详解spring boot配置单点登录
程序员文章站
2024-03-03 14:52:22
概述
企业内部一般都有一套单点登录系统(常用的实现有apereo cas),所有的内部系统的登录认证都对接它。本文介绍spring boot的程序如何对接cas服务。...
概述
企业内部一般都有一套单点登录系统(常用的实现有apereo cas),所有的内部系统的登录认证都对接它。本文介绍spring boot的程序如何对接cas服务。
常用的安全框架有spring security和apache shiro。shiro的配置和使用相对简单,本文使用shrio对接cas服务。
配置
新增依赖
pom.xml新增:
<properties>
<shiro.version>1.2.4</shiro.version>
</properties>
<dependencies>
<!--apache shiro -->
<dependency>
<groupid>org.apache.shiro</groupid>
<artifactid>shiro-spring</artifactid>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupid>org.apache.shiro</groupid>
<artifactid>shiro-ehcache</artifactid>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupid>org.apache.shiro</groupid>
<artifactid>shiro-cas</artifactid>
<version>${shiro.version}</version>
</dependency>
</dependencies>
spring boot配置
application.properties
shiro.cas=https://cas.xxx.com # 这是cas服务的地址 shiro.server=http://127.0.0.1:8080 # 自己应用的地址,测试使用127即可
应用配置
初始化shiro bean,将文件放到任意子包下即可,比如xxx.config,spring boot会自动扫描加载
@configuration
public class shirocasconfiguration {
private static final string casfilterurlpattern = "/shiro-cas";
@bean
public filterregistrationbean filterregistrationbean() {
filterregistrationbean filterregistration = new filterregistrationbean();
filterregistration.setfilter(new delegatingfilterproxy("shirofilter"));
filterregistration.addinitparameter("targetfilterlifecycle", "true");
filterregistration.setenabled(true);
filterregistration.addurlpatterns("/*");
return filterregistration;
}
@bean(name = "lifecyclebeanpostprocessor")
public lifecyclebeanpostprocessor getlifecyclebeanpostprocessor() {
return new lifecyclebeanpostprocessor();
}
@bean(name = "securitymanager")
public defaultwebsecuritymanager getdefaultwebsecuritymanager(@value("${shiro.cas}") string casserverurlprefix,
@value("${shiro.server}") string shiroserverurlprefix) {
defaultwebsecuritymanager securitymanager = new defaultwebsecuritymanager();
casrealm casrealm = new casrealm();
casrealm.setdefaultroles("role_user");
casrealm.setcasserverurlprefix(casserverurlprefix);
casrealm.setcasservice(shiroserverurlprefix + casfilterurlpattern);
securitymanager.setrealm(casrealm);
securitymanager.setcachemanager(new memoryconstrainedcachemanager());
securitymanager.setsubjectfactory(new cassubjectfactory());
return securitymanager;
}
private void loadshirofilterchain(shirofilterfactorybean shirofilterfactorybean) {
map<string, string> filterchaindefinitionmap = new linkedhashmap<>();
filterchaindefinitionmap.put(casfilterurlpattern, "casfilter");
filterchaindefinitionmap.put("/login", "anon");
filterchaindefinitionmap.put("/bower_components/**", "anon");//可以将不需要拦截的静态文件目录加进去
filterchaindefinitionmap.put("/logout","logout");
filterchaindefinitionmap.put("/**", "authc");
shirofilterfactorybean.setfilterchaindefinitionmap(filterchaindefinitionmap);
}
/**
* cas filter
*/
@bean(name = "casfilter")
public casfilter getcasfilter(@value("${shiro.cas}") string casserverurlprefix,
@value("${shiro.server}") string shiroserverurlprefix) {
casfilter casfilter = new casfilter();
casfilter.setname("casfilter");
casfilter.setenabled(true);
string loginurl = casserverurlprefix + "/login?service=" + shiroserverurlprefix + casfilterurlpattern;
casfilter.setfailureurl(loginurl);
return casfilter;
}
@bean(name = "shirofilter")
public shirofilterfactorybean getshirofilterfactorybean(defaultwebsecuritymanager securitymanager,
casfilter casfilter,
@value("${shiro.cas}") string casserverurlprefix,
@value("${shiro.server}") string shiroserverurlprefix) {
shirofilterfactorybean shirofilterfactorybean = new shirofilterfactorybean();
shirofilterfactorybean.setsecuritymanager(securitymanager);
string loginurl = casserverurlprefix + "/login?service=" + shiroserverurlprefix + casfilterurlpattern;
shirofilterfactorybean.setloginurl(loginurl);
shirofilterfactorybean.setsuccessurl("/");
map<string, filter> filters = new hashmap<>();
filters.put("casfilter", casfilter);
logoutfilter logoutfilter = new logoutfilter();
logoutfilter.setredirecturl(casserverurlprefix + "/logout?service=" + shiroserverurlprefix);
filters.put("logout",logoutfilter);
shirofilterfactorybean.setfilters(filters);
loadshirofilterchain(shirofilterfactorybean);
return shirofilterfactorybean;
}
}
程序中获取登录的用户名
上述配置完成后,就可以找程序中获取登录用户的名字了
public string getusername() {
subject subject = securityutils.getsubject();
if (subject == null || subject.getprincipals() == null) {
return defaultuser;
}
return (string) subject.getprincipals().getprimaryprincipal();
}
总结
shiro使用还是比较简单的,使用的时候只需要修改application.properties即可
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。
上一篇: Struts2动态结果集代码示例