我要评论在下不才,以下是我花了好几天的时间才整合出来的在spring boot里面的cas配置整合
为了帮助没搞定的人,毕竟自己踩了很多坑,一步一步爬过来的,有什么不足之处可以给建议 谢谢(小部分代码是整合他人的)
1.不多废话,直接上最重要的代码,以下代码整合cas的重要过程
import org.jasig.cas.client.authentication.authenticationfilter;
import org.jasig.cas.client.session.singlesignoutfilter;
import org.jasig.cas.client.session.singlesignouthttpsessionlistener;
import org.jasig.cas.client.util.assertionthreadlocalfilter;
import org.jasig.cas.client.util.httpservletrequestwrapperfilter;
import org.jasig.cas.client.validation.cas20proxyreceivingticketvalidationfilter;
import org.jasig.cas.client.validation.cas20serviceticketvalidator;
import org.springframework.beans.factory.annotation.autowired;
import org.springframework.boot.web.servlet.filterregistrationbean;
import org.springframework.boot.web.servlet.servletlistenerregistrationbean;
import org.springframework.context.annotation.bean;
import org.springframework.context.annotation.configuration;
import org.springframework.security.cas.serviceproperties;
import org.springframework.security.cas.authentication.casauthenticationprovider;
import org.springframework.security.cas.userdetails.grantedauthorityfromassertionattributesuserdetailsservice;
import org.springframework.security.web.authentication.logout.logoutfilter;
import org.springframework.security.web.authentication.logout.securitycontextlogouthandler;
import java.util.list;
@configuration
public class casconfig {
@autowired
springcasautoconfig autoconfig;
private static boolean casenabled = true;
public casconfig() {
}
@bean
public springcasautoconfig getspringcasautoconfig(){
return new springcasautoconfig();
}
/**
* 用于实现单点登出功能
*/
@bean
public servletlistenerregistrationbean<singlesignouthttpsessionlistener> singlesignouthttpsessionlistener() {
servletlistenerregistrationbean<singlesignouthttpsessionlistener> listener = new servletlistenerregistrationbean<>();
listener.setenabled(casenabled);
listener.setlistener(new singlesignouthttpsessionlistener());
listener.setorder(1);
return listener;
}
/**
* 该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前
*/
@bean
public filterregistrationbean logoutfilter() {
filterregistrationbean filterregistration = new filterregistrationbean();
logoutfilter logoutfilter = new logoutfilter(autoconfig.getcasserverurlprefix() + "/logout?service=" + autoconfig.getservername(),new securitycontextlogouthandler());
filterregistration.setfilter(logoutfilter);
filterregistration.setenabled(casenabled);
if(autoconfig.getsignoutfilters().size()>0)
filterregistration.seturlpatterns(autoconfig.getsignoutfilters());
else
filterregistration.addurlpatterns("/logout");
filterregistration.addinitparameter("casserverurlprefix", autoconfig.getcasserverurlprefix());
filterregistration.addinitparameter("servername", autoconfig.getservername());
filterregistration.setorder(2);
return filterregistration;
}
/**
* 该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前
*/
@bean
public filterregistrationbean singlesignoutfilter() {
filterregistrationbean filterregistration = new filterregistrationbean();
filterregistration.setfilter(new singlesignoutfilter());
filterregistration.setenabled(casenabled);
if(autoconfig.getsignoutfilters().size()>0)
filterregistration.seturlpatterns(autoconfig.getsignoutfilters());
else
filterregistration.addurlpatterns("/*");
filterregistration.addinitparameter("casserverurlprefix", autoconfig.getcasserverurlprefix());
filterregistration.addinitparameter("servername", autoconfig.getservername());
filterregistration.setorder(3);
return filterregistration;
}
/**
* 该过滤器负责用户的认证工作
*/
@bean
public filterregistrationbean authenticationfilter() {
filterregistrationbean filterregistration = new filterregistrationbean();
filterregistration.setfilter(new authenticationfilter());
filterregistration.setenabled(casenabled);
if(autoconfig.getauthfilters().size()>0)
filterregistration.seturlpatterns(autoconfig.getauthfilters());
else
filterregistration.addurlpatterns("/*");
//casserverloginurl:cas服务的登陆url
filterregistration.addinitparameter("casserverloginurl", autoconfig.getcasserverloginurl());
//本项目登录ip+port
filterregistration.addinitparameter("servername", autoconfig.getservername());
filterregistration.addinitparameter("usesession", autoconfig.isusesession()?"true":"false");
filterregistration.addinitparameter("redirectaftervalidation", autoconfig.isredirectaftervalidation()?"true":"false");
filterregistration.setorder(4);
return filterregistration;
}
/**
* 该过滤器负责对ticket的校验工作
*/
@bean
public filterregistrationbean cas20proxyreceivingticketvalidationfilter() {
filterregistrationbean filterregistration = new filterregistrationbean();
cas20proxyreceivingticketvalidationfilter cas20proxyreceivingticketvalidationfilter = new cas20proxyreceivingticketvalidationfilter();
//cas20proxyreceivingticketvalidationfilter.setticketvalidator(cas20serviceticketvalidator());
cas20proxyreceivingticketvalidationfilter.setservername(autoconfig.getservername());
filterregistration.setfilter(cas20proxyreceivingticketvalidationfilter);
filterregistration.setenabled(casenabled);
if(autoconfig.getvalidatefilters().size()>0)
filterregistration.seturlpatterns(autoconfig.getvalidatefilters());
else
filterregistration.addurlpatterns("/*");
filterregistration.addinitparameter("casserverurlprefix", autoconfig.getcasserverurlprefix());
filterregistration.addinitparameter("servername", autoconfig.getservername());
filterregistration.setorder(5);
return filterregistration;
}
/**
* 该过滤器对httpservletrequest请求包装, 可通过httpservletrequest的getremoteuser()方法获得登录用户的登录名
*
*/
@bean
public filterregistrationbean httpservletrequestwrapperfilter() {
filterregistrationbean filterregistration = new filterregistrationbean();
filterregistration.setfilter(new httpservletrequestwrapperfilter());
filterregistration.setenabled(true);
if(autoconfig.getrequestwrapperfilters().size()>0)
filterregistration.seturlpatterns(autoconfig.getrequestwrapperfilters());
else
filterregistration.addurlpatterns("/*");
filterregistration.setorder(6);
return filterregistration;
}
/**
* 该过滤器使得可以通过org.jasig.cas.client.util.assertionholder来获取用户的登录名。
比如assertionholder.getassertion().getprincipal().getname()。
这个类把assertion信息放在threadlocal变量中,这样应用程序不在web层也能够获取到当前登录信息
*/
@bean
public filterregistrationbean assertionthreadlocalfilter() {
filterregistrationbean filterregistration = new filterregistrationbean();
filterregistration.setfilter(new assertionthreadlocalfilter());
filterregistration.setenabled(true);
if(autoconfig.getassertionfilters().size()>0)
filterregistration.seturlpatterns(autoconfig.getassertionfilters());
else
filterregistration.addurlpatterns("/*");
filterregistration.setorder(7);
return filterregistration;
}
}
2.为了让你们更省力且直接的看到效果,我把相关配置也贴出来
import org.springframework.boot.context.properties.configurationproperties;
import org.springframework.context.annotation.configuration;
import java.util.arrays;
import java.util.list;
@configurationproperties(prefix = "spring.cas")
public class springcasautoconfig {
static final string separator = ",";
private string validatefilters;
private string signoutfilters;
private string authfilters;
private string assertionfilters;
private string requestwrapperfilters;
private string casserverurlprefix;
private string casserverloginurl;
private string servername;
private boolean usesession = true;
private boolean redirectaftervalidation = true;
public list<string> getvalidatefilters() {
return arrays.aslist(validatefilters.split(separator));
}
public void setvalidatefilters(string validatefilters) {
this.validatefilters = validatefilters;
}
public list<string> getsignoutfilters() {
return arrays.aslist(signoutfilters.split(separator));
}
public void setsignoutfilters(string signoutfilters) {
this.signoutfilters = signoutfilters;
}
public list<string> getauthfilters() {
return arrays.aslist(authfilters.split(separator));
}
public void setauthfilters(string authfilters) {
this.authfilters = authfilters;
}
public list<string> getassertionfilters() {
return arrays.aslist(assertionfilters.split(separator));
}
public void setassertionfilters(string assertionfilters) {
this.assertionfilters = assertionfilters;
}
public list<string> getrequestwrapperfilters() {
return arrays.aslist(requestwrapperfilters.split(separator));
}
public void setrequestwrapperfilters(string requestwrapperfilters) {
this.requestwrapperfilters = requestwrapperfilters;
}
public string getcasserverurlprefix() {
return casserverurlprefix;
}
public void setcasserverurlprefix(string casserverurlprefix) {
this.casserverurlprefix = casserverurlprefix;
}
public string getcasserverloginurl() {
return casserverloginurl;
}
public void setcasserverloginurl(string casserverloginurl) {
this.casserverloginurl = casserverloginurl;
}
public string getservername() {
return servername;
}
public void setservername(string servername) {
this.servername = servername;
}
public boolean isredirectaftervalidation() {
return redirectaftervalidation;
}
public void setredirectaftervalidation(boolean redirectaftervalidation) {
this.redirectaftervalidation = redirectaftervalidation;
}
public boolean isusesession() {
return usesession;
}
public void setusesession(boolean usesession) {
this.usesession = usesession;
}
}
3.配置文件 dev.yml
#cas client config spring:cas: sign-out-filters: /logout auth-filters: /* validate-filters: /* request-wrapper-filters: /* assertion-filters: /* cas-server-login-url: cas登录url cas-server-url-prefix:cas登录域名 redirect-after-validation: true use-session: true server-name: http://localhost:8080
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持移动技术网。
您可能感兴趣的文章:
如您对本文有疑问或者有任何想说的,请 点击进行留言回复,万千网友为您解惑!
网友评论