springboot整合CAS实现单点登录
CAS服务端部署
服务端就是一个war,修改些配置,部署到tomcat的webapps目录就行了。以下是细节:
github下载地址:https://repo1.maven.org/maven2/org/apereo/cas/cas-server-webapp-tomcat/5.3.14/
如下图所示下载圈起来的就行
注意:这个war是人家打包好的
自己也可以上CAS的官网区下载,不过都是gradle工程的,附链接:
官网地址:CAS | Apereo点下载就跳转到github了
服务端的:Releases · apereo/cas · GitHub
客户端的:Releases · apereo/java-cas-client · GitHub
要修改的配置,首先解压cas的war
由于cas默认使用的是基于https协议,需要改为兼容使用http协议,打开对应你的目录文件:
cas\WEB-INF\classes\application.properties加上以下配置
#使用http协议
cas.tgc.secure=false
cas.serviceRegistry.initFromJson=true#由于https协议默认使用的端口为8443,还需我们修改为tomcat的8080端口
server.port=8080修改HTTPSandIMAPS-10000001.json文件
把原来的serviceId内容改成如下
"serviceId" : "^(https|http|imaps)://.*",兼容http修改完毕。
修改配置中的登录用户名密码
cas.authn.accept.users=jhl::jhl666888cas服务器端搭建完毕,重启tomcat 进行测试,在浏览器中输入下面地址,进行访问
http://localhost:8080/cas/login就行了
退出链接是http://localhost:8080/cas/logout
CAS客户端构建
添加依赖
net.unicon.cas
cas-client-autoconfig-support
1.4.0-GA
启动类加上@EnableCasClient注解
@EnableCasClient
@SpringBootApplication
public class CasClient01Application {
public static void main(String[] args) {
SpringApplication.run(CasClient01Application.class, args);
}
}修改application.properties
server.port=8081
#cas服务端的地址
cas.server-url-prefix=http://localhost:8080/cas
#cas服务端的登录地址
cas.server-login-url=http://localhost:8080/cas/login
#当前服务器的地址(客户端)
cas.client-host-url=http://localhost:8081
#Ticket校验器使用Cas30ProxyReceivingTicketValidationFilter
cas.validation-type=cas3写一个controller,加上这个接口
@RequestMapping("/sso-test1")
public String test1(HttpSession session){
Assertion assertion = (Assertion)session.getAttribute(CONST_CAS_ASSERTION);
AttributePrincipal principal = assertion.getPrincipal();
String loginName = principal.getName();
return "sso-test1,当前登录账户"+loginName;
}再写另一个客户端,同理,不再赘述
访问第一个客户端http://localhost:8081/sso-test1
登录之后再访问第二个http://localhost:8082/sso-test2就不用输入密码了
接下来写退出接口
/**
* 退出 后自动重定向自定义接口
* @param request
* @return
*/
@RequestMapping("/system/logout1")
public String logout1(HttpServletRequest request) {
HttpSession session = request.getSession();
session.invalidate();
return "redirect:http://localhost:8080/cas/logout?service=http://localhost:8081/system/logoutSuccess";
}
/**
* 退出成功页
* @return
*/
@RequestMapping("/system/logoutSuccess")
@ResponseBody
public String logoutSuccess() {
return "test1成功退出!";
}设置cas认证中心允许重定向跳转
打开你的cas认证中心里的 application.properties 文件,添加如下配置
#退出登录后允许跳转
cas.logout.followServiceRedirects=true新建config配置文件
package com.cas.casclient01;
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.EventListener;
import java.util.HashMap;
import java.util.Map;
@Configuration
public class Config {
//cas认证服务中心地址
private static final String CAS_SERVER_URL_PREFIX = "http://localhost:8080/cas/";
//cas认证服务中心 系统登录地址
private static final String CAS_SERVER_URL_LOGIN = "http://localhost:8080/cas/login";
//你自己的客户端1的地址
private static final String SERVER_NAME = "http://localhost:8081/";
/**
* description: 登录过滤器
* @param: []
* @return: org.springframework.boot.web.servlet.FilterRegistrationBean
*/
@Bean
public FilterRegistrationBean filterSingleRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new SingleSignOutFilter());
// 设定匹配的路径
registration.addUrlPatterns("/*");
Map initParameters = new HashMap();
initParameters.put("casServerUrlPrefix", CAS_SERVER_URL_PREFIX);
registration.setInitParameters(initParameters);
// 设定加载的顺序
registration.setOrder(1);
return registration;
}
/**
* description:过滤验证器
* * @param: []
* @return: org.springframework.boot.web.servlet.FilterRegistrationBean
*/
@Bean
public FilterRegistrationBean filterValidationRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new Cas30ProxyReceivingTicketValidationFilter());
// 设定匹配的路径
registration.addUrlPatterns("/*");
Map initParameters = new HashMap();
initParameters.put("casServerUrlPrefix", CAS_SERVER_URL_PREFIX);
initParameters.put("serverName", SERVER_NAME);
initParameters.put("useSession", "true");
registration.setInitParameters(initParameters);
// 设定加载的顺序
registration.setOrder(1);
return registration;
}
/**
* description:授权过滤器
* @param: []
* @return: org.springframework.boot.web.servlet.FilterRegistrationBean
*/
@Bean
public FilterRegistrationBean filterAuthenticationRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new AuthenticationFilter());
// 设定匹配的路径
registration.addUrlPatterns("/*");
Map initParameters = new HashMap();
initParameters.put("casServerLoginUrl", CAS_SERVER_URL_LOGIN);
initParameters.put("serverName", SERVER_NAME);
//设置忽略 退出登录不用登录
initParameters.put("ignorePattern", "/system/*");
registration.setInitParameters(initParameters);
// 设定加载的顺序
registration.setOrder(1);
return registration;
}
/**
* wraper过滤器
* @return
*/
@Bean
public FilterRegistrationBean filterWrapperRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new HttpServletRequestWrapperFilter());
// 设定匹配的路径
registration.addUrlPatterns("/*");
// 设定加载的顺序
registration.setOrder(1);
return registration;
}
/**
* 添加监听器
* @return
*/
@Bean
public ServletListenerRegistrationBean singleSignOutListenerRegistration(){
ServletListenerRegistrationBean registrationBean = new ServletListenerRegistrationBean();
registrationBean.setListener(new SingleSignOutHttpSessionListener());
registrationBean.setOrder(1);
return registrationBean;
}
} 客户端2也同样改造
http://localhost:8081/system/logout1访问客户端1的退出接口
再访问客户端二的链接,就自动退出登录了
参考文章:
代码看这个》》》https://www.jb51.net/article/226058.htm
原理看这个 》》》CAS实现单点登录
配置https证书看这个》》》单点登录CAS技术概述