本文介绍了spring boot整合CAS Client实现单点登陆验证的示例,分享给大家,也给自己留个笔记,具体如下:
单点登录( Single Sign-On , 简称 SSO )是目前比较流行的服务于企业业务整合的解决方案之一, SSO 使得在多个应用系统中,用户只需要 登录一次 就可以访问所有相互信任的应用系统。
CAS Client
负责处理对客户端受保护资源的访问请求,需要对请求方进行身份认证时,重定向到 CAS Server 进行认证。(原则上,客户端应用不再接受任何的用户名密码等 Credentials )。
实现方式一:使用第三方的starter
1、依赖的jar
1
2
3
4
5
|
< dependency > < groupId >net.unicon.cas</ groupId > < artifactId >cas-client-autoconfig-support</ artifactId > < version >1.4.0-GA</ version > </ dependency > |
2、增加配置文件
1
2
3
4
|
cas.server-url-prefix=http://127.0.0.1 cas.server-login-url=http://127.0.0.1/login cas.client-host-url=http://192.26.4.28:8080 cas.validation-type=CAS |
3、开启CAS Client支持
1
2
3
4
5
6
7
8
9
10
|
@SpringBootApplication @ComponentScan (basePackages={ "com.chhliu.emailservice" }) @EnableCasClient // 开启CAS支持 public class Application extends SpringBootServletInitializer{ public static void main(String[] args) { SpringApplication.run(Application. class , args); } } |
通过上面的3步,就可以完成CAS的客户端认证了!
4、扩展
cas.validation-type目前支持3中方式:1、CAS;2、CAS3;3、SAML
其他可用的配置如下:
1
2
3
4
5
6
7
8
9
10
11
12
|
cas.authentication-url-patterns cas.validation-url-patterns cas.request-wrapper-url-patterns cas.assertion-thread-local-url-patterns cas.gateway cas.use-session cas.redirect-after-validation cas.allowed-proxy-chains cas.proxy-callback-url cas.proxy-receptor-url cas.accept-any-proxy server.context-parameters.renew |
具体的含义从名字上就可以很清楚的看出来。
实现方式二:手动配置
我们原来使用CAS Client,需要在web.xml中做如下配置:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
< filter > < filter-name >authenticationFilter</ filter-name > < filter-class >org.jasig.cas.client.authentication.AuthenticationFilter</ filter-class > < init-param > < param-name >casServerLoginUrl</ param-name > < param-value >http://127.0.0.1/login</ param-value > </ init-param > < init-param > < param-name >serverName</ param-name > < param-value >http://192.26.4.28:8080</ param-value > </ init-param > </ filter > < filter-mapping > < filter-name >authenticationFilter</ filter-name > < url-pattern >/*</ url-pattern > </ filter-mapping > <!-- 该过滤器负责对Ticket的校验工作,必须启用它 --> < filter > < filter-name >validationFilter</ filter-name > < filter-class >org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</ filter-class > < init-param > < param-name >casServerUrlPrefix</ param-name > < param-value >http://127.0.0.1</ param-value > </ init-param > < init-param > < param-name >serverName</ param-name > < param-value >http://192.26.4.28:8080</ param-value > </ init-param > <!-- <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>useSession</param-name> <param-value>true</param-value> </init-param> --> </ filter > < filter-mapping > < filter-name >validationFilter</ filter-name > < url-pattern >/*</ url-pattern > </ filter-mapping > <!-- 该过滤器负责实现HttpServletRequest请求的包裹, 比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。 --> < filter > < filter-name >httpServletRequestWrapperFilter</ filter-name > < filter-class >org.jasig.cas.client.util.HttpServletRequestWrapperFilter</ filter-class > </ filter > < filter-mapping > < filter-name >httpServletRequestWrapperFilter</ filter-name > < url-pattern >/*</ url-pattern > </ filter-mapping > |
所以,我们手动配置的时候,需要手动配置上面xml中对应的Filter,代码如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
@Configuration @Component public class CasConfigure { @Bean public FilterRegistrationBean authenticationFilterRegistrationBean() { FilterRegistrationBean authenticationFilter = new FilterRegistrationBean(); authenticationFilter.setFilter( new AuthenticationFilter()); Map<String, String> initParameters = new HashMap<String, String>(); initParameters.put( "casServerLoginUrl" , "http://127.0.0.1/login" ); initParameters.put( "serverName" , "http://192.26.4.28:8080" ); authenticationFilter.setInitParameters(initParameters); authenticationFilter.setOrder( 2 ); List<String> urlPatterns = new ArrayList<String>(); urlPatterns.add( "/*" ); // 设置匹配的url authenticationFilter.setUrlPatterns(urlPatterns); return authenticationFilter; } @Bean public FilterRegistrationBean ValidationFilterRegistrationBean(){ FilterRegistrationBean authenticationFilter = new FilterRegistrationBean(); authenticationFilter.setFilter( new Cas20ProxyReceivingTicketValidationFilter()); Map<String, String> initParameters = new HashMap<String, String>(); initParameters.put( "casServerUrlPrefix" , "http://127.0.0.1" ); initParameters.put( "serverName" , "http://192.26.4.28:8080" ); authenticationFilter.setInitParameters(initParameters); authenticationFilter.setOrder( 1 ); List<String> urlPatterns = new ArrayList<String>(); urlPatterns.add( "/*" ); // 设置匹配的url authenticationFilter.setUrlPatterns(urlPatterns); return authenticationFilter; } @Bean public FilterRegistrationBean casHttpServletRequestWrapperFilter(){ FilterRegistrationBean authenticationFilter = new FilterRegistrationBean(); authenticationFilter.setFilter( new HttpServletRequestWrapperFilter()); authenticationFilter.setOrder( 3 ); List<String> urlPatterns = new ArrayList<String>(); urlPatterns.add( "/*" ); // 设置匹配的url authenticationFilter.setUrlPatterns(urlPatterns); return authenticationFilter; } @Bean public FilterRegistrationBean casAssertionThreadLocalFilter(){ FilterRegistrationBean authenticationFilter = new FilterRegistrationBean(); authenticationFilter.setFilter( new AssertionThreadLocalFilter()); authenticationFilter.setOrder( 4 ); List<String> urlPatterns = new ArrayList<String>(); urlPatterns.add( "/*" ); // 设置匹配的url authenticationFilter.setUrlPatterns(urlPatterns); return authenticationFilter; } } |
通过上面的配置,也可以完成CAS Client的认证
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持服务器之家。
原文链接:http://blog.csdn.net/liuchuanhong1/article/details/73176603