Springboot集成CAS 5.2.x
这里写自定义目录标题
- Springboot集成CAS 5.2.x
- 配置
- 参考
Springboot集成CAS 5.2.x
基于kweb-cas(5.2.x) 集成Springboot项目。
配置
- springboot项目pom.xml中 添加cas客户端依赖包
net.unicon.cas
cas-client-autoconfig-support
2.3.0-GA
2.配置地址信息,在application.properties文件中配置如下
cas.server-url-prefix=http://211.149.149.146:9090/cas
# 填CAS服务器的登录地址
cas.server-login-url=http://211.149.149.146:9090/cas/login
# 填客户端的访问前缀 www.member.com是在host文件中配置的映射,映射到127.0.0.1
cas.client-host-url=http://localhost:8082
cas.validation-type=CAS
3.cas过滤器配置
import com.ksi.admin.filter.LocalUserInfoFilter;
import net.unicon.cas.client.configuration.CasClientConfigurerAdapter;
import net.unicon.cas.client.configuration.EnableCasClient;
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import javax.servlet.http.HttpSession;
@Configuration
@Controller
@EnableCasClient
public class FilterConfig extends CasClientConfigurerAdapter {
@Value("${cas.server-url-prefix}")
private String CAS_URL;
@Value("${cas.client-host-url}")
private String APP_URL;
@Override
public void configureAuthenticationFilter(FilterRegistrationBean authenticationFilter) {
super.configureAuthenticationFilter(authenticationFilter);
//authenticationFilter.getInitParameters().put("authenticationRedirectStrategyClass","com.patterncat.CustomAuthRedirectStrategy");
}
@Bean
public ServletListenerRegistrationBean servletListenerRegistrationBean(){
ServletListenerRegistrationBean listenerRegistrationBean = new ServletListenerRegistrationBean();
listenerRegistrationBean.setListener(new SingleSignOutHttpSessionListener());
listenerRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
return listenerRegistrationBean;
}
/**
* 单点登录退出
*
* @return
*/
@Bean
public FilterRegistrationBean singleSignOutFilter() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new SingleSignOutFilter());
registrationBean.addUrlPatterns("/*");
registrationBean.addInitParameter("casServerUrlPrefix", CAS_URL);
registrationBean.setName("CAS Single Sign Out Filter");
registrationBean.setOrder(1);
return registrationBean;
}
/**
* 单点登录认证
* @return
*/
@Bean
public FilterRegistrationBean AuthenticationFilter() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new AuthenticationFilter());
registrationBean.addUrlPatterns("/*");
registrationBean.setName("CAS Filter");
registrationBean.addInitParameter("casServerLoginUrl", CAS_URL);
registrationBean.addInitParameter("serverName", APP_URL);
registrationBean.setOrder(3);
return registrationBean;
}
/**
* 单点登录校验
* @return
*/
@Bean
public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new Cas20ProxyReceivingTicketValidationFilter());
registrationBean.addUrlPatterns("/*");
registrationBean.setName("CAS Validation Filter");
registrationBean.addInitParameter("casServerUrlPrefix", CAS_URL);
registrationBean.addInitParameter("serverName", APP_URL);
registrationBean.setOrder(4);
return registrationBean;
}
/**
* 单点登录请求包装
* @return
*/
@Bean
public FilterRegistrationBean httpServletRequestWrapperFilter(){
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new HttpServletRequestWrapperFilter());
registrationBean.addUrlPatterns("/*");
registrationBean.setName("CAS HttpServletRequest Wrapper Filter");
registrationBean.setOrder(5);
return registrationBean;
}
/**
* 获取当前用户
*
* @return
*/
@Bean
public FilterRegistrationBean registrationBean() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new LocalUserInfoFilter());
registrationBean.addUrlPatterns("/*");
registrationBean.setName("localUserInfoFilter");
registrationBean.setOrder(2);
return registrationBean;
}
//登出
@RequestMapping("/logout")
public String logout(HttpSession session){
session.invalidate();
return "redirect:"+CAS_URL+"/logout?service="+APP_URL+"/admin/index.html";
}
/**
* 从kweb-cas中获取登录信息
* @param request
* @return
*/
@GetMapping(value = {"/logininfo"})
public WrappedResult loginUser(HttpServletRequest request){
Assertion assertion = (Assertion) request.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
if(assertion!= null){
AttributePrincipal principal = assertion.getPrincipal();
return WrappedResult.successWrapedResult(principal.getName());
}else {
return null;
}
}
}
5.定义本地过滤器,作用是通过从单点登录服务器获取用户账号,将登录的用户账号存到session中。(CAS服务端在认证通过后,会把当前认证通过的登陆用户名传递到子系统,当然,认证通过的用户名有可能与子系统的用户名不一样,那子系统就需要一个认证通过的用户名与子系统用户的映射,在子系统拿到通过认证的用户名,再找到对应的子系统用户)
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.util.AbstractCasFilter;
import org.jasig.cas.client.validation.Assertion;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
public class LocalUserInfoFilter implements Filter {
Logger logger = LoggerFactory.getLogger(LocalUserInfoFilter.class);
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request_ = (HttpServletRequest) request;
String loginName = getAccountNameFromCas(request_);
if (!StringUtils.isEmpty(loginName)) {
logger.info("访问者 :" + loginName);
request_.getSession().setAttribute("loginName", loginName);
}
chain.doFilter(request, response);
}
public String getAccountNameFromCas(HttpServletRequest request) {
Assertion assertion = (Assertion) request.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
if (assertion != null) {
AttributePrincipal principal = assertion.getPrincipal();
return principal.getName();
} else
return null;
}
}
6.访问
- http://xxx:port/xxx/logininfo 查看登录用户
- http://xxx:port/xxx/logout 退出登录
参考
- https://blog.csdn.net/letterss/article/details/102971134
- https://www.cnblogs.com/jugglee/p/10564993.html
- https://www.jianshu.com/p/9b50585ccec0
- http://www.freesion.com/article/1681129932/