详解spring boot配置单点登录
程序员文章站
2024-03-03 14:52:22
概述
企业内部一般都有一套单点登录系统(常用的实现有apereo cas),所有的内部系统的登录认证都对接它。本文介绍spring boot的程序如何对接cas服务。...
概述
企业内部一般都有一套单点登录系统(常用的实现有apereo cas),所有的内部系统的登录认证都对接它。本文介绍spring boot的程序如何对接cas服务。
常用的安全框架有spring security和apache shiro。shiro的配置和使用相对简单,本文使用shrio对接cas服务。
配置
新增依赖
pom.xml新增:
<properties> <shiro.version>1.2.4</shiro.version> </properties> <dependencies> <!--apache shiro --> <dependency> <groupid>org.apache.shiro</groupid> <artifactid>shiro-spring</artifactid> <version>${shiro.version}</version> </dependency> <dependency> <groupid>org.apache.shiro</groupid> <artifactid>shiro-ehcache</artifactid> <version>${shiro.version}</version> </dependency> <dependency> <groupid>org.apache.shiro</groupid> <artifactid>shiro-cas</artifactid> <version>${shiro.version}</version> </dependency> </dependencies>
spring boot配置
application.properties
shiro.cas=https://cas.xxx.com # 这是cas服务的地址 shiro.server=http://127.0.0.1:8080 # 自己应用的地址,测试使用127即可
应用配置
初始化shiro bean,将文件放到任意子包下即可,比如xxx.config,spring boot会自动扫描加载
@configuration public class shirocasconfiguration { private static final string casfilterurlpattern = "/shiro-cas"; @bean public filterregistrationbean filterregistrationbean() { filterregistrationbean filterregistration = new filterregistrationbean(); filterregistration.setfilter(new delegatingfilterproxy("shirofilter")); filterregistration.addinitparameter("targetfilterlifecycle", "true"); filterregistration.setenabled(true); filterregistration.addurlpatterns("/*"); return filterregistration; } @bean(name = "lifecyclebeanpostprocessor") public lifecyclebeanpostprocessor getlifecyclebeanpostprocessor() { return new lifecyclebeanpostprocessor(); } @bean(name = "securitymanager") public defaultwebsecuritymanager getdefaultwebsecuritymanager(@value("${shiro.cas}") string casserverurlprefix, @value("${shiro.server}") string shiroserverurlprefix) { defaultwebsecuritymanager securitymanager = new defaultwebsecuritymanager(); casrealm casrealm = new casrealm(); casrealm.setdefaultroles("role_user"); casrealm.setcasserverurlprefix(casserverurlprefix); casrealm.setcasservice(shiroserverurlprefix + casfilterurlpattern); securitymanager.setrealm(casrealm); securitymanager.setcachemanager(new memoryconstrainedcachemanager()); securitymanager.setsubjectfactory(new cassubjectfactory()); return securitymanager; } private void loadshirofilterchain(shirofilterfactorybean shirofilterfactorybean) { map<string, string> filterchaindefinitionmap = new linkedhashmap<>(); filterchaindefinitionmap.put(casfilterurlpattern, "casfilter"); filterchaindefinitionmap.put("/login", "anon"); filterchaindefinitionmap.put("/bower_components/**", "anon");//可以将不需要拦截的静态文件目录加进去 filterchaindefinitionmap.put("/logout","logout"); filterchaindefinitionmap.put("/**", "authc"); shirofilterfactorybean.setfilterchaindefinitionmap(filterchaindefinitionmap); } /** * cas filter */ @bean(name = "casfilter") public casfilter getcasfilter(@value("${shiro.cas}") string casserverurlprefix, @value("${shiro.server}") string shiroserverurlprefix) { casfilter casfilter = new casfilter(); casfilter.setname("casfilter"); casfilter.setenabled(true); string loginurl = casserverurlprefix + "/login?service=" + shiroserverurlprefix + casfilterurlpattern; casfilter.setfailureurl(loginurl); return casfilter; } @bean(name = "shirofilter") public shirofilterfactorybean getshirofilterfactorybean(defaultwebsecuritymanager securitymanager, casfilter casfilter, @value("${shiro.cas}") string casserverurlprefix, @value("${shiro.server}") string shiroserverurlprefix) { shirofilterfactorybean shirofilterfactorybean = new shirofilterfactorybean(); shirofilterfactorybean.setsecuritymanager(securitymanager); string loginurl = casserverurlprefix + "/login?service=" + shiroserverurlprefix + casfilterurlpattern; shirofilterfactorybean.setloginurl(loginurl); shirofilterfactorybean.setsuccessurl("/"); map<string, filter> filters = new hashmap<>(); filters.put("casfilter", casfilter); logoutfilter logoutfilter = new logoutfilter(); logoutfilter.setredirecturl(casserverurlprefix + "/logout?service=" + shiroserverurlprefix); filters.put("logout",logoutfilter); shirofilterfactorybean.setfilters(filters); loadshirofilterchain(shirofilterfactorybean); return shirofilterfactorybean; } }
程序中获取登录的用户名
上述配置完成后,就可以找程序中获取登录用户的名字了
public string getusername() { subject subject = securityutils.getsubject(); if (subject == null || subject.getprincipals() == null) { return defaultuser; } return (string) subject.getprincipals().getprimaryprincipal(); }
总结
shiro使用还是比较简单的,使用的时候只需要修改application.properties即可
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。
上一篇: Struts2动态结果集代码示例