spring boot整合CAS配置详解
在下不才,以下是我花了好几天的时间才整合出来的在springboot里面的CAS配置整合
为了帮助没搞定的人,毕竟自己踩了很多坑,一步一步爬过来的,有什么不足之处可以给建议 谢谢(小部分代码是整合他人的)
1.不多废话,直接上最重要的代码,以下代码整合cas的重要过程
importorg.jasig.cas.client.authentication.AuthenticationFilter;
importorg.jasig.cas.client.session.SingleSignOutFilter;
importorg.jasig.cas.client.session.SingleSignOutHttpSessionListener;
importorg.jasig.cas.client.util.AssertionThreadLocalFilter;
importorg.jasig.cas.client.util.HttpServletRequestWrapperFilter;
importorg.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;
importorg.jasig.cas.client.validation.Cas20ServiceTicketValidator;
importorg.springframework.beans.factory.annotation.Autowired;
importorg.springframework.boot.web.servlet.FilterRegistrationBean;
importorg.springframework.boot.web.servlet.ServletListenerRegistrationBean;
importorg.springframework.context.annotation.Bean;
importorg.springframework.context.annotation.Configuration;
importorg.springframework.security.cas.ServiceProperties;
importorg.springframework.security.cas.authentication.CasAuthenticationProvider;
importorg.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService;
importorg.springframework.security.web.authentication.logout.LogoutFilter;
importorg.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
importjava.util.List;
@Configuration
publicclassCasConfig{
@Autowired
SpringCasAutoconfigautoconfig;
privatestaticbooleancasEnabled=true;
publicCasConfig(){
}
@Bean
publicSpringCasAutoconfiggetSpringCasAutoconfig(){
returnnewSpringCasAutoconfig();
}
/**
*用于实现单点登出功能
*/
@Bean
publicServletListenerRegistrationBeansingleSignOutHttpSessionListener(){
ServletListenerRegistrationBeanlistener=newServletListenerRegistrationBean<>();
listener.setEnabled(casEnabled);
listener.setListener(newSingleSignOutHttpSessionListener());
listener.setOrder(1);
returnlistener;
}
/**
*该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前
*/
@Bean
publicFilterRegistrationBeanlogOutFilter(){
FilterRegistrationBeanfilterRegistration=newFilterRegistrationBean();
LogoutFilterlogoutFilter=newLogoutFilter(autoconfig.getCasServerUrlPrefix()+"/logout?service="+autoconfig.getServerName(),newSecurityContextLogoutHandler());
filterRegistration.setFilter(logoutFilter);
filterRegistration.setEnabled(casEnabled);
if(autoconfig.getSignOutFilters().size()>0)
filterRegistration.setUrlPatterns(autoconfig.getSignOutFilters());
else
filterRegistration.addUrlPatterns("/logout");
filterRegistration.addInitParameter("casServerUrlPrefix",autoconfig.getCasServerUrlPrefix());
filterRegistration.addInitParameter("serverName",autoconfig.getServerName());
filterRegistration.setOrder(2);
returnfilterRegistration;
}
/**
*该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前
*/
@Bean
publicFilterRegistrationBeansingleSignOutFilter(){
FilterRegistrationBeanfilterRegistration=newFilterRegistrationBean();
filterRegistration.setFilter(newSingleSignOutFilter());
filterRegistration.setEnabled(casEnabled);
if(autoconfig.getSignOutFilters().size()>0)
filterRegistration.setUrlPatterns(autoconfig.getSignOutFilters());
else
filterRegistration.addUrlPatterns("/*");
filterRegistration.addInitParameter("casServerUrlPrefix",autoconfig.getCasServerUrlPrefix());
filterRegistration.addInitParameter("serverName",autoconfig.getServerName());
filterRegistration.setOrder(3);
returnfilterRegistration;
}
/**
*该过滤器负责用户的认证工作
*/
@Bean
publicFilterRegistrationBeanauthenticationFilter(){
FilterRegistrationBeanfilterRegistration=newFilterRegistrationBean();
filterRegistration.setFilter(newAuthenticationFilter());
filterRegistration.setEnabled(casEnabled);
if(autoconfig.getAuthFilters().size()>0)
filterRegistration.setUrlPatterns(autoconfig.getAuthFilters());
else
filterRegistration.addUrlPatterns("/*");
//casServerLoginUrl:cas服务的登陆url
filterRegistration.addInitParameter("casServerLoginUrl",autoconfig.getCasServerLoginUrl());
//本项目登录ip+port
filterRegistration.addInitParameter("serverName",autoconfig.getServerName());
filterRegistration.addInitParameter("useSession",autoconfig.isUseSession()?"true":"false");
filterRegistration.addInitParameter("redirectAfterValidation",autoconfig.isRedirectAfterValidation()?"true":"false");
filterRegistration.setOrder(4);
returnfilterRegistration;
}
/**
*该过滤器负责对Ticket的校验工作
*/
@Bean
publicFilterRegistrationBeancas20ProxyReceivingTicketValidationFilter(){
FilterRegistrationBeanfilterRegistration=newFilterRegistrationBean();
Cas20ProxyReceivingTicketValidationFiltercas20ProxyReceivingTicketValidationFilter=newCas20ProxyReceivingTicketValidationFilter();
//cas20ProxyReceivingTicketValidationFilter.setTicketValidator(cas20ServiceTicketValidator());
cas20ProxyReceivingTicketValidationFilter.setServerName(autoconfig.getServerName());
filterRegistration.setFilter(cas20ProxyReceivingTicketValidationFilter);
filterRegistration.setEnabled(casEnabled);
if(autoconfig.getValidateFilters().size()>0)
filterRegistration.setUrlPatterns(autoconfig.getValidateFilters());
else
filterRegistration.addUrlPatterns("/*");
filterRegistration.addInitParameter("casServerUrlPrefix",autoconfig.getCasServerUrlPrefix());
filterRegistration.addInitParameter("serverName",autoconfig.getServerName());
filterRegistration.setOrder(5);
returnfilterRegistration;
}
/**
*该过滤器对HttpServletRequest请求包装,可通过HttpServletRequest的getRemoteUser()方法获得登录用户的登录名
*
*/
@Bean
publicFilterRegistrationBeanhttpServletRequestWrapperFilter(){
FilterRegistrationBeanfilterRegistration=newFilterRegistrationBean();
filterRegistration.setFilter(newHttpServletRequestWrapperFilter());
filterRegistration.setEnabled(true);
if(autoconfig.getRequestWrapperFilters().size()>0)
filterRegistration.setUrlPatterns(autoconfig.getRequestWrapperFilters());
else
filterRegistration.addUrlPatterns("/*");
filterRegistration.setOrder(6);
returnfilterRegistration;
}
/**
*该过滤器使得可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
比如AssertionHolder.getAssertion().getPrincipal().getName()。
这个类把Assertion信息放在ThreadLocal变量中,这样应用程序不在web层也能够获取到当前登录信息
*/
@Bean
publicFilterRegistrationBeanassertionThreadLocalFilter(){
FilterRegistrationBeanfilterRegistration=newFilterRegistrationBean();
filterRegistration.setFilter(newAssertionThreadLocalFilter());
filterRegistration.setEnabled(true);
if(autoconfig.getAssertionFilters().size()>0)
filterRegistration.setUrlPatterns(autoconfig.getAssertionFilters());
else
filterRegistration.addUrlPatterns("/*");
filterRegistration.setOrder(7);
returnfilterRegistration;
}
}
2.为了让你们更省力且直接的看到效果,我把相关配置也贴出来
importorg.springframework.boot.context.properties.ConfigurationProperties;
importorg.springframework.context.annotation.Configuration;
importjava.util.Arrays;
importjava.util.List;
@ConfigurationProperties(prefix="spring.cas")
publicclassSpringCasAutoconfig{
staticfinalStringseparator=",";
privateStringvalidateFilters;
privateStringsignOutFilters;
privateStringauthFilters;
privateStringassertionFilters;
privateStringrequestWrapperFilters;
privateStringcasServerUrlPrefix;
privateStringcasServerLoginUrl;
privateStringserverName;
privatebooleanuseSession=true;
privatebooleanredirectAfterValidation=true;
publicListgetValidateFilters(){
returnArrays.asList(validateFilters.split(separator));
}
publicvoidsetValidateFilters(StringvalidateFilters){
this.validateFilters=validateFilters;
}
publicListgetSignOutFilters(){
returnArrays.asList(signOutFilters.split(separator));
}
publicvoidsetSignOutFilters(StringsignOutFilters){
this.signOutFilters=signOutFilters;
}
publicListgetAuthFilters(){
returnArrays.asList(authFilters.split(separator));
}
publicvoidsetAuthFilters(StringauthFilters){
this.authFilters=authFilters;
}
publicListgetAssertionFilters(){
returnArrays.asList(assertionFilters.split(separator));
}
publicvoidsetAssertionFilters(StringassertionFilters){
this.assertionFilters=assertionFilters;
}
publicListgetRequestWrapperFilters(){
returnArrays.asList(requestWrapperFilters.split(separator));
}
publicvoidsetRequestWrapperFilters(StringrequestWrapperFilters){
this.requestWrapperFilters=requestWrapperFilters;
}
publicStringgetCasServerUrlPrefix(){
returncasServerUrlPrefix;
}
publicvoidsetCasServerUrlPrefix(StringcasServerUrlPrefix){
this.casServerUrlPrefix=casServerUrlPrefix;
}
publicStringgetCasServerLoginUrl(){
returncasServerLoginUrl;
}
publicvoidsetCasServerLoginUrl(StringcasServerLoginUrl){
this.casServerLoginUrl=casServerLoginUrl;
}
publicStringgetServerName(){
returnserverName;
}
publicvoidsetServerName(StringserverName){
this.serverName=serverName;
}
publicbooleanisRedirectAfterValidation(){
returnredirectAfterValidation;
}
publicvoidsetRedirectAfterValidation(booleanredirectAfterValidation){
this.redirectAfterValidation=redirectAfterValidation;
}
publicbooleanisUseSession(){
returnuseSession;
}
publicvoidsetUseSession(booleanuseSession){
this.useSession=useSession;
}
}
3.配置文件 dev.yml
#casclientconfig spring:cas: sign-out-filters:/logout auth-filters:/* validate-filters:/* request-wrapper-filters:/* assertion-filters:/* cas-server-login-url:cas登录url cas-server-url-prefix:cas登录域名 redirect-after-validation:true use-session:true server-name:http://localhost:8080
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持毛票票。