spring boot整合CAS配置详解

网友投稿 682 2023-05-14


spring boot整合CAS配置详解

在下不才,以下是我花了好几天的时间才整合出来的在spring boot里面的CAS配置整合

为了帮助没搞定的人,毕竟自己踩了很多坑,一步一步爬过来的,有什么不足之处可以给建议  谢谢(小部分代码是整合他人的)

1.不多废话,直接上最重要的代码,以下代码整合cas的重要过程

import org.jasig.cas.client.authentication.AuthenticationFilter;

import org.jasig.cas.client.session.SingleSignOutFilter;

import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;

import org.jasig.cas.client.util.AssertionThreadLocalFilter;

import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;

import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;

import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.boot.web.servlet.FilterRegistrationBean;

import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.cas.ServiceProperties;

import org.springframework.security.cas.authentication.CasAuthenticationProvider;

import org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService;

import org.springframework.security.web.authentication.logout.LogoutFilter;

import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;

import java.util.List;

@Configuration

public class CasConfig {

@Autowired

SpringCasAutoconfig autoconfig;

private static boolean casEnabled = true;

public CasConfig() {

}

@Bean

public SpringCasAutoconfig getSpringCasAutoconfig(){

return new SpringCasAutoconfig();

}

/**

* 用于实现单点登出功能

*/

@Bean

public ServletListenerRegistrationBean singleSignOutHttpSessionListener() {

ServletListenerRegistrationBean listener = new ServletListenerRegistrationBean<>();

listener.setEnabled(casEnabled);

listener.setListener(new SingleSignOutHttpSessionListener());

listener.setOrder(1);

return listener;

}

/**

* 该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前

*/

@Bean

public FilterRegistrationBean logOutFilter() {

FilterRegistrationBean filterRegistration = new FilterRegistrationBean();

LogoutFilter logoutFilter = new LogoutFilter(autoconfig.getCasServerUrlPrefix() + "/logout?service=" + autoconfig.getServerName(),new SecurityContextLogoutHandler());

filterRegistration.setFilter(logoutFilter);

filterRegistration.setEnabled(casEnabled);

if(autoconfig.getSignOutFilters().size()>0)

filterRegistration.setUrlPatterns(autoconfig.getSignOutFilters());

else

filterRegistration.addUrlPatterns("/logout");

filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix());

filterRegistration.addInitParameter("serverName", autoconfig.getServerName());

filterRegistration.setOrder(2);

return filterRegistration;

}

/**

* 该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前

*/

@Bean

public FilterRegistrationBean singleSignOutFilter() {

FilterRegistrationBean filterRegistration = new FilterRegistrationBean();

filterRegistration.setFilter(new SingleSignOutFilter());

filterRegistration.setEnabled(casEnabled);

if(autoconfig.getSignOutFilters().size()>0)

filterRegistration.setUrlPatterns(autoconfig.getSignOutFilters());

else

filterRegistration.addUrlPatterns("/*");

filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix());

filterRegistration.addInitParameter("serverName", autoconfig.getServerName());

filterRegistration.setOrder(3);

return filterRegistration;

}

/**

* 该过滤器负责用户的认证工作

*/

@Bean

public FilterRegistrationBean authenticationFilter() {

FilterRegistrationBean filterRegistration = new FilterRegistrationBean();

filterRegistration.setFilter(new AuthenticationFilter());

filterRegistration.setEnabled(casEnabled);

if(autoconfig.getAuthFilters().size()>0)

filterRegistration.setUrlPatterns(autoconfig.getAuthFilters());

else

filterRegistration.addUrlPatterns("/*");

//casServerLoginUrl:cas服务的登陆url

filterRegistration.addInitParameter("casServerLoginUrl", autoconfig.getCasServerLoginUrl());

//本项目登录ip+port

filterRegistration.addInitParameter("serverName", autoconfig.getServerName());

filterRegistration.addInitParameter("useSession", autoconfig.isUseSession()?"true":"false");

filterRegistration.addInitParameter("redirectAfterValidation", autoconfig.isRedirectAfterValidation()?"true":"false");

filterRegistration.setOrder(4);

return filterRegistration;

}

/**

* 该过滤器负责对Ticket的校验工作

*/

@Bean

public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() {

FilterRegistrationBean filterRegistration = new FilterRegistrationBean();

Cas20ProxyReceivingTicketValidationFilter cas20ProxyReceivingTicketValidationFilter = new Cas20ProxyReceivingTicketValidationFilter();

//cas20ProxyReceivingTicketValidationFilter.setTicketValidator(cas20ServiceTicketValidator());

cas20ProxyReceivingTicketValidationFilter.setServerName(autoconfig.getServerName());

filterRegistration.setFilter(cas20ProxyReceivingTicketValidationFilter);

filterRegistration.setEnabled(casEnabled);

if(autoconfig.getValidateFilters().size()>0)

filterRegistration.setUrlPatterns(autoconfig.getValidateFilters());

else

XdLPciifilterRegistration.addUrlPatterns("/*");

filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix());

filterRegistration.addInitParameter("serverName", autoconfig.getServerName());

filterRegistration.setOrder(5);

return filterRegistration;

}

/**

* 该过滤器对HttpServletRequest请求包装, 可通过HttpServletRequest的getRemoteUser()方法获得登录用户的登录名

*

*/

@Bean

public FilterRegistrationBean httpServletRequestWrapperFilter() {

FilterRegistrationBean filterRegistration = new FilterRegistrationBean();

filterRegistration.setFilter(new HttpServletRequestWrapperFilter());

filterRegistration.setEnabled(true);

if(autoconfig.getRequestWrapperFilters().size()>0)

http://filterRegistration.setUrlPatterns(autoconfig.getRequestWrapperFilters());

else

filterRegistration.addUrlPatterns("/*");

filterRegistration.setOrder(6);

return filterRegistration;

}

/**

* 该过滤器使得可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。

比如AssertionHolder.getAssertion().getPrincipal().getName()。

这个类把Assertion信息放在ThreadLocal变量中,这样应用程序不在web层也能够获取到当前登录信息

*/

@Bean

public FilterRegistrationBean assertionThreadLocalFilter() {

FilterRegistrationBean filterRegistration = new FilterRegistrationBean();

filterRegistration.setFilter(new AssertionThreadLocalFilter());

filterRegistration.setEnabled(true);

if(autoconfig.getAssertionFilters().size()>0)

filterRegistration.setUrlPatterns(autoconfig.getAssertionFilters());

else

filterRegistration.addUrlPatterns("/*");

filterRegistration.setOrder(7);

return filterRegistration;

}

}

2.为了让你们更省力且直接的看到效果,我把相关配置也贴出来

import org.springframework.boot.context.properties.ConfigurationProperties;

import org.springframework.context.annotation.Configuration;

import java.util.Arrays;

import java.util.List;

@ConfigurationProperties(prefix = "spring.cas")

public class SpringCasAutoconfig {

static final String separator = ",";

private String validateFilters;

private String signOutFilters;

private String authFilters;

private String assertionFilters;

private String requestWrapperFilters;

private String casServerUrlPrefix;

private String casServerLoginUrl;

private String serverName;

private boolean useSession = true;

private boolean redirectAfterValidation = true;

public List getValidateFilters() {

return Arrays.asList(validateFilters.split(separator));

}

public void setValidateFilters(String validateFilters) {

this.validateFilters = validateFilters;

}

public List getSignOutFilters() {

return Arrays.asList(signOutFilters.split(separator));

}

public void setSignOutFilters(String signOutFilters) {

this.signOutFilters = signOutFilters;

}

public List getAuthFilters() {

return Arrays.asList(authFilters.split(separator));

}

public void setAuthFilters(String authFilters) {

this.authFilters = authFilters;

}

public List getAssertionFilters() {

return Arrays.asList(assertionFilters.split(separator));

}

public void setAssertionFilters(String assertionFilters) {

this.assertionFilters = assertionFilters;

}

public List getRequestWrapperFilters() {

return Arrays.asList(requestWrapperFilters.split(separator));

}

public void setRequestWrapperFilters(String requestWrapperFilters) {

this.requestWrapperFilters = requestWrapperFilters;

}

public String getCasServerUrlPrefix() {

return casServerUrlPrefix;

}

public void setCasServerUrlPrefix(String casServerUrlPrefix) {

this.casServerUrlPrefix = casServerUrlPrefix;

}

public String getCasServerLoginUrl() {

return casServerLoginUrl;

}

public void setCasServerLoginUrl(String casServerLoginUrl) {

this.casServerLoginUrl = casServerLoginUrl;

}

public String getServerName() {

return serverName;

}

public void setServerName(String serverName) {

this.serverName = serverName;

}

public boolean isRedirectAfterValidation() {

return redirectAfterValidation;

}

public void setRedirectAfterValidation(boolean redirectAfterValidation) {

this.redirectAfterValidation = redirectAfterValidation;

}

public boolean isUseSession() {

return useSession;

}

public void setUseSession(boolean useSession) {

this.useSession = useSession;

}

}

3.配置文件  dev.yml

#cas client config

spring:cas:

sign-out-filters: /logout

auth-filters: /*

validate-filters: /*

request-wrapper-filters: /*

assertion-filters: /*

cas-server-login-url: cas登录url

cas-server-url-prefix:cas登录域名

redirect-after-validation: true

use-session: true

server-name: http://localhost:8080


版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

上一篇:java 中List删除实例详解
下一篇:微信小程序如何获知用户运行小程序的场景教程
相关文章

 发表评论

暂时没有评论,来抢沙发吧~