spring boot整合CAS配置详解
程序员文章站
2024-02-20 09:43:10
在下不才,以下是我花了好几天的时间才整合出来的在spring boot里面的cas配置整合
为了帮助没搞定的人,毕竟自己踩了很多坑,一步一步爬过来的,有什么不足之处可...
在下不才,以下是我花了好几天的时间才整合出来的在spring boot里面的cas配置整合
为了帮助没搞定的人,毕竟自己踩了很多坑,一步一步爬过来的,有什么不足之处可以给建议 谢谢(小部分代码是整合他人的)
1.不多废话,直接上最重要的代码,以下代码整合cas的重要过程
import org.jasig.cas.client.authentication.authenticationfilter; import org.jasig.cas.client.session.singlesignoutfilter; import org.jasig.cas.client.session.singlesignouthttpsessionlistener; import org.jasig.cas.client.util.assertionthreadlocalfilter; import org.jasig.cas.client.util.httpservletrequestwrapperfilter; import org.jasig.cas.client.validation.cas20proxyreceivingticketvalidationfilter; import org.jasig.cas.client.validation.cas20serviceticketvalidator; import org.springframework.beans.factory.annotation.autowired; import org.springframework.boot.web.servlet.filterregistrationbean; import org.springframework.boot.web.servlet.servletlistenerregistrationbean; import org.springframework.context.annotation.bean; import org.springframework.context.annotation.configuration; import org.springframework.security.cas.serviceproperties; import org.springframework.security.cas.authentication.casauthenticationprovider; import org.springframework.security.cas.userdetails.grantedauthorityfromassertionattributesuserdetailsservice; import org.springframework.security.web.authentication.logout.logoutfilter; import org.springframework.security.web.authentication.logout.securitycontextlogouthandler; import java.util.list; @configuration public class casconfig { @autowired springcasautoconfig autoconfig; private static boolean casenabled = true; public casconfig() { } @bean public springcasautoconfig getspringcasautoconfig(){ return new springcasautoconfig(); } /** * 用于实现单点登出功能 */ @bean public servletlistenerregistrationbean<singlesignouthttpsessionlistener> singlesignouthttpsessionlistener() { servletlistenerregistrationbean<singlesignouthttpsessionlistener> listener = new servletlistenerregistrationbean<>(); listener.setenabled(casenabled); listener.setlistener(new singlesignouthttpsessionlistener()); listener.setorder(1); return listener; } /** * 该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前 */ @bean public filterregistrationbean logoutfilter() { filterregistrationbean filterregistration = new filterregistrationbean(); logoutfilter logoutfilter = new logoutfilter(autoconfig.getcasserverurlprefix() + "/logout?service=" + autoconfig.getservername(),new securitycontextlogouthandler()); filterregistration.setfilter(logoutfilter); filterregistration.setenabled(casenabled); if(autoconfig.getsignoutfilters().size()>0) filterregistration.seturlpatterns(autoconfig.getsignoutfilters()); else filterregistration.addurlpatterns("/logout"); filterregistration.addinitparameter("casserverurlprefix", autoconfig.getcasserverurlprefix()); filterregistration.addinitparameter("servername", autoconfig.getservername()); filterregistration.setorder(2); return filterregistration; } /** * 该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前 */ @bean public filterregistrationbean singlesignoutfilter() { filterregistrationbean filterregistration = new filterregistrationbean(); filterregistration.setfilter(new singlesignoutfilter()); filterregistration.setenabled(casenabled); if(autoconfig.getsignoutfilters().size()>0) filterregistration.seturlpatterns(autoconfig.getsignoutfilters()); else filterregistration.addurlpatterns("/*"); filterregistration.addinitparameter("casserverurlprefix", autoconfig.getcasserverurlprefix()); filterregistration.addinitparameter("servername", autoconfig.getservername()); filterregistration.setorder(3); return filterregistration; } /** * 该过滤器负责用户的认证工作 */ @bean public filterregistrationbean authenticationfilter() { filterregistrationbean filterregistration = new filterregistrationbean(); filterregistration.setfilter(new authenticationfilter()); filterregistration.setenabled(casenabled); if(autoconfig.getauthfilters().size()>0) filterregistration.seturlpatterns(autoconfig.getauthfilters()); else filterregistration.addurlpatterns("/*"); //casserverloginurl:cas服务的登陆url filterregistration.addinitparameter("casserverloginurl", autoconfig.getcasserverloginurl()); //本项目登录ip+port filterregistration.addinitparameter("servername", autoconfig.getservername()); filterregistration.addinitparameter("usesession", autoconfig.isusesession()?"true":"false"); filterregistration.addinitparameter("redirectaftervalidation", autoconfig.isredirectaftervalidation()?"true":"false"); filterregistration.setorder(4); return filterregistration; } /** * 该过滤器负责对ticket的校验工作 */ @bean public filterregistrationbean cas20proxyreceivingticketvalidationfilter() { filterregistrationbean filterregistration = new filterregistrationbean(); cas20proxyreceivingticketvalidationfilter cas20proxyreceivingticketvalidationfilter = new cas20proxyreceivingticketvalidationfilter(); //cas20proxyreceivingticketvalidationfilter.setticketvalidator(cas20serviceticketvalidator()); cas20proxyreceivingticketvalidationfilter.setservername(autoconfig.getservername()); filterregistration.setfilter(cas20proxyreceivingticketvalidationfilter); filterregistration.setenabled(casenabled); if(autoconfig.getvalidatefilters().size()>0) filterregistration.seturlpatterns(autoconfig.getvalidatefilters()); else filterregistration.addurlpatterns("/*"); filterregistration.addinitparameter("casserverurlprefix", autoconfig.getcasserverurlprefix()); filterregistration.addinitparameter("servername", autoconfig.getservername()); filterregistration.setorder(5); return filterregistration; } /** * 该过滤器对httpservletrequest请求包装, 可通过httpservletrequest的getremoteuser()方法获得登录用户的登录名 * */ @bean public filterregistrationbean httpservletrequestwrapperfilter() { filterregistrationbean filterregistration = new filterregistrationbean(); filterregistration.setfilter(new httpservletrequestwrapperfilter()); filterregistration.setenabled(true); if(autoconfig.getrequestwrapperfilters().size()>0) filterregistration.seturlpatterns(autoconfig.getrequestwrapperfilters()); else filterregistration.addurlpatterns("/*"); filterregistration.setorder(6); return filterregistration; } /** * 该过滤器使得可以通过org.jasig.cas.client.util.assertionholder来获取用户的登录名。 比如assertionholder.getassertion().getprincipal().getname()。 这个类把assertion信息放在threadlocal变量中,这样应用程序不在web层也能够获取到当前登录信息 */ @bean public filterregistrationbean assertionthreadlocalfilter() { filterregistrationbean filterregistration = new filterregistrationbean(); filterregistration.setfilter(new assertionthreadlocalfilter()); filterregistration.setenabled(true); if(autoconfig.getassertionfilters().size()>0) filterregistration.seturlpatterns(autoconfig.getassertionfilters()); else filterregistration.addurlpatterns("/*"); filterregistration.setorder(7); return filterregistration; } }
2.为了让你们更省力且直接的看到效果,我把相关配置也贴出来
import org.springframework.boot.context.properties.configurationproperties; import org.springframework.context.annotation.configuration; import java.util.arrays; import java.util.list; @configurationproperties(prefix = "spring.cas") public class springcasautoconfig { static final string separator = ","; private string validatefilters; private string signoutfilters; private string authfilters; private string assertionfilters; private string requestwrapperfilters; private string casserverurlprefix; private string casserverloginurl; private string servername; private boolean usesession = true; private boolean redirectaftervalidation = true; public list<string> getvalidatefilters() { return arrays.aslist(validatefilters.split(separator)); } public void setvalidatefilters(string validatefilters) { this.validatefilters = validatefilters; } public list<string> getsignoutfilters() { return arrays.aslist(signoutfilters.split(separator)); } public void setsignoutfilters(string signoutfilters) { this.signoutfilters = signoutfilters; } public list<string> getauthfilters() { return arrays.aslist(authfilters.split(separator)); } public void setauthfilters(string authfilters) { this.authfilters = authfilters; } public list<string> getassertionfilters() { return arrays.aslist(assertionfilters.split(separator)); } public void setassertionfilters(string assertionfilters) { this.assertionfilters = assertionfilters; } public list<string> getrequestwrapperfilters() { return arrays.aslist(requestwrapperfilters.split(separator)); } public void setrequestwrapperfilters(string requestwrapperfilters) { this.requestwrapperfilters = requestwrapperfilters; } public string getcasserverurlprefix() { return casserverurlprefix; } public void setcasserverurlprefix(string casserverurlprefix) { this.casserverurlprefix = casserverurlprefix; } public string getcasserverloginurl() { return casserverloginurl; } public void setcasserverloginurl(string casserverloginurl) { this.casserverloginurl = casserverloginurl; } public string getservername() { return servername; } public void setservername(string servername) { this.servername = servername; } public boolean isredirectaftervalidation() { return redirectaftervalidation; } public void setredirectaftervalidation(boolean redirectaftervalidation) { this.redirectaftervalidation = redirectaftervalidation; } public boolean isusesession() { return usesession; } public void setusesession(boolean usesession) { this.usesession = usesession; } }
3.配置文件 dev.yml
#cas client config spring:cas: sign-out-filters: /logout auth-filters: /* validate-filters: /* request-wrapper-filters: /* assertion-filters: /* cas-server-login-url: cas登录url cas-server-url-prefix:cas登录域名 redirect-after-validation: true use-session: true server-name: http://localhost:8080
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。