CAS

back：springboot | 返回：java中常见方法总结

SpringBoot集成CAS客户端

back

针对cas实现单点登录主要是两个部分，一个部分是client，一个部分是server。对于client，我们实现的时候需要在自己的项目中引入相应的jar包，然后增加相应的配置，并且实现相应的过滤器即可。而针对server，目前在cas的官网上下载的server都是springmvc的工程，所以建议直接下载使用，并且根据自己的需要进行修改配置，而不建议将server工程修改成springBoot工程。

SpringBoot集成CAS客户端添加依赖

back

<!-- https://mvnrepository.com/artifact/org.jasig.cas.client/cas-client-core -->
<dependency>
    <groupId>org.jasig.cas.client</groupId>
    <artifactId>cas-client-core</artifactId>
    <version>3.6.1</version>
</dependency>

SpringBoot集成CAS客户端增加配置项

back

#cas config
spring.cas.sign-out-filters=/logout
spring.cas.auth-filters=/*
spring.cas.validate-filters=/*
spring.cas.request-wrapper-filters=/*
spring.cas.assertion-filters=/*
spring.cas.cas-server-login-url=http://localhost:8080/login
spring.cas.cas-server-url-prefix=http://localhost:8080
spring.cas.redirect-after-validation=true
spring.cas.use-session=true
spring.cas.server-name=http://localhost:8001

• spring.cas.cas-server-login-url是登录地址的url
• spring.cas.cas-server-url-prefix是登录地址的IP
• spring.cas.server-name是添加单点登录服务的IP

添加cas自动配置项

back

import org.springframework.boot.context.properties.ConfigurationProperties;
import java.util.Arrays;
import java.util.List;
@ConfigurationProperties(prefix = "spring.cas")
@Getter
@Setter
public class SpringCasAutoconfig {
 static final String separator = ",";
 private String validateFilters;
 private String signOutFilters;
 private String authFilters;
 private String assertionFilters;
 private String requestWrapperFilters;
 private String casServerUrlPrefix;
 private String casServerLoginUrl;
 private String serverName;
 private boolean useSession = true;
 private boolean redirectAfterValidation = true;
}

增加需要的过滤器

back

import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.AssertionThreadLocalFilter;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;

@Configuration
public class CasConfig {

 @Autowired
 SpringCasAutoconfig autoconfig;

 private static boolean casEnabled = true;

 public CasConfig() {
 }

 @Bean
 public SpringCasAutoconfig getSpringCasAutoconfig(){
 return new SpringCasAutoconfig();
 }

 /**
 * 用于实现单点登出功能
 */
 @Bean
 public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() {
 ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listener = new ServletListenerRegistrationBean<>();
 listener.setEnabled(casEnabled);
 listener.setListener(new SingleSignOutHttpSessionListener());
 listener.setOrder(1);
 return listener;
 }

 /**
 * 该过滤器用于实现单点登出功能，单点退出配置，一定要放在其他filter之前
 */
 @Bean
 public FilterRegistrationBean logOutFilter() {
 FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
 LogoutFilter logoutFilter = new LogoutFilter(autoconfig.getCasServerUrlPrefix() + "/logout?service=" + autoconfig.getServerName(),new SecurityContextLogoutHandler());
 filterRegistration.setFilter(logoutFilter);
 filterRegistration.setEnabled(casEnabled);
 if(autoconfig.getSignOutFilters().size()>0)
 filterRegistration.setUrlPatterns(autoconfig.getSignOutFilters());
 else
 filterRegistration.addUrlPatterns("/logout");
 filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix());
 filterRegistration.addInitParameter("serverName", autoconfig.getServerName());
 filterRegistration.setOrder(2);
 return filterRegistration;
 }

 /**
 * 该过滤器用于实现单点登出功能，单点退出配置，一定要放在其他filter之前
 */
 @Bean
 public FilterRegistrationBean singleSignOutFilter() {
 FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
 filterRegistration.setFilter(new SingleSignOutFilter());
 filterRegistration.setEnabled(casEnabled);
 if(autoconfig.getSignOutFilters().size()>0)
 filterRegistration.setUrlPatterns(autoconfig.getSignOutFilters());
 else
 filterRegistration.addUrlPatterns("/*");
 filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix());
 filterRegistration.addInitParameter("serverName", autoconfig.getServerName());
 filterRegistration.setOrder(3);
 return filterRegistration;
 }

 /**
 * 该过滤器负责用户的认证工作
 */
 @Bean
 public FilterRegistrationBean authenticationFilter() {
 FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
 filterRegistration.setFilter(new AuthenticationFilter());
 filterRegistration.setEnabled(casEnabled);
 if(autoconfig.getAuthFilters().size()>0)
 filterRegistration.setUrlPatterns(autoconfig.getAuthFilters());
 else
 filterRegistration.addUrlPatterns("/*");
 //casServerLoginUrl:cas服务的登陆url
 filterRegistration.addInitParameter("casServerLoginUrl", autoconfig.getCasServerLoginUrl());
 //本项目登录ip+port
 filterRegistration.addInitParameter("serverName", autoconfig.getServerName());
 filterRegistration.addInitParameter("useSession", autoconfig.isUseSession()?"true":"false");
 filterRegistration.addInitParameter("redirectAfterValidation", autoconfig.isRedirectAfterValidation()?"true":"false");
 filterRegistration.setOrder(4);
 return filterRegistration;
 }

 /**
 * 该过滤器负责对Ticket的校验工作
 */
 @Bean
 public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() {
 FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
 Cas20ProxyReceivingTicketValidationFilter cas20ProxyReceivingTicketValidationFilter = new Cas20ProxyReceivingTicketValidationFilter();
 cas20ProxyReceivingTicketValidationFilter.setServerName(autoconfig.getServerName());
 filterRegistration.setFilter(cas20ProxyReceivingTicketValidationFilter);
 filterRegistration.setEnabled(casEnabled);
 if(autoconfig.getValidateFilters().size()>0)
 filterRegistration.setUrlPatterns(autoconfig.getValidateFilters());
 else
 filterRegistration.addUrlPatterns("/*");
 filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix());
 filterRegistration.addInitParameter("serverName", autoconfig.getServerName());
 filterRegistration.setOrder(5);
 return filterRegistration;
 }

 /**
 * 该过滤器对HttpServletRequest请求包装， 可通过HttpServletRequest的getRemoteUser()方法获得登录用户的登录名
 *
 */
 @Bean
 public FilterRegistrationBean httpServletRequestWrapperFilter() {
 FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
 filterRegistration.setFilter(new HttpServletRequestWrapperFilter());
 filterRegistration.setEnabled(true);
 if(autoconfig.getRequestWrapperFilters().size()>0)
 filterRegistration.setUrlPatterns(autoconfig.getRequestWrapperFilters());
 else
 filterRegistration.addUrlPatterns("/login");
 filterRegistration.setOrder(6);
 return filterRegistration;
 }

 /**
 * 该过滤器使得可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
 比如AssertionHolder.getAssertion().getPrincipal().getName()。
 这个类把Assertion信息放在ThreadLocal变量中，这样应用程序不在web层也能够获取到当前登录信息
 */
 @Bean
 public FilterRegistrationBean assertionThreadLocalFilter() {
 FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
 filterRegistration.setFilter(new AssertionThreadLocalFilter());
 filterRegistration.setEnabled(true);
 if(autoconfig.getAssertionFilters().size()>0)
 filterRegistration.setUrlPatterns(autoconfig.getAssertionFilters());
 else
 filterRegistration.addUrlPatterns("/*");
 filterRegistration.setOrder(7);
 return filterRegistration;
 }

}