欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

spring boot整合CAS Client实现单点登陆验证的示例

程序员文章站 2023-12-10 14:25:16
本文介绍了spring boot整合cas client实现单点登陆验证的示例,分享给大家,也给自己留个笔记,具体如下: 单点登录( single sign-on , 简...

本文介绍了spring boot整合cas client实现单点登陆验证的示例,分享给大家,也给自己留个笔记,具体如下:

单点登录( single sign-on , 简称 sso )是目前比较流行的服务于企业业务整合的解决方案之一, sso 使得在多个应用系统中,用户只需要 登录一次 就可以访问所有相互信任的应用系统。

cas client

负责处理对客户端受保护资源的访问请求,需要对请求方进行身份认证时,重定向到 cas server 进行认证。(原则上,客户端应用不再接受任何的用户名密码等 credentials )。

实现方式一:使用第三方的starter

1、依赖的jar

<dependency> 
  <groupid>net.unicon.cas</groupid> 
  <artifactid>cas-client-autoconfig-support</artifactid> 
  <version>1.4.0-ga</version> 
 </dependency>

2、增加配置文件

cas.server-url-prefix=http://127.0.0.1 
cas.server-login-url=http://127.0.0.1/login 
cas.client-host-url=http://192.26.4.28:8080 
cas.validation-type=cas

3、开启cas client支持

@springbootapplication 
@componentscan(basepackages={"com.chhliu.emailservice"}) 
@enablecasclient // 开启cas支持 
public class application extends springbootservletinitializer{ 
 
 public static void main(string[] args) { 
 springapplication.run(application.class, args); 
  
 } 
}

通过上面的3步,就可以完成cas的客户端认证了!

4、扩展

cas.validation-type目前支持3中方式:1、cas;2、cas3;3、saml

其他可用的配置如下:

cas.authentication-url-patterns 
cas.validation-url-patterns 
cas.request-wrapper-url-patterns 
cas.assertion-thread-local-url-patterns 
cas.gateway 
cas.use-session 
cas.redirect-after-validation 
cas.allowed-proxy-chains 
cas.proxy-callback-url 
cas.proxy-receptor-url 
cas.accept-any-proxy 
server.context-parameters.renew

具体的含义从名字上就可以很清楚的看出来。

实现方式二:手动配置

我们原来使用cas client,需要在web.xml中做如下配置:

<filter> 
 <filter-name>authenticationfilter</filter-name> 
 <filter-class>org.jasig.cas.client.authentication.authenticationfilter</filter-class> 
 <init-param> 
  <param-name>casserverloginurl</param-name> 
  <param-value>http://127.0.0.1/login</param-value> 
 </init-param> 
 <init-param> 
  <param-name>servername</param-name> 
  <param-value>http://192.26.4.28:8080</param-value> 
 </init-param> 
 </filter> 
 <filter-mapping> 
 <filter-name>authenticationfilter</filter-name> 
 <url-pattern>/*</url-pattern> 
 </filter-mapping> 
 <!-- 该过滤器负责对ticket的校验工作,必须启用它 --> 
 <filter> 
 <filter-name>validationfilter</filter-name> 
 <filter-class>org.jasig.cas.client.validation.cas20proxyreceivingticketvalidationfilter</filter-class> 
 <init-param> 
  <param-name>casserverurlprefix</param-name> 
  <param-value>http://127.0.0.1</param-value> 
 </init-param> 
 <init-param> 
  <param-name>servername</param-name> 
  <param-value>http://192.26.4.28:8080</param-value> 
 </init-param> 
 <!-- <init-param> 
  <param-name>redirectaftervalidation</param-name> 
  <param-value>true</param-value> 
 </init-param> 
 <init-param> 
  <param-name>usesession</param-name> 
  <param-value>true</param-value> 
 </init-param> --> 
 </filter> 
 <filter-mapping> 
 <filter-name>validationfilter</filter-name> 
 <url-pattern>/*</url-pattern> 
 </filter-mapping> 
 <!-- 该过滤器负责实现httpservletrequest请求的包裹, 比如允许开发者通过httpservletrequest的getremoteuser()方法获得sso登录用户的登录名,可选配置。 --> 
 <filter> 
 <filter-name>httpservletrequestwrapperfilter</filter-name> 
 <filter-class>org.jasig.cas.client.util.httpservletrequestwrapperfilter</filter-class> 
 </filter> 
 <filter-mapping> 
 <filter-name>httpservletrequestwrapperfilter</filter-name> 
 <url-pattern>/*</url-pattern> 
 </filter-mapping>

所以,我们手动配置的时候,需要手动配置上面xml中对应的filter,代码如下:

@configuration 
@component 
public class casconfigure { 
 
 @bean 
 public filterregistrationbean authenticationfilterregistrationbean() { 
 filterregistrationbean authenticationfilter = new filterregistrationbean(); 
 authenticationfilter.setfilter(new authenticationfilter()); 
 map<string, string> initparameters = new hashmap<string, string>(); 
 initparameters.put("casserverloginurl", "http://127.0.0.1/login"); 
 initparameters.put("servername", "http://192.26.4.28:8080"); 
 authenticationfilter.setinitparameters(initparameters); 
 authenticationfilter.setorder(2); 
 list<string> urlpatterns = new arraylist<string>(); 
 urlpatterns.add("/*");// 设置匹配的url 
 authenticationfilter.seturlpatterns(urlpatterns); 
 return authenticationfilter; 
 } 
 
 @bean 
 public filterregistrationbean validationfilterregistrationbean(){ 
 filterregistrationbean authenticationfilter = new filterregistrationbean(); 
 authenticationfilter.setfilter(new cas20proxyreceivingticketvalidationfilter()); 
 map<string, string> initparameters = new hashmap<string, string>(); 
 initparameters.put("casserverurlprefix", "http://127.0.0.1"); 
 initparameters.put("servername", "http://192.26.4.28:8080"); 
 authenticationfilter.setinitparameters(initparameters); 
 authenticationfilter.setorder(1); 
 list<string> urlpatterns = new arraylist<string>(); 
 urlpatterns.add("/*");// 设置匹配的url 
 authenticationfilter.seturlpatterns(urlpatterns); 
 return authenticationfilter; 
 } 
 
 @bean 
 public filterregistrationbean cashttpservletrequestwrapperfilter(){ 
 filterregistrationbean authenticationfilter = new filterregistrationbean(); 
 authenticationfilter.setfilter(new httpservletrequestwrapperfilter()); 
 authenticationfilter.setorder(3); 
 list<string> urlpatterns = new arraylist<string>(); 
 urlpatterns.add("/*");// 设置匹配的url 
 authenticationfilter.seturlpatterns(urlpatterns); 
 return authenticationfilter; 
 } 
 
 @bean 
 public filterregistrationbean casassertionthreadlocalfilter(){ 
 filterregistrationbean authenticationfilter = new filterregistrationbean(); 
 authenticationfilter.setfilter(new assertionthreadlocalfilter()); 
 authenticationfilter.setorder(4); 
 list<string> urlpatterns = new arraylist<string>(); 
 urlpatterns.add("/*");// 设置匹配的url 
 authenticationfilter.seturlpatterns(urlpatterns); 
 return authenticationfilter; 
 } 
}

通过上面的配置,也可以完成cas client的认证

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。

上一篇: 索尼PS4/PS Vita游戏机正式入华 PS4售2899元

下一篇:

推荐阅读