4e66-a938-718befb55369, protectedAppsMap=null, passwordLastSetTime=2022-
04-25 20:12:05, badPasswordCount=0, badPasswordTime=2022-05-22 09:19:11, unLockTime=2022-05-18 03:58:47, isLocked=1, lastLoginTime=2024-01-02 11:18:49, lastLoginIp=192.168.6.15, lastLogoffTime=2024-01-02 11:50:00, passwordSetType=0, loginCount=1731, locale=de, timeZone=Asia/Shanghai, preferredLanguage=zh_CN, workCountry=AFG, workRegion=北京, workLocality=北京, workStree
tAddress=北京, workAddressFormatted=null, workEmail=admin@QxzyC82JWA-mail.com, workPhoneNumber=123123, workPostalCode=123123, workFax=123123, workOfficeName=null, homeCountry=AFG, homeRegion=北京, homeLocality=北京, homeStreetAddress=北京, homeAddressFormatted=null, homeEmail=admin@qq.com, homePhoneNumber=123123, homePostalCode=123123, homeFax=sdf, employeeNumber=2099001, costC
enter=null, organization=总部, division=null, departmentId=105, department=科技部, jobTitle=系统管理员, jobLevel=null, managerId=22222, manager=科技部经理, assistantId=null, assistant=null, entryDate=null, quitDate=null, defineIm=null, weixinFollow=0, theme=default, extraAttribute=null, extraAttributeName=null, extraAttributeValue=null, extraAttributeMap=null, online=0, ldapDn=null, gridList
=0, createdBy=null, createdDate=2014-01-21 00:00:00, modifiedBy=null, modifiedDate=2022-10-09 15:02:22, status=1, description=null]
2024-01-02 14:00:13,788 DEBUG [http-nio-9527-exec-3] org.maxkey.authn.provider.AbstractAuthenticationProvider:164 - User Login.
2024-01-02 14:00:13,791 DEBUG [http-nio-9527-exec-3] org.maxkey.persistence.repository.PasswordPolicyRepository:85 - query PasswordPolicy : PasswordPolicy [id=1, minLength=6, maxLength=20, lowerCase=1, upperCase=1, digits=1, specialChar=1, attempts=6, duration=30, expiration=90, username=0, history=3, dictionary=1, alphabetical=1, numerical=1, qwerty=1, occuranc
es=3, randomPasswordLength=0]
2024-01-02 14:00:13,806 DEBUG [http-nio-9527-exec-3] org.maxkey.persistence.mapper.LdapContextMapper.find:135 - ==> Preparing: SELECT sel_tmp_table.* FROM mxk_ldap_context sel_tmp_table WHERE ( instid = '1')
2024-01-02 14:00:13,807 DEBUG [http-nio-9527-exec-3] org.maxkey.persistence.mapper.LdapContextMapper.find:135 - ==> Parameters:
2024-01-02 14:00:13,812 DEBUG [http-nio-9527-exec-3] org.maxkey.persistence.mapper.LdapContextMapper.find:135 - <== Total: 1
2024-01-02 14:00:13,813 DEBUG [http-nio-9527-exec-3] org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm:121 - passwordvalid : true
2024-01-02 14:00:13,814 INFO [http-nio-9527-exec-3] org.maxkey.persistence.repository.PasswordPolicyValidator:195 - last password set date 2022-04-25 20:12:05
2024-01-02 14:00:13,815 DEBUG [http-nio-9527-exec-3] org.maxkey.persistence.repository.PasswordPolicyValidator:201 - password Last Set duration day 616 , password policy Expiration 90 , validate result false
2024-01-02 14:00:13,818 DEBUG [http-nio-9527-exec-3] org.maxkey.persistence.repository.LoginRepository:224 - list Roles [Roles [id=622178269462003712, roleCode=622178269462003712, roleName=临时用户组, category=null, filters=null, orgIdsList=null, resumeTime=null, suspendTime=null, isdefault=0, description=null, createdBy=null, createdDate=null, modifiedBy=null, modifiedD
ate=null, status=0, instId=null, instName=null], Roles [id=ROLE_ALL_USER, roleCode=ROLE_ALL_USER, roleName=所有认证用户组, category=null, filters=null, orgIdsList=null, resumeTime=null, suspendTime=null, isdefault=0, description=null, createdBy=null, createdDate=null, modifiedBy=null, modifiedDate=null, status=0, instId=null, instName=null], Roles [id=ROLE_ADMINISTRATORS, rol
eCode=ROLE_ADMINISTRATORS, roleName=系统管理员组, category=null, filters=null, orgIdsList=null, resumeTime=null, suspendTime=null, isdefault=0, description=null, createdBy=null, createdDate=null, modifiedBy=null, modifiedDate=null, status=0, instId=null, instName=null], Roles [id=622179422249680896, roleCode=622179422249680896, roleName=HR系统用户组, category=null, filters=null, orgI
dsList=null, resumeTime=null, suspendTime=null, isdefault=0, description=null, createdBy=null, createdDate=null, modifiedBy=null, modifiedDate=null, status=0, instId=null, instName=null], Roles [id=622179552155664384, roleCode=622179552155664384, roleName=办公自动化(OA)用户组, category=null, filters=null, orgIdsList=null, resumeTime=null, suspendTime=null, isdefault=0, descript
ion=null, createdBy=null, createdDate=null, modifiedBy=null, modifiedDate=null, status=0, instId=null, instName=null], Roles [id=622178881788444672, roleCode=622178881788444672, roleName=供应商用户组, category=null, filters=null, orgIdsList=null, resumeTime=null, suspendTime=null, isdefault=0, description=null, createdBy=null, createdDate=null, modifiedBy=null, modifiedDate
=null, status=0, instId=null, instName=null], Roles [id=622179035744567296, roleCode=622179035744567296, roleName=经销商用户组, category=null, filters=null, orgIdsList=null, resumeTime=null, suspendTime=null, isdefault=0, description=null, createdBy=null, createdDate=null, modifiedBy=null, modifiedDate=null, status=0, instId=null, instName=null], Roles [id=62217851812551065
6, roleCode=622178518125510656, roleName=内部用户组, category=null, filters=null, orgIdsList=null, resumeTime=null, suspendTime=null, isdefault=0, description=null, createdBy=null, createdDate=null, modifiedBy=null, modifiedDate=null, status=0, instId=null, instName=null]]
2024-01-02 14:00:13,818 DEBUG [http-nio-9527-exec-3] org.maxkey.persistence.repository.LoginRepository:250 - Authority : [ROLE_USER, ROLE_ALL_USER, ROLE_ORDINARY_USER, 622178269462003712, ROLE_ALL_USER, ROLE_ADMINISTRATORS, 622179422249680896, 622179552155664384, 622178881788444672, 622179035744567296, 622178518125510656]
2024-01-02 14:00:13,819 DEBUG [http-nio-9527-exec-3] org.maxkey.authn.provider.AbstractAuthenticationProvider:121 - Granted Authority [ROLE_USER, ROLE_ALL_USER, ROLE_ORDINARY_USER, 622178269462003712, ROLE_ALL_USER, ROLE_ADMINISTRATORS, 622179422249680896, 622179552155664384, 622178881788444672, 622179035744567296, 622178518125510656]
2024-01-02 14:00:13,823 DEBUG [http-nio-9527-exec-3] org.maxkey.persistence.repository.LoginRepository:211 - list Authorized Apps [001bd032-d132-4747-b434-73f21b352c63, 1327c121-cfad-49ba-bf61-afd3a1e09d5c, 3846cf79-5ed9-4141-9f29-5183acd86208, 1a86bcef-62e9-42e8-88f4-f165cc46cf96, 38c8a544eaa04aaeaa49d9c77ace40cd, 525d261fa3b04d19af0debabbd5a1e2d, 622076759805
923328, 78917a82-1c86-4020-b86a-3b1b350357e3, 5649f603-f2ac-4b0c-8fc3-e80ddce8c443, 622227747938373638, 6c916ccd-3769-4d16-b642-d9c07ea79f28, ae20330a-ef0b-4dad-9f10-d5e3485ca2ad, b32834accb544ea7a9a09dcae4a36403, a927d62a-3a91-45a7-b85d-29cb22774031, 9cdbccbe-47a0-4adb-9d3d-7e0eceacaace, 97d2ab32-b88f-41c4-9c6b-b8a53ac504ee, 9e36af33-11b8-4208-a902-6bf7a635ecce
, f1e33b71-f553-42ab-ae91-2fd913854cda, fe86db85-5475-4494-b5aa-dbd3b886ff64, 632279563832918016, c8038bd4-12a4-4b45-9d43-61b3ecdc2eb4, 850379a1-7923-4f6b-90be-d363b2dfd2ca, 41065fe3-ae67-4172-a460-fd0079e88294, 889598393536479232]
2024-01-02 14:00:13,824 DEBUG [http-nio-9527-exec-3] org.maxkey.authn.provider.impl.NormalAuthenticationProvider:107 - 'admin' authenticated successfully by normalAuthenticationProvider.
2024-01-02 14:00:13,825 DEBUG [http-nio-9527-exec-3] org.maxkey.authn.realm.AbstractAuthenticationRealm:132 - user session id is 939560788543143936 .
2024-01-02 14:00:13,826 DEBUG [http-nio-9527-exec-3] org.maxkey.persistence.repository.LoginHistoryRepository:41 - historyLogin HistoryLogin [id=939560788585086976, sessionId=939560788543143936, userId=1, username=admin, displayName=系统管理员, loginType=Local Login, message=success, code=xe00000004, provider=, sourceIp=192.168.6.15, ipRegion=null, ipLocation=null, brows
er=Chrome/120, platform=Macintosh; Intel Ma, application=null, loginUrl=/sign/login/signin, loginTime=null, logoutTime=null, instId=1, instName=null, sessionStatus=1, startDate=null, endDate=null]
2024-01-02 14:00:13,872 DEBUG [http-nio-9527-exec-2] org.maxkey.authn.jwt.AuthJwtService:127 - JWT Validate true
2024-01-02 14:00:13,873 DEBUG [http-nio-9527-exec-2] org.maxkey.web.interceptor.SingleSignOnInterceptor:83 - preHandle /sign/authz/cas/login
2024-01-02 14:00:13,874 DEBUG [http-nio-9527-exec-2] org.maxkey.web.interceptor.SingleSignOnInterceptor:89 - authz cas branch ...
2024-01-02 14:00:13,878 DEBUG [http-nio-9527-exec-2] org.maxkey.persistence.mapper.AppsCasDetailsMapper.getAppDetails:135 - ==> Preparing: select * from mxk_apps_cas_details cd, mxk_apps app where app.instid = cd.instid and cd.id = app.id and ( app.id = ? or lower(cd.service) = lower(substring(?,1,length(cd.service))) )
2024-01-02 14:00:13,879 DEBUG [http-nio-9527-exec-2] org.maxkey.persistence.mapper.AppsCasDetailsMapper.getAppDetails:135 - ==> Parameters: http://192.168.202.102:10002/login/cas(String), http://192.168.202.102:10002/login/cas(String)
2024-01-02 14:00:13,884 DEBUG [http-nio-9527-exec-2] org.maxkey.persistence.mapper.AppsCasDetailsMapper.getAppDetails:135 - <== Total: 1
2024-01-02 14:00:13,884 DEBUG [http-nio-9527-exec-2] org.maxkey.web.interceptor.SingleSignOnInterceptor:115 - preHandle app info AppsCasDetails [id=null, service=http://192.168.202.102:10002/, expires=300, callbackUrl=http://192.168.202.102:10002/hello, instId=1, instName=null]
2024-01-02 14:00:13,885 DEBUG [http-nio-9527-exec-2] org.maxkey.authz.cas.endpoint.CasAuthorizeEndpoint:95 - Detail AppsCasDetails [id=null, service=http://192.168.202.102:10002/, expires=300, callbackUrl=http://192.168.202.102:10002/hello, instId=1, instName=null]
2024-01-02 14:00:13,885 DEBUG [http-nio-9527-exec-2] org.maxkey.authz.cas.endpoint.CasAuthorizeEndpoint:98 - CAS Parameter service = http://192.168.202.102:10002/login/cas
2024-01-02 14:00:13,890 DEBUG [http-nio-9527-exec-6] org.maxkey.authn.jwt.AuthJwtService:127 - JWT Validate true
2024-01-02 14:00:13,894 DEBUG [http-nio-9527-exec-5] org.maxkey.authn.jwt.AuthJwtService:127 - JWT Validate true
2024-01-02 14:00:13,894 DEBUG [http-nio-9527-exec-6] org.maxkey.persistence.mapper.AppsMapper.queryMyApps:135 - ==> Preparing: select distinct app.* from mxk_apps app,mxk_role_permissions p,mxk_roles r where app.id = p.appid and p.roleid = r.id and app.instid = ? and p.instid = ? and r.instid = ? and app.visible != 0 and r.id in( select id as roleid from mxk_ro
les where rolecode = 'ROLE_ALL_USER' union select rm.roleid from mxk_role_member rm,mxk_userinfo u where rm.memberid = u.id and u.username = ? ) order by sortindex
2024-01-02 14:00:13,894 DEBUG [http-nio-9527-exec-5] org.maxkey.web.interceptor.SingleSignOnInterceptor:83 - preHandle /sign/authz/cas/granting
2024-01-02 14:00:13,895 DEBUG [http-nio-9527-exec-5] org.maxkey.web.interceptor.SingleSignOnInterceptor:115 - preHandle app info AppsCasDetails [id=null, service=http://192.168.202.102:10002/, expires=300, callbackUrl=http://192.168.202.102:10002/hello, instId=1, instName=null]
2024-01-02 14:00:13,895 DEBUG [http-nio-9527-exec-6] org.maxkey.persistence.mapper.AppsMapper.queryMyApps:135 - ==> Parameters: 1(String), 1(String), 1(String), admin(String)
2024-01-02 14:00:13,896 DEBUG [http-nio-9527-exec-5] org.maxkey.authz.cas.endpoint.CasAuthorizeEndpoint:171 - redirect to CAS Client URL http://192.168.202.102:10002/hello?ticket=ST-976-ytDolXg656IBAlkHntQ795JNrmbT6bRZhcq&service=http://192.168.202.102:10002/
2024-01-02 14:00:13,896 DEBUG [http-nio-9527-exec-5] org.maxkey.web.interceptor.HistorySignOnAppInterceptor:58 - postHandle
2024-01-02 14:00:13,897 DEBUG [http-nio-9527-exec-5] org.maxkey.web.interceptor.HistorySignOnAppInterceptor:66 - sessionId : 939560788543143936 ,appId : 889598393536479232
2024-01-02 14:00:13,929 DEBUG [http-nio-9527-exec-6] org.maxkey.persistence.mapper.AppsMapper.queryMyApps:135 - <== Total: 22
2024-01-02 14:00:13,934 DEBUG [http-nio-9527-exec-5] org.maxkey.persistence.mapper.HistoryLoginAppsMapper.insert:135 - ==> Preparing: INSERT INTO mxk_history_login_apps (id, sessionid, appid, appname, userid, username, displayname, instid) VALUES (?, ?, ?, ?, ?, ?, ?, ?)
2024-01-02 14:00:13,936 DEBUG [http-nio-9527-exec-5] org.maxkey.persistence.mapper.HistoryLoginAppsMapper.insert:135 - ==> Parameters: 939560788891271168(String), 939560788543143936(String), 889598393536479232(String), unicom-cas-demo(String), 1(String), admin(String), 系统管理员(String), 1(String)
2024-01-02 14:00:13,946 DEBUG [http-nio-9527-exec-5] org.maxkey.persistence.mapper.HistoryLoginAppsMapper.insert:135 - <== Updates: 1
2024-01-02 14:00:14,330 DEBUG [http-nio-9527-exec-7] org.maxkey.authn.jwt.AuthJwtService:127 - JWT Validate true
2024-01-02 14:00:14,330 DEBUG [http-nio-9527-exec-7] org.maxkey.web.interceptor.SingleSignOnInterceptor:83 - preHandle /sign/authz/cas/login
2024-01-02 14:00:14,331 DEBUG [http-nio-9527-exec-7] org.maxkey.web.interceptor.SingleSignOnInterceptor:115 - preHandle app info AppsCasDetails [id=null, service=http://192.168.202.102:10002/, expires=300, callbackUrl=http://192.168.202.102:10002/hello, instId=1, instName=null]
2024-01-02 14:00:14,332 DEBUG [http-nio-9527-exec-7] org.maxkey.authz.cas.endpoint.CasAuthorizeEndpoint:95 - Detail AppsCasDetails [id=null, service=http://192.168.202.102:10002/, expires=300, callbackUrl=http://192.168.202.102:10002/hello, instId=1, instName=null]
2024-01-02 14:00:14,332 DEBUG [http-nio-9527-exec-7] org.maxkey.authz.cas.endpoint.CasAuthorizeEndpoint:98 - CAS Parameter service = http://192.168.202.102:10002/login/cas
2024-01-02 14:00:14,339 DEBUG [http-nio-9527-exec-8] org.maxkey.authn.jwt.AuthJwtService:127 - JWT Validate true
2024-01-02 14:00:14,339 DEBUG [http-nio-9527-exec-8] org.maxkey.web.interceptor.SingleSignOnInterceptor:83 - preHandle /sign/authz/cas/granting
2024-01-02 14:00:14,340 DEBUG [http-nio-9527-exec-8] org.maxkey.web.interceptor.SingleSignOnInterceptor:115 - preHandle app info AppsCasDetails [id=null, service=http://192.168.202.102:10002/, expires=300, callbackUrl=http://192.168.202.102:10002/hello, instId=1, instName=null]
2024-01-02 14:00:14,340 DEBUG [http-nio-9527-exec-8] org.maxkey.authz.cas.endpoint.CasAuthorizeEndpoint:171 - redirect to CAS Client URL http://192.168.202.102:10002/hello?ticket=ST-977-HZgMUZrnnSkjUBZyGg43iRZbdjcEnKi0sOO&service=http://192.168.202.102:10002/
2024-01-02 14:00:14,341 DEBUG [http-nio-9527-exec-8] org.maxkey.web.interceptor.HistorySignOnAppInterceptor:58 - postHandle
2024-01-02 14:00:14,341 DEBUG [http-nio-9527-exec-8] org.maxkey.web.interceptor.HistorySignOnAppInterceptor:66 - sessionId : 939560788543143936 ,appId : 889598393536479232
2024-01-02 14:00:14,343 DEBUG [http-nio-9527-exec-8] org.maxkey.persistence.mapper.HistoryLoginAppsMapper.insert:135 - ==> Preparing: INSERT INTO mxk_history_login_apps (id, sessionid, appid, appname, userid, username, displayname, instid) VALUES (?, ?, ?, ?, ?, ?, ?, ?)
2024-01-02 14:00:14,344 DEBUG [http-nio-9527-exec-8] org.maxkey.persistence.mapper.HistoryLoginAppsMapper.insert:135 - ==> Parameters: 939560790753542144(String), 939560788543143936(String), 889598393536479232(String), unicom-cas-demo(String), 1(String), admin(String), 系统管理员(String), 1(String)
2024-01-02 14:00:14,354 DEBUG [http-nio-9527-exec-8] org.maxkey.persistence.mapper.HistoryLoginAppsMapper.insert:135 - <== Updates: 1
2024-01-02 14:00:14,618 DEBUG [http-nio-9527-exec-10] org.maxkey.authn.jwt.AuthJwtService:127 - JWT Validate true
2024-01-02 14:00:14,619 DEBUG [http-nio-9527-exec-10] org.maxkey.web.interceptor.SingleSignOnInterceptor:83 - preHandle /sign/authz/cas/login
2024-01-02 14:00:14,619 DEBUG [http-nio-9527-exec-10] org.maxkey.web.interceptor.SingleSignOnInterceptor:115 - preHandle app info AppsCasDetails [id=null, service=http://192.168.202.102:10002/, expires=300, callbackUrl=http://192.168.202.102:10002/hello, instId=1, instName=null]
2024-01-02 14:00:14,620 DEBUG [http-nio-9527-exec-10] org.maxkey.authz.cas.endpoint.CasAuthorizeEndpoint:95 - Detail AppsCasDetails [id=null, service=http://192.168.202.102:10002/, expires=300, callbackUrl=http://192.168.202.102:10002/hello, instId=1, instName=null]
2024-01-02 14:00:14,620 DEBUG [http-nio-9527-exec-10] org.maxkey.authz.cas.endpoint.CasAuthorizeEndpoint:98 - CAS Parameter service = http://192.168.202.102:10002/login/cas
2024-01-02 14:00:14,627 DEBUG [http-nio-9527-exec-1] org.maxkey.authn.jwt.AuthJwtService:127 - JWT Validate true
2024-01-02 14:00:14,627 DEBUG [http-nio-9527-exec-1] org.maxkey.web.interceptor.SingleSignOnInterceptor:83 - preHandle /sign/authz/cas/granting
2024-01-02 14:00:14,628 DEBUG [http-nio-9527-exec-1] org.maxkey.web.interceptor.SingleSignOnInterceptor:115 - preHandle app info AppsCasDetails [id=null, service=http://192.168.202.102:10002/, expires=300, callbackUrl=http://192.168.202.102:10002/hello, instId=1, instName=null]
2024-01-02 14:00:14,628 DEBUG [http-nio-9527-exec-1] org.maxkey.authz.cas.endpoint.CasAuthorizeEndpoint:171 - redirect to CAS Client URL http://192.168.202.102:10002/hello?ticket=ST-978-74ddAEoFmjoZ3WsNm5k152OVYzR5vtVwpc5&service=http://192.168.202.102:10002/
2024-01-02 14:00:14,629 DEBUG [http-nio-9527-exec-1] org.maxkey.web.interceptor.HistorySignOnAppInterceptor:58 - postHandle
2024-01-02 14:00:14,629 DEBUG [http-nio-9527-exec-1] org.maxkey.web.interceptor.HistorySignOnAppInterceptor:66 - sessionId : 939560788543143936 ,appId : 889598393536479232

配置如下

CAS配置

@configuration
public class CasConfig {

@Value("${cas.server.url}")
private String casServerUrl;
@Value("${base.url}")
private String baseUrl;

@Bean
public AuthenticationEntryPoint authenticationEntryPoint() {
    CasAuthenticationEntryPoint entryPoint = new CasAuthenticationEntryPoint();
    entryPoint.setLoginUrl(casServerUrl + "/login");
    entryPoint.setServiceProperties(this.serviceProperties());
    return entryPoint;
}

@Bean
protected AuthenticationManager authenticationManager() throws Exception {
    return new ProviderManager(this.casAuthenticationProvider());
}

@Bean
public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
    CasAuthenticationFilter filter = new CasAuthenticationFilter();
    filter.setAuthenticationManager(this.authenticationManager());
    filter.setServiceProperties(this.serviceProperties());
    return filter;
}

@Bean
public ServiceProperties serviceProperties() {
    ServiceProperties serviceProperties = new ServiceProperties();
    serviceProperties.setService(baseUrl + "/caslogin");
    serviceProperties.setSendRenew(false);
    return serviceProperties;
}

@Bean
public TicketValidator ticketValidator() {
    return new Cas30ServiceTicketValidator(casServerUrl + "/");
}

@Bean
public CasAuthenticationProvider casAuthenticationProvider() {
    CasAuthenticationProvider provider = new CasAuthenticationProvider();
    provider.setServiceProperties(this.serviceProperties());
    provider.setTicketValidator(this.ticketValidator());
    provider.setUserDetailsService(new CustomUserDetailsService());
    provider.setKey("CAS_PROVIDER_LOCALHOST");
    return provider;
}

@Bean
public SecurityContextLogoutHandler securityContextLogoutHandler() {
    return new SecurityContextLogoutHandler();
}

@Bean
public LogoutFilter logoutFilter() {
    LogoutFilter logoutFilter = new LogoutFilter(casServerUrl + "/logout?service=" + baseUrl,
            securityContextLogoutHandler());
    logoutFilter.setFilterProcessesUrl("/logout/cas");
    return logoutFilter;
}

@Bean
public SingleSignOutFilter singleSignOutFilter() {
    SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
    singleSignOutFilter.setIgnoreInitConfiguration(true);
    return singleSignOutFilter;
}

}

spring security配置

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Devos
private SingleSignOutFilter singleSignOutFilter;
@Devos
private LogoutFilter logoutFilter;
@Devos
private AuthenticationEntryPoint authenticationEntryPoint;
@Devos
private CasAuthenticationFilter casAuthenticationFilter;

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/login/cas").permitAll()
            .anyRequest().authenticated()
            .and().httpBasic().authenticationEntryPoint(authenticationEntryPoint)
            .and()
            .addFilter(casAuthenticationFilter)
            .addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class)
            .addFilterBefore(logoutFilter, LogoutFilter.class);
}

}

配置文件配置：
base.url=http://192.168.202.102:10002
cas.server.url=http://192.168.202.102:8080/sign/authz/cas

maxkey配置:
输入图片说明

浏览器登录及之后请求列表

curl 'http://192.168.202.102:8080/sign/login/signin?_allow_anonymous=true'
-H 'Accept: application/json, text/plain, /'
-H 'Accept-Language: zh-CN'
-H 'AuthServer: MaxKey'
-H 'Authorization: Bearer undefined'
-H 'Connection: keep-alive'
-H 'Content-Type: application/json'
-H 'Cookie: JSESSIONID=9141D77E9E1341FA6F95CF5E30FD609A; Hm_lvt_ae02bfc0d49b4dfa890f81d96472fe99=1703583045,1703723794,1704159382,1704161757; congress=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImluc3RpdHV0aW9uIjoiMSIsImtpZCI6Im14a19hdXRoX2p3ayIsImlzcyI6Imh0dHA6Ly9zc28ubWF4a2V5LnRvcDo5NTI3L3NpZ24iLCJleHAiOjE3MDQxNzU4MTMsImxvY2FsZSI6ImRlIiwiaWF0IjoxNzA0MTc1MjEzLCJqdGkiOiI5Mzk1NjA3ODg1NDMxNDM5MzYifQ.-6DyjGgOfFiyFtjL8n_edssaUTN8iQy0MQuKJdsh5kUkKWGC3orxnV4_HhtaqIMbpi_oAQ4wVAMdjW38kpedHw; online_ticket=939560788543143936; Hm_lpvt_ae02bfc0d49b4dfa890f81d96472fe99=1704175216; JSESSIONID=AF72101AFF31D90403142BC4E0152E1A'
-H 'Origin: http://192.168.202.102:8080'
-H 'Referer: http://192.168.202.102:8080/maxkey/'
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'
-H 'hostname: 192.168.202.102'
--data-raw '{"authType":"normal","state":"eyJhbGciOiJIUzUxMiJ9.eyJleHAiOjE3MDQxNzY3NTYsImp0aSI6IjkzOTU2NDc0MjQyMTI1MDA0OCJ9.3rxnGQ3ehpceljedZtvJaI76iSmytaxwF35v0Wba6gmc10y1_rx9aLr6-xYVS_01JYbTNEDxLYUd1q-Z1spw2A","username":"admin","password":"maxkey","captcha":"4751","mobile":null,"otpCaptcha":null,"remeberMe":false}'
--compressed
--insecure

curl 'http://192.168.202.102:8080/sign/authz/cas/login?service=http%3A%2F%2F192.168.202.102%3A10002%2Fcaslogin'
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7'
-H 'Accept-Language: zh-CN,zh;q=0.9,en;q=0.8'
-H 'Connection: keep-alive'
-H 'Cookie: JSESSIONID=9141D77E9E1341FA6F95CF5E30FD609A; Hm_lvt_ae02bfc0d49b4dfa890f81d96472fe99=1703583045,1703723794,1704159382,1704161757; Hm_lpvt_ae02bfc0d49b4dfa890f81d96472fe99=1704175216; JSESSIONID=AF72101AFF31D90403142BC4E0152E1A; congress=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImluc3RpdHV0aW9uIjoiMSIsImtpZCI6Im14a19hdXRoX2p3ayIsImlzcyI6Imh0dHA6Ly9zc28ubWF4a2V5LnRvcDo5NTI3L3NpZ24iLCJleHAiOjE3MDQxNzY3ODMsImxvY2FsZSI6ImRlIiwiaWF0IjoxNzA0MTc2MTgzLCJqdGkiOiI5Mzk1NjQ4NTcyNDQ1MTYzNTIifQ.Zc6ZEy6Rny7iBva_uqcIjkqdUirXvJTTmZU9oYr6jsMLIoSPpl5bsKkwemI3JPW9Ns7zEVeueMkRgokHtNKA1w; online_ticket=939564857244516352'
-H 'Referer: http://192.168.202.102:8080/maxkey/'
-H 'Upgrade-Insecure-Requests: 1'
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'
--compressed
--insecure

curl 'http://192.168.202.102:8080/sign/appList'
-H 'Accept: application/json, text/plain, /'
-H 'Accept-Language: zh-CN'
-H 'AuthServer: MaxKey'
-H 'Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImluc3RpdHV0aW9uIjoiMSIsImtpZCI6Im14a19hdXRoX2p3ayIsImlzcyI6Imh0dHA6Ly9zc28ubWF4a2V5LnRvcDo5NTI3L3NpZ24iLCJleHAiOjE3MDQxNzY3ODMsImxvY2FsZSI6ImRlIiwiaWF0IjoxNzA0MTc2MTgzLCJqdGkiOiI5Mzk1NjQ4NTcyNDQ1MTYzNTIifQ.Zc6ZEy6Rny7iBva_uqcIjkqdUirXvJTTmZU9oYr6jsMLIoSPpl5bsKkwemI3JPW9Ns7zEVeueMkRgokHtNKA1w'
-H 'Connection: keep-alive'
-H 'Cookie: JSESSIONID=9141D77E9E1341FA6F95CF5E30FD609A; Hm_lvt_ae02bfc0d49b4dfa890f81d96472fe99=1703583045,1703723794,1704159382,1704161757; Hm_lpvt_ae02bfc0d49b4dfa890f81d96472fe99=1704175216; JSESSIONID=AF72101AFF31D90403142BC4E0152E1A; congress=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImluc3RpdHV0aW9uIjoiMSIsImtpZCI6Im14a19hdXRoX2p3ayIsImlzcyI6Imh0dHA6Ly9zc28ubWF4a2V5LnRvcDo5NTI3L3NpZ24iLCJleHAiOjE3MDQxNzY3ODMsImxvY2FsZSI6ImRlIiwiaWF0IjoxNzA0MTc2MTgzLCJqdGkiOiI5Mzk1NjQ4NTcyNDQ1MTYzNTIifQ.Zc6ZEy6Rny7iBva_uqcIjkqdUirXvJTTmZU9oYr6jsMLIoSPpl5bsKkwemI3JPW9Ns7zEVeueMkRgokHtNKA1w; online_ticket=939564857244516352'
-H 'Referer: http://192.168.202.102:8080/maxkey/'
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'
-H 'hostname: 192.168.202.102'
-H 'token: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImluc3RpdHV0aW9uIjoiMSIsImtpZCI6Im14a19hdXRoX2p3ayIsImlzcyI6Imh0dHA6Ly9zc28ubWF4a2V5LnRvcDo5NTI3L3NpZ24iLCJleHAiOjE3MDQxNzY3ODMsImxvY2FsZSI6ImRlIiwiaWF0IjoxNzA0MTc2MTgzLCJqdGkiOiI5Mzk1NjQ4NTcyNDQ1MTYzNTIifQ.Zc6ZEy6Rny7iBva_uqcIjkqdUirXvJTTmZU9oYr6jsMLIoSPpl5bsKkwemI3JPW9Ns7zEVeueMkRgokHtNKA1w'
--compressed

curl 'http://192.168.202.102:8080/sign/authz/cas/granting'
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7'
-H 'Accept-Language: zh-CN,zh;q=0.9,en;q=0.8'
-H 'Connection: keep-alive'
-H 'Cookie: JSESSIONID=9141D77E9E1341FA6F95CF5E30FD609A; Hm_lvt_ae02bfc0d49b4dfa890f81d96472fe99=1703583045,1703723794,1704159382,1704161757; Hm_lpvt_ae02bfc0d49b4dfa890f81d96472fe99=1704175216; JSESSIONID=AF72101AFF31D90403142BC4E0152E1A; congress=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImluc3RpdHV0aW9uIjoiMSIsImtpZCI6Im14a19hdXRoX2p3ayIsImlzcyI6Imh0dHA6Ly9zc28ubWF4a2V5LnRvcDo5NTI3L3NpZ24iLCJleHAiOjE3MDQxNzY3ODMsImxvY2FsZSI6ImRlIiwiaWF0IjoxNzA0MTc2MTgzLCJqdGkiOiI5Mzk1NjQ4NTcyNDQ1MTYzNTIifQ.Zc6ZEy6Rny7iBva_uqcIjkqdUirXvJTTmZU9oYr6jsMLIoSPpl5bsKkwemI3JPW9Ns7zEVeueMkRgokHtNKA1w; online_ticket=939564857244516352'
-H 'Referer: http://192.168.202.102:8080/maxkey/'
-H 'Upgrade-Insecure-Requests: 1'
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'
--compressed
--insecure

curl 'http://192.168.202.102:10002/hello?ticket=ST-987-cT7Kvirxa4IR6TYkzoBESMh4WX9axAZ0rTI&service=http://192.168.202.102:10002/'
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7'
-H 'Accept-Language: zh-CN,zh;q=0.9,en;q=0.8'
-H 'Connection: keep-alive'
-H 'Cookie: Hm_lvt_ae02bfc0d49b4dfa890f81d96472fe99=1703583045,1703723794,1704159382,1704161757; JSESSIONID=AF72101AFF31D90403142BC4E0152E1A; congress=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImluc3RpdHV0aW9uIjoiMSIsImtpZCI6Im14a19hdXRoX2p3ayIsImlzcyI6Imh0dHA6Ly9zc28ubWF4a2V5LnRvcDo5NTI3L3NpZ24iLCJleHAiOjE3MDQxNzY3ODMsImxvY2FsZSI6ImRlIiwiaWF0IjoxNzA0MTc2MTgzLCJqdGkiOiI5Mzk1NjQ4NTcyNDQ1MTYzNTIifQ.Zc6ZEy6Rny7iBva_uqcIjkqdUirXvJTTmZU9oYr6jsMLIoSPpl5bsKkwemI3JPW9Ns7zEVeueMkRgokHtNKA1w; online_ticket=939564857244516352; Hm_lpvt_ae02bfc0d49b4dfa890f81d96472fe99=1704176184'
-H 'Referer: http://192.168.202.102:8080/'
-H 'Upgrade-Insecure-Requests: 1'
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'
--compressed
--insecure

curl 'http://192.168.202.102:8080/sign/authz/cas/login?service=http%3A%2F%2F192.168.202.102%3A10002%2Fcaslogin'
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7'
-H 'Accept-Language: zh-CN,zh;q=0.9,en;q=0.8'
-H 'Connection: keep-alive'
-H 'Cookie: JSESSIONID=9141D77E9E1341FA6F95CF5E30FD609A; Hm_lvt_ae02bfc0d49b4dfa890f81d96472fe99=1703583045,1703723794,1704159382,1704161757; JSESSIONID=AF72101AFF31D90403142BC4E0152E1A; congress=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImluc3RpdHV0aW9uIjoiMSIsImtpZCI6Im14a19hdXRoX2p3ayIsImlzcyI6Imh0dHA6Ly9zc28ubWF4a2V5LnRvcDo5NTI3L3NpZ24iLCJleHAiOjE3MDQxNzY3ODMsImxvY2FsZSI6ImRlIiwiaWF0IjoxNzA0MTc2MTgzLCJqdGkiOiI5Mzk1NjQ4NTcyNDQ1MTYzNTIifQ.Zc6ZEy6Rny7iBva_uqcIjkqdUirXvJTTmZU9oYr6jsMLIoSPpl5bsKkwemI3JPW9Ns7zEVeueMkRgokHtNKA1w; online_ticket=939564857244516352; Hm_lpvt_ae02bfc0d49b4dfa890f81d96472fe99=1704176184'
-H 'Referer: http://192.168.202.102:8080/'
-H 'Upgrade-Insecure-Requests: 1'
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'
--compressed
--insecure

curl 'http://192.168.202.102:8080/sign/authz/cas/granting'
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7'
-H 'Accept-Language: zh-CN,zh;q=0.9,en;q=0.8'
-H 'Connection: keep-alive'
-H 'Cookie: JSESSIONID=9141D77E9E1341FA6F95CF5E30FD609A; Hm_lvt_ae02bfc0d49b4dfa890f81d96472fe99=1703583045,1703723794,1704159382,1704161757; JSESSIONID=AF72101AFF31D90403142BC4E0152E1A; congress=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImluc3RpdHV0aW9uIjoiMSIsImtpZCI6Im14a19hdXRoX2p3ayIsImlzcyI6Imh0dHA6Ly9zc28ubWF4a2V5LnRvcDo5NTI3L3NpZ24iLCJleHAiOjE3MDQxNzY3ODMsImxvY2FsZSI6ImRlIiwiaWF0IjoxNzA0MTc2MTgzLCJqdGkiOiI5Mzk1NjQ4NTcyNDQ1MTYzNTIifQ.Zc6ZEy6Rny7iBva_uqcIjkqdUirXvJTTmZU9oYr6jsMLIoSPpl5bsKkwemI3JPW9Ns7zEVeueMkRgokHtNKA1w; online_ticket=939564857244516352; Hm_lpvt_ae02bfc0d49b4dfa890f81d96472fe99=1704176184'
-H 'Referer: http://192.168.202.102:8080/'
-H 'Upgrade-Insecure-Requests: 1'
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'
--compressed
--insecure

认证系统认证通过了，返回了ticket，请检查应用配置的ticket验证地址是否正确

配置文件cas.server.url=http://192.168.202.102:8080/sign/authz/cas 这个也是我们服务搭建的地址

@Value("${cas.server.url}")
private String casServerUrl;

@Bean
public TicketValidator ticketValidator() {
   return new Cas30ServiceTicketValidator(casServerUrl + "/");
}

票据验证地址配置应该是没问题的，使用spring security接入的上面贴了地址，可以研究下，@RequestMapping(CasConstants.ENDPOINT.ENDPOINT_SERVICE_TICKET_GRANTING) 票据生成成功后，重定向到cas_sso_submint.ftl，这里面前端一直在重定向

输入图片说明

ps：使用springboot接入cas单点就ok，spring security就有问题

如果需要其他信息还可以提供，希望解决一下一起做成一个spring security接入的样例

请把你的工程提交到https://gitee.com/dromara/MaxKey/tree/main/integrations下

已提交，希望有时间看下，运行一下，看看能不能复现这个问题

GVP dromara / MaxKey

内容风险标识

评论 (5)

GVPdromara / MaxKey

内容风险标识