欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

spring boot整合CAS配置详解

程序员文章站 2024-02-20 09:43:10
在下不才,以下是我花了好几天的时间才整合出来的在spring boot里面的cas配置整合 为了帮助没搞定的人,毕竟自己踩了很多坑,一步一步爬过来的,有什么不足之处可...

在下不才,以下是我花了好几天的时间才整合出来的在spring boot里面的cas配置整合

为了帮助没搞定的人,毕竟自己踩了很多坑,一步一步爬过来的,有什么不足之处可以给建议  谢谢(小部分代码是整合他人的)

1.不多废话,直接上最重要的代码,以下代码整合cas的重要过程

import org.jasig.cas.client.authentication.authenticationfilter; 
import org.jasig.cas.client.session.singlesignoutfilter; 
import org.jasig.cas.client.session.singlesignouthttpsessionlistener; 
import org.jasig.cas.client.util.assertionthreadlocalfilter; 
import org.jasig.cas.client.util.httpservletrequestwrapperfilter; 
import org.jasig.cas.client.validation.cas20proxyreceivingticketvalidationfilter; 
import org.jasig.cas.client.validation.cas20serviceticketvalidator; 
import org.springframework.beans.factory.annotation.autowired; 
import org.springframework.boot.web.servlet.filterregistrationbean; 
import org.springframework.boot.web.servlet.servletlistenerregistrationbean; 
import org.springframework.context.annotation.bean; 
import org.springframework.context.annotation.configuration; 
import org.springframework.security.cas.serviceproperties; 
import org.springframework.security.cas.authentication.casauthenticationprovider; 
import org.springframework.security.cas.userdetails.grantedauthorityfromassertionattributesuserdetailsservice; 
import org.springframework.security.web.authentication.logout.logoutfilter; 
import org.springframework.security.web.authentication.logout.securitycontextlogouthandler; 
 
import java.util.list; 
 
 
@configuration 
public class casconfig { 
   
  @autowired 
  springcasautoconfig autoconfig; 
   
  private static boolean casenabled = true; 
   
  public casconfig() { 
  } 
 
  @bean 
  public springcasautoconfig getspringcasautoconfig(){ 
    return new springcasautoconfig(); 
  } 
 
  /** 
   * 用于实现单点登出功能 
   */ 
  @bean 
  public servletlistenerregistrationbean<singlesignouthttpsessionlistener> singlesignouthttpsessionlistener() { 
    servletlistenerregistrationbean<singlesignouthttpsessionlistener> listener = new servletlistenerregistrationbean<>(); 
    listener.setenabled(casenabled); 
    listener.setlistener(new singlesignouthttpsessionlistener()); 
    listener.setorder(1); 
    return listener; 
  } 
 
  /** 
   * 该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前 
   */ 
  @bean 
  public filterregistrationbean logoutfilter() { 
    filterregistrationbean filterregistration = new filterregistrationbean(); 
    logoutfilter logoutfilter = new logoutfilter(autoconfig.getcasserverurlprefix() + "/logout?service=" + autoconfig.getservername(),new securitycontextlogouthandler()); 
    filterregistration.setfilter(logoutfilter); 
    filterregistration.setenabled(casenabled); 
    if(autoconfig.getsignoutfilters().size()>0) 
      filterregistration.seturlpatterns(autoconfig.getsignoutfilters()); 
    else 
      filterregistration.addurlpatterns("/logout"); 
    filterregistration.addinitparameter("casserverurlprefix", autoconfig.getcasserverurlprefix()); 
    filterregistration.addinitparameter("servername", autoconfig.getservername()); 
    filterregistration.setorder(2); 
    return filterregistration; 
  } 
 
  /** 
   * 该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前 
   */ 
  @bean 
  public filterregistrationbean singlesignoutfilter() { 
    filterregistrationbean filterregistration = new filterregistrationbean(); 
    filterregistration.setfilter(new singlesignoutfilter()); 
    filterregistration.setenabled(casenabled); 
    if(autoconfig.getsignoutfilters().size()>0) 
      filterregistration.seturlpatterns(autoconfig.getsignoutfilters()); 
    else 
      filterregistration.addurlpatterns("/*"); 
    filterregistration.addinitparameter("casserverurlprefix", autoconfig.getcasserverurlprefix()); 
    filterregistration.addinitparameter("servername", autoconfig.getservername()); 
    filterregistration.setorder(3); 
    return filterregistration; 
  } 
 
  /** 
   * 该过滤器负责用户的认证工作 
   */ 
  @bean 
  public filterregistrationbean authenticationfilter() { 
    filterregistrationbean filterregistration = new filterregistrationbean(); 
    filterregistration.setfilter(new authenticationfilter()); 
    filterregistration.setenabled(casenabled); 
    if(autoconfig.getauthfilters().size()>0) 
      filterregistration.seturlpatterns(autoconfig.getauthfilters()); 
    else 
      filterregistration.addurlpatterns("/*"); 
    //casserverloginurl:cas服务的登陆url 
    filterregistration.addinitparameter("casserverloginurl", autoconfig.getcasserverloginurl()); 
    //本项目登录ip+port 
    filterregistration.addinitparameter("servername", autoconfig.getservername()); 
    filterregistration.addinitparameter("usesession", autoconfig.isusesession()?"true":"false"); 
    filterregistration.addinitparameter("redirectaftervalidation", autoconfig.isredirectaftervalidation()?"true":"false"); 
    filterregistration.setorder(4); 
    return filterregistration; 
  } 
 
  /** 
   * 该过滤器负责对ticket的校验工作 
   */ 
  @bean 
  public filterregistrationbean cas20proxyreceivingticketvalidationfilter() { 
    filterregistrationbean filterregistration = new filterregistrationbean(); 
    cas20proxyreceivingticketvalidationfilter cas20proxyreceivingticketvalidationfilter = new cas20proxyreceivingticketvalidationfilter(); 
    //cas20proxyreceivingticketvalidationfilter.setticketvalidator(cas20serviceticketvalidator()); 
    cas20proxyreceivingticketvalidationfilter.setservername(autoconfig.getservername()); 
    filterregistration.setfilter(cas20proxyreceivingticketvalidationfilter); 
    filterregistration.setenabled(casenabled); 
    if(autoconfig.getvalidatefilters().size()>0) 
      filterregistration.seturlpatterns(autoconfig.getvalidatefilters()); 
    else 
      filterregistration.addurlpatterns("/*"); 
    filterregistration.addinitparameter("casserverurlprefix", autoconfig.getcasserverurlprefix()); 
    filterregistration.addinitparameter("servername", autoconfig.getservername()); 
    filterregistration.setorder(5); 
    return filterregistration; 
  } 
 
 
  /** 
   * 该过滤器对httpservletrequest请求包装, 可通过httpservletrequest的getremoteuser()方法获得登录用户的登录名 
   * 
   */ 
  @bean 
  public filterregistrationbean httpservletrequestwrapperfilter() { 
    filterregistrationbean filterregistration = new filterregistrationbean(); 
    filterregistration.setfilter(new httpservletrequestwrapperfilter()); 
    filterregistration.setenabled(true); 
    if(autoconfig.getrequestwrapperfilters().size()>0) 
      filterregistration.seturlpatterns(autoconfig.getrequestwrapperfilters()); 
    else 
      filterregistration.addurlpatterns("/*"); 
    filterregistration.setorder(6); 
    return filterregistration; 
  } 
 
  /** 
   * 该过滤器使得可以通过org.jasig.cas.client.util.assertionholder来获取用户的登录名。 
   比如assertionholder.getassertion().getprincipal().getname()。 
   这个类把assertion信息放在threadlocal变量中,这样应用程序不在web层也能够获取到当前登录信息 
   */ 
  @bean 
  public filterregistrationbean assertionthreadlocalfilter() { 
    filterregistrationbean filterregistration = new filterregistrationbean(); 
    filterregistration.setfilter(new assertionthreadlocalfilter()); 
    filterregistration.setenabled(true); 
    if(autoconfig.getassertionfilters().size()>0) 
      filterregistration.seturlpatterns(autoconfig.getassertionfilters()); 
    else 
      filterregistration.addurlpatterns("/*"); 
    filterregistration.setorder(7); 
    return filterregistration; 
  } 
} 

2.为了让你们更省力且直接的看到效果,我把相关配置也贴出来

import org.springframework.boot.context.properties.configurationproperties; 
import org.springframework.context.annotation.configuration; 
 
import java.util.arrays; 
import java.util.list; 
 
@configurationproperties(prefix = "spring.cas") 
public class springcasautoconfig { 
 
  static final string separator = ","; 
 
  private string validatefilters; 
  private string signoutfilters; 
  private string authfilters; 
  private string assertionfilters; 
  private string requestwrapperfilters; 
 
  private string casserverurlprefix; 
  private string casserverloginurl; 
  private string servername; 
  private boolean usesession = true; 
  private boolean redirectaftervalidation = true; 
 
  public list<string> getvalidatefilters() { 
    return arrays.aslist(validatefilters.split(separator)); 
  } 
  public void setvalidatefilters(string validatefilters) { 
    this.validatefilters = validatefilters; 
  } 
  public list<string> getsignoutfilters() { 
    return arrays.aslist(signoutfilters.split(separator)); 
  } 
  public void setsignoutfilters(string signoutfilters) { 
    this.signoutfilters = signoutfilters; 
  } 
  public list<string> getauthfilters() { 
    return arrays.aslist(authfilters.split(separator)); 
  } 
  public void setauthfilters(string authfilters) { 
    this.authfilters = authfilters; 
  } 
  public list<string> getassertionfilters() { 
    return arrays.aslist(assertionfilters.split(separator)); 
  } 
  public void setassertionfilters(string assertionfilters) { 
    this.assertionfilters = assertionfilters; 
  } 
  public list<string> getrequestwrapperfilters() { 
    return arrays.aslist(requestwrapperfilters.split(separator)); 
  } 
  public void setrequestwrapperfilters(string requestwrapperfilters) { 
    this.requestwrapperfilters = requestwrapperfilters; 
  } 
  public string getcasserverurlprefix() { 
    return casserverurlprefix; 
  } 
  public void setcasserverurlprefix(string casserverurlprefix) { 
    this.casserverurlprefix = casserverurlprefix; 
  } 
  public string getcasserverloginurl() { 
    return casserverloginurl; 
  } 
  public void setcasserverloginurl(string casserverloginurl) { 
    this.casserverloginurl = casserverloginurl; 
  } 
  public string getservername() { 
    return servername; 
  } 
  public void setservername(string servername) { 
    this.servername = servername; 
  } 
  public boolean isredirectaftervalidation() { 
    return redirectaftervalidation; 
  } 
  public void setredirectaftervalidation(boolean redirectaftervalidation) { 
    this.redirectaftervalidation = redirectaftervalidation; 
  } 
  public boolean isusesession() { 
    return usesession; 
  } 
  public void setusesession(boolean usesession) { 
    this.usesession = usesession; 
  } 
 
} 

3.配置文件  dev.yml

  #cas client config 
  spring:cas: 
  sign-out-filters: /logout 
  auth-filters: /* 
  validate-filters: /* 
  request-wrapper-filters: /* 
  assertion-filters: /* 
  cas-server-login-url: cas登录url 
  cas-server-url-prefix:cas登录域名 
  redirect-after-validation: true 
  use-session: true 
  server-name: http://localhost:8080

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。