当前位置: 移动技术网 > IT编程>开发语言>Java > spring boot整合CAS Client实现单点登陆验证的示例

spring boot整合CAS Client实现单点登陆验证的示例

2019年07月19日  | 移动技术网IT编程  | 我要评论

潮汐王子成就怎么做,黛西之钻,ndsbbs

本文介绍了spring boot整合cas client实现单点登陆验证的示例,分享给大家,也给自己留个笔记,具体如下:

单点登录( single sign-on , 简称 sso )是目前比较流行的服务于企业业务整合的解决方案之一, sso 使得在多个应用系统中,用户只需要 登录一次 就可以访问所有相互信任的应用系统。

cas client

负责处理对客户端受保护资源的访问请求,需要对请求方进行身份认证时,重定向到 cas server 进行认证。(原则上,客户端应用不再接受任何的用户名密码等 credentials )。

实现方式一:使用第三方的starter

1、依赖的jar

<dependency> 
  <groupid>net.unicon.cas</groupid> 
  <artifactid>cas-client-autoconfig-support</artifactid> 
  <version>1.4.0-ga</version> 
 </dependency>

2、增加配置文件

cas.server-url-prefix=http://127.0.0.1 
cas.server-login-url=http://127.0.0.1/login 
cas.client-host-url=http://192.26.4.28:8080 
cas.validation-type=cas

3、开启cas client支持

@springbootapplication 
@componentscan(basepackages={"com.chhliu.emailservice"}) 
@enablecasclient // 开启cas支持 
public class application extends springbootservletinitializer{ 
 
 public static void main(string[] args) { 
 springapplication.run(application.class, args); 
  
 } 
}

通过上面的3步,就可以完成cas的客户端认证了!

4、扩展

cas.validation-type目前支持3中方式:1、cas;2、cas3;3、saml

其他可用的配置如下:

cas.authentication-url-patterns 
cas.validation-url-patterns 
cas.request-wrapper-url-patterns 
cas.assertion-thread-local-url-patterns 
cas.gateway 
cas.use-session 
cas.redirect-after-validation 
cas.allowed-proxy-chains 
cas.proxy-callback-url 
cas.proxy-receptor-url 
cas.accept-any-proxy 
server.context-parameters.renew

具体的含义从名字上就可以很清楚的看出来。

实现方式二:手动配置

我们原来使用cas client,需要在web.xml中做如下配置:

<filter> 
 <filter-name>authenticationfilter</filter-name> 
 <filter-class>org.jasig.cas.client.authentication.authenticationfilter</filter-class> 
 <init-param> 
  <param-name>casserverloginurl</param-name> 
  <param-value>http://127.0.0.1/login</param-value> 
 </init-param> 
 <init-param> 
  <param-name>servername</param-name> 
  <param-value>http://192.26.4.28:8080</param-value> 
 </init-param> 
 </filter> 
 <filter-mapping> 
 <filter-name>authenticationfilter</filter-name> 
 <url-pattern>/*</url-pattern> 
 </filter-mapping> 
 <!-- 该过滤器负责对ticket的校验工作,必须启用它 --> 
 <filter> 
 <filter-name>validationfilter</filter-name> 
 <filter-class>org.jasig.cas.client.validation.cas20proxyreceivingticketvalidationfilter</filter-class> 
 <init-param> 
  <param-name>casserverurlprefix</param-name> 
  <param-value>http://127.0.0.1</param-value> 
 </init-param> 
 <init-param> 
  <param-name>servername</param-name> 
  <param-value>http://192.26.4.28:8080</param-value> 
 </init-param> 
 <!-- <init-param> 
  <param-name>redirectaftervalidation</param-name> 
  <param-value>true</param-value> 
 </init-param> 
 <init-param> 
  <param-name>usesession</param-name> 
  <param-value>true</param-value> 
 </init-param> --> 
 </filter> 
 <filter-mapping> 
 <filter-name>validationfilter</filter-name> 
 <url-pattern>/*</url-pattern> 
 </filter-mapping> 
 <!-- 该过滤器负责实现httpservletrequest请求的包裹, 比如允许开发者通过httpservletrequest的getremoteuser()方法获得sso登录用户的登录名,可选配置。 --> 
 <filter> 
 <filter-name>httpservletrequestwrapperfilter</filter-name> 
 <filter-class>org.jasig.cas.client.util.httpservletrequestwrapperfilter</filter-class> 
 </filter> 
 <filter-mapping> 
 <filter-name>httpservletrequestwrapperfilter</filter-name> 
 <url-pattern>/*</url-pattern> 
 </filter-mapping>

所以,我们手动配置的时候,需要手动配置上面xml中对应的filter,代码如下:

@configuration 
@component 
public class casconfigure { 
 
 @bean 
 public filterregistrationbean authenticationfilterregistrationbean() { 
 filterregistrationbean authenticationfilter = new filterregistrationbean(); 
 authenticationfilter.setfilter(new authenticationfilter()); 
 map<string, string> initparameters = new hashmap<string, string>(); 
 initparameters.put("casserverloginurl", "http://127.0.0.1/login"); 
 initparameters.put("servername", "http://192.26.4.28:8080"); 
 authenticationfilter.setinitparameters(initparameters); 
 authenticationfilter.setorder(2); 
 list<string> urlpatterns = new arraylist<string>(); 
 urlpatterns.add("/*");// 设置匹配的url 
 authenticationfilter.seturlpatterns(urlpatterns); 
 return authenticationfilter; 
 } 
 
 @bean 
 public filterregistrationbean validationfilterregistrationbean(){ 
 filterregistrationbean authenticationfilter = new filterregistrationbean(); 
 authenticationfilter.setfilter(new cas20proxyreceivingticketvalidationfilter()); 
 map<string, string> initparameters = new hashmap<string, string>(); 
 initparameters.put("casserverurlprefix", "http://127.0.0.1"); 
 initparameters.put("servername", "http://192.26.4.28:8080"); 
 authenticationfilter.setinitparameters(initparameters); 
 authenticationfilter.setorder(1); 
 list<string> urlpatterns = new arraylist<string>(); 
 urlpatterns.add("/*");// 设置匹配的url 
 authenticationfilter.seturlpatterns(urlpatterns); 
 return authenticationfilter; 
 } 
 
 @bean 
 public filterregistrationbean cashttpservletrequestwrapperfilter(){ 
 filterregistrationbean authenticationfilter = new filterregistrationbean(); 
 authenticationfilter.setfilter(new httpservletrequestwrapperfilter()); 
 authenticationfilter.setorder(3); 
 list<string> urlpatterns = new arraylist<string>(); 
 urlpatterns.add("/*");// 设置匹配的url 
 authenticationfilter.seturlpatterns(urlpatterns); 
 return authenticationfilter; 
 } 
 
 @bean 
 public filterregistrationbean casassertionthreadlocalfilter(){ 
 filterregistrationbean authenticationfilter = new filterregistrationbean(); 
 authenticationfilter.setfilter(new assertionthreadlocalfilter()); 
 authenticationfilter.setorder(4); 
 list<string> urlpatterns = new arraylist<string>(); 
 urlpatterns.add("/*");// 设置匹配的url 
 authenticationfilter.seturlpatterns(urlpatterns); 
 return authenticationfilter; 
 } 
}

通过上面的配置,也可以完成cas client的认证

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持移动技术网。

您可能感兴趣的文章:

如对本文有疑问,请在下面进行留言讨论,广大热心网友会与你互动!! 点击进行留言回复

相关文章:

验证码:
最近更新的文章
大家感兴趣的文章
移动技术网