CAS单点登录学习笔记--SpringBoot+CAS Client 单点退出(二)
在前一篇博客中,主要是CAS Server环境搭建,其中遇到了各种问题。现在把客户端搭建过程记录一下,cas客户端这里采用SpringBoot+CAS Client搭建。修改hosts文件配置cas server和cas客户端cas-client1,cas-client2的域名:
127.0.0.1 cas.server.com
127.0.0.1 cas.client1.com
127.0.0.1 cas.client2.com
注意:cas server的cas.properties中的一下配置要修改,这样登出的时候才会按照传的地址跳转
cas.logout.followServiceRedirects=false
1、新建一个maven父模块cas-demo,然后新建两个客户端应用cas-client1,cas-client2(实际可以通过读取不同的配置)。
2、父模块pom.xml
4.0.0
org.springframework.boot
spring-boot-starter-parent
2.1.5.RELEASE
com.cas
cas-demo
pom
1.0-SNAPSHOT
cas-client1
cas-client2
3、另个cas-client的pom.xml一样
cas-demo
com.cas
1.0-SNAPSHOT
4.0.0
cas-client1
1.8
org.springframework.boot
spring-boot-starter-web
net.unicon.cas
cas-client-autoconfig-support
1.5.0-GA
org.springframework.boot
spring-boot-starter-thymeleaf
org.springframework.boot
spring-boot-starter-test
test
org.springframework.boot
spring-boot-maven-plugin
4、cas-client1的application.properties配置:
#项目端口
server.port=8088
#填CAS服务器的前缀
cas.server-url-prefix=https://cas.server.com:8443/cas
#填CAS服务器的登录地址
cas.server-login-url=https://cas.server.com:8443/cas/login
#填客户端的访问前缀 www.crm.com是在host文件中配置的映射,映射到127.0.0.1
cas.client-host-url=http://cas.client1.com:8088
cas.use-session=true
cas.validation-type=cas
#自定义的退出url,退出成功后跳转到 http://cas.client1.com:9002/logout/success
casClientLogoutUrl=https://cas.server.com:8443/cas/logout?service=http://cas.client1.com:8088/logout/success
#CAS验证白名单
udf.ignorePattern=/logout/success|/index
#自定义验证类型自定义UrlPatternMatcherStrategy
udf.ignoreUrlPatternType=
5、cas-client2的application.properties配置:
#项目端口
server.port=8089
#填CAS服务器的前缀
cas.server-url-prefix=https://cas.server.com:8443/cas
#填CAS服务器的登录地址
cas.server-login-url=https://cas.server.com:8443/cas/login
#填客户端的访问前缀 www.crm.com是在host文件中配置的映射,映射到127.0.0.1
cas.client-host-url=http://cas.client2.com:8089
cas.use-session=true
cas.validation-type=cas
#自定义的退出url,退出成功后跳转到 http://cas.client1.com:9002/logout/success
casClientLogoutUrl=https://cas.server.com:8443/cas/logout?service=http://cas.client2.com:8089/logout/success
#CAS验证白名单
udf.ignorePattern=/logout/success|/index
#自定义验证类型自定义UrlPatternMatcherStrategy
udf.ignoreUrlPatternType=
6、新建cas的配置类,配置登出拦截器,权限校验拦截器
package com.example.casclient.config;
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.EventListener;
import java.util.HashMap;
import java.util.Map;
@Configuration
public class CASAutoConfig {
@Value("${cas.server-url-prefix}")
private String serverUrlPrefix;
@Value("${cas.server-login-url}")
private String serverLoginUrl;
@Value("${cas.client-host-url}")
private String clientHostUrl;
@Value("${udf.ignorePattern}")
private String ignorePattern;
@Value("${udf.ignoreUrlPatternType}")
private String ignoreUrlPatternType;
/**
* 配置登出过滤器(过滤器顺序有要求,先登出-》授权过滤器-》配置过滤验证器-》wraper过滤器)
* @return
*/
@Bean
public FilterRegistrationBean filterSingleRegistration() {
final FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new SingleSignOutFilter());
// 设定匹配的路径
registration.addUrlPatterns("/*");
Map initParameters = new HashMap();
initParameters.put("casServerUrlPrefix", serverUrlPrefix);
registration.setInitParameters(initParameters);
// 设定加载的顺序
registration.setOrder(1);
return registration;
}
/**
* 配置授权过滤器
* @return
*/
@Bean
public FilterRegistrationBean filterAuthenticationRegistration() {
final FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new AuthenticationFilter());
// 设定匹配的路径
registration.addUrlPatterns("/*");
Map initParameters = new HashMap();
initParameters.put("casServerLoginUrl", serverLoginUrl);
initParameters.put("serverName", clientHostUrl);
if(ignorePattern != null && !"".equals(ignorePattern)){
initParameters.put("ignorePattern", ignorePattern);
}
//自定义UrlPatternMatcherStrategy 验证规则
if(ignoreUrlPatternType != null && !"".equals(ignoreUrlPatternType)){
initParameters.put("ignoreUrlPatternType", ignoreUrlPatternType);
}
registration.setInitParameters(initParameters);
// 设定加载的顺序
registration.setOrder(2);
return registration;
}
/**
* 配置过滤验证器 这里用的是Cas30ProxyReceivingTicketValidationFilter
* @return
*/
@Bean
public FilterRegistrationBean filterValidationRegistration() {
final FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new Cas30ProxyReceivingTicketValidationFilter());
// 设定匹配的路径
registration.addUrlPatterns("/*");
Map initParameters = new HashMap();
initParameters.put("casServerUrlPrefix", serverUrlPrefix);
initParameters.put("serverName", clientHostUrl);
initParameters.put("useSession", "true");
registration.setInitParameters(initParameters);
// 设定加载的顺序
registration.setOrder(3);
return registration;
}
/**
* request wraper过滤器
* @return
*/
@Bean
public FilterRegistrationBean filterWrapperRegistration() {
final FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new HttpServletRequestWrapperFilter());
// 设定匹配的路径
registration.addUrlPatterns("/*");
// 设定加载的顺序
registration.setOrder(4);
return registration;
}
/**
* 添加监听器
* @return
*/
@Bean
public ServletListenerRegistrationBean singleSignOutListenerRegistration() {
ServletListenerRegistrationBean registrationBean = new ServletListenerRegistrationBean();
registrationBean.setListener(new SingleSignOutHttpSessionListener());
registrationBean.setOrder(1);
return registrationBean;
}
}
7、修改启动类
@SpringBootApplication
@EnableCasClient
public class CasClientDemoApplication {
public static void main(String[] args) {
SpringApplication.run(CasClientDemoApplication.class, args);
}
}
8、在template下新建hello.html,index.html,logoutsuccess.html
hello.html:
Title
This is cas clientB
back to index
logout
index.html
Title
this is cas client B
clien B
logoutsuccess.html
Title
Client B Logout success!
back to index
9、启动cas server,cas-client1,cas-client2。发现cas-client1和cas-client2已经实现了单点登录,单点退出。
备注说明:
我自己在搭建客户端的时候遇到了一下问题:
1、报证书问题,sun.security.validator.ValidatorException: PKIX path building failed。
这是因为证书没有导入到JDK,搭建cas server的时候没有到成功。jdk的证书默认密码为changeit
keytool -import -trustcacerts -alias cascer -file cascer.cer -keystore “D:\tools\java\jre1.8.0_25\jre\lib\security\cacerts”
2、域名找不到,生成证书的时候,用户名和形式直接填写:cas.server.com
3、单点登出问题,因为两个应用,两个域名。发现其中一个推出之后,另一个应用并没有推出。这是因为要配置登出过滤器,默认是没有配置的。
4、注意过滤器的顺序,最开始授权的过滤器的order设置为3,导致白名单配置失效。
参考博客:
https://blog.csdn.net/oumuv/article/details/84317757
https://blog.csdn.net/c_kkl213/article/details/81781731