第一步:引入jar包
net.unicon.cas
cas-client-autoconfig-support
2.3.0-GA
第二步:配置文件application.yaml
server:
port: 7070
servlet:
context-path: /child01
cas:
#后端服务地址
client-host-url: http://127.0.0.1:7070
#cas认证中心地址
server-url-prefix: https://192.168.194.104:8443/cas
#cas认证中心登录地址
server-login-url: https://192.168.194.104:8443/cas/login
validation-type: cas3
第三步:再启动类添加注解
@EnableCasClient
@SpringBootApplication
public class ChildApplication{
public static void main( String[] args ){
SpringApplication.run(ChildApplication.class, args);
}
}
第四步:添加Controller测试接口
@Controller
public class LoginController {
@Value(value = "${cas.server-url-prefix}")
private String serverUrlPrefix = "";
@Value(value = "${cas.client-host-url}")
private String clientHostUrl = "";
@GetMapping("/user")
@ResponseBody
public String user(HttpServletRequest request) {
Assertion assertion = (Assertion) request.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
String loginName = null;
if (assertion != null) {
AttributePrincipal principal = assertion.getPrincipal();
loginName = principal.getName();
System.out.println("访问者:" + loginName);
}
return "访问者:" + loginName;
}
@RequestMapping("/logout")
public String logout(HttpSession session) {
session.invalidate();
return "redirect:" + serverUrlPrefix + "/logout?service=" + clientHostUrl + "/child01/user";
}
}
第五步:服务端不允许客户端的http协议的请求。需要对服务端做以下修改apache-tomcat-9.0.52/web-app/WEB-INF/classes/services/HTTPSandIMAPS-10000001.json
"serviceId" 由原来的"^(https|imaps)://.*"改成 "^(https|imaps|http)://.*"
apache-tomcat-9.0.52/webapps/cas/WEB-INF/classes/application.properties文件添加2行
cas.serviceRegistry.initFromJson=true
cas.tgc.secure=false
第六步:客户端代码添加过滤SSL
public class IgnoreSSLValidateFilter implements Filter {
static {
//执行设置,禁用ssl认证
try {
TrustManager[] trustAllCerts = {new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
}};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
filterChain.doFilter(servletRequest, servletResponse);
}
@Override
public void destroy() {
}
}
@Configuration
@Component
public class FilterConfig {
@Bean
public FilterRegistrationBean ignoreSSLValidateFilter(){
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new IgnoreSSLValidateFilter());
registrationBean.setName("ignoreSSLValidateFilter");
//过滤器顺序
registrationBean.setOrder(0);
//拦截规则
registrationBean.setUrlPatterns(Arrays.asList("/*"));
return registrationBean;
}
}
第七步:自行验证