正文  电脑教程 > 服务器教程 >

spring boot整合CAS配置详细教程

在下不才,以下是我花了好几天的时间才整合出来的在spring boot里面的CAS配置整合 为了帮助没搞定的人,毕竟自己踩了很多坑,一步一步爬过来的,...

在下不才,以下是我花了好几天的时间才整合出来的在spring boot里面的CAS配置整合

为了帮助没搞定的人,毕竟自己踩了很多坑,一步一步爬过来的,有什么不足之处可以给建议 谢谢(小部分代码是整合他人的)

1.不多废话,直接上最重要的代码,以下代码整合cas的重要过程

import org.jasig.cas.client.authentication.AuthenticationFilter; 
import org.jasig.cas.client.session.SingleSignOutFilter; 
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener; 
import org.jasig.cas.client.util.AssertionThreadLocalFilter; 
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter; 
import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter; 
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator; 
import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.boot.web.servlet.FilterRegistrationBean; 
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean; 
import org.springframework.context.annotation.Bean; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.security.cas.ServiceProperties; 
import org.springframework.security.cas.authentication.CasAuthenticationProvider; 
import org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService; 
import org.springframework.security.web.authentication.logout.LogoutFilter; 
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler; 
 
import java.util.List; 
 
 
@Configuration 
public class CasConfig { 
   
  @Autowired 
  SpringCasAutoconfig autoconfig; 
   
  private static boolean casEnabled = true; 
   
  public CasConfig() { 
  } 
 
  @Bean 
  public SpringCasAutoconfig getSpringCasAutoconfig(){ 
    return new SpringCasAutoconfig(); 
  } 
 
  /** 
   * 用于实现单点登出功能 
   */ 
  @Bean 
  public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() { 
    ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listener = new ServletListenerRegistrationBean<>(); 
    listener.setEnabled(casEnabled); 
    listener.setListener(new SingleSignOutHttpSessionListener()); 
    listener.setOrder(1); 
    return listener; 
  } 
 
  /** 
   * 该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前 
   */ 
  @Bean 
  public FilterRegistrationBean logOutFilter() { 
    FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); 
    LogoutFilter logoutFilter = new LogoutFilter(autoconfig.getCasServerUrlPrefix() + "/logout?service=" + autoconfig.getServerName(),new SecurityContextLogoutHandler()); 
    filterRegistration.setFilter(logoutFilter); 
    filterRegistration.setEnabled(casEnabled); 
    if(autoconfig.getSignOutFilters().size()>0) 
      filterRegistration.setUrlPatterns(autoconfig.getSignOutFilters()); 
    else 
      filterRegistration.addUrlPatterns("/logout"); 
    filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix()); 
    filterRegistration.addInitParameter("serverName", autoconfig.getServerName()); 
    filterRegistration.setOrder(2); 
    return filterRegistration; 
  } 
 
  /** 
   * 该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前 
   */ 
  @Bean 
  public FilterRegistrationBean singleSignOutFilter() { 
    FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); 
    filterRegistration.setFilter(new SingleSignOutFilter()); 
    filterRegistration.setEnabled(casEnabled); 
    if(autoconfig.getSignOutFilters().size()>0) 
      filterRegistration.setUrlPatterns(autoconfig.getSignOutFilters()); 
    else 
      filterRegistration.addUrlPatterns("/*"); 
    filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix()); 
    filterRegistration.addInitParameter("serverName", autoconfig.getServerName()); 
    filterRegistration.setOrder(3); 
    return filterRegistration; 
  } 
 
  /** 
   * 该过滤器负责用户的认证工作 
   */ 
  @Bean 
  public FilterRegistrationBean authenticationFilter() { 
    FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); 
    filterRegistration.setFilter(new AuthenticationFilter()); 
    filterRegistration.setEnabled(casEnabled); 
    if(autoconfig.getAuthFilters().size()>0) 
      filterRegistration.setUrlPatterns(autoconfig.getAuthFilters()); 
    else 
      filterRegistration.addUrlPatterns("/*"); 
    //casServerLoginUrl:cas服务的登陆url 
    filterRegistration.addInitParameter("casServerLoginUrl", autoconfig.getCasServerLoginUrl()); 
    //本项目登录ip+port 
    filterRegistration.addInitParameter("serverName", autoconfig.getServerName()); 
    filterRegistration.addInitParameter("useSession", autoconfig.isUseSession()?"true":"false"); 
    filterRegistration.addInitParameter("redirectAfterValidation", autoconfig.isRedirectAfterValidation()?"true":"false"); 
    filterRegistration.setOrder(4); 
    return filterRegistration; 
  } 
 
  /** 
   * 该过滤器负责对Ticket的校验工作 
   */ 
  @Bean 
  public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() { 
    FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); 
    Cas20ProxyReceivingTicketValidationFilter cas20ProxyReceivingTicketValidationFilter = new Cas20ProxyReceivingTicketValidationFilter(); 
    //cas20ProxyReceivingTicketValidationFilter.setTicketValidator(cas20ServiceTicketValidator()); 
    cas20ProxyReceivingTicketValidationFilter.setServerName(autoconfig.getServerName()); 
    filterRegistration.setFilter(cas20ProxyReceivingTicketValidationFilter); 
    filterRegistration.setEnabled(casEnabled); 
    if(autoconfig.getValidateFilters().size()>0) 
      filterRegistration.setUrlPatterns(autoconfig.getValidateFilters()); 
    else 
      filterRegistration.addUrlPatterns("/*"); 
    filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix()); 
    filterRegistration.addInitParameter("serverName", autoconfig.getServerName()); 
    filterRegistration.setOrder(5); 
    return filterRegistration; 
  } 
 
 
  /** 
   * 该过滤器对HttpServletRequest请求包装, 可通过HttpServletRequest的getRemoteUser()方法获得登录用户的登录名 
   * 
   */ 
  @Bean 
  public FilterRegistrationBean httpServletRequestWrapperFilter() { 
    FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); 
    filterRegistration.setFilter(new HttpServletRequestWrapperFilter()); 
    filterRegistration.setEnabled(true); 
    if(autoconfig.getRequestWrapperFilters().size()>0) 
      filterRegistration.setUrlPatterns(autoconfig.getRequestWrapperFilters()); 
    else 
      filterRegistration.addUrlPatterns("/*"); 
    filterRegistration.setOrder(6); 
    return filterRegistration; 
  } 
 
  /** 
   * 该过滤器使得可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 
   比如AssertionHolder.getAssertion().getPrincipal().getName()。 
   这个类把Assertion信息放在ThreadLocal变量中,这样应用程序不在web层也能够获取到当前登录信息 
   */ 
  @Bean 
  public FilterRegistrationBean assertionThreadLocalFilter() { 
    FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); 
    filterRegistration.setFilter(new AssertionThreadLocalFilter()); 
    filterRegistration.setEnabled(true); 
    if(autoconfig.getAssertionFilters().size()>0) 
      filterRegistration.setUrlPatterns(autoconfig.getAssertionFilters()); 
    else 
      filterRegistration.addUrlPatterns("/*"); 
    filterRegistration.setOrder(7); 
    return filterRegistration; 
  } 
} 

2.为了让你们更省力且直接的看到效果,我把相关配置也贴出来

import org.springframework.boot.context.properties.ConfigurationProperties; 
import org.springframework.context.annotation.Configuration; 
 
import java.util.Arrays; 
import java.util.List; 
 
@ConfigurationProperties(prefix = "spring.cas") 
public class SpringCasAutoconfig { 
 
  static final String separator = ","; 
 
  private String validateFilters; 
  private String signOutFilters; 
  private String authFilters; 
  private String assertionFilters; 
  private String requestWrapperFilters; 
 
  private String casServerUrlPrefix; 
  private String casServerLoginUrl; 
  private String serverName; 
  private boolean useSession = true; 
  private boolean redirectAfterValidation = true; 
 
  public List<String> getValidateFilters() { 
    return Arrays.asList(validateFilters.split(separator)); 
  } 
  public void setValidateFilters(String validateFilters) { 
    this.validateFilters = validateFilters; 
  } 
  public List<String> getSignOutFilters() { 
    return Arrays.asList(signOutFilters.split(separator)); 
  } 
  public void setSignOutFilters(String signOutFilters) { 
    this.signOutFilters = signOutFilters; 
  } 
  public List<String> getAuthFilters() { 
    return Arrays.asList(authFilters.split(separator)); 
  } 
  public void setAuthFilters(String authFilters) { 
    this.authFilters = authFilters; 
  } 
  public List<String> getAssertionFilters() { 
    return Arrays.asList(assertionFilters.split(separator)); 
  } 
  public void setAssertionFilters(String assertionFilters) { 
    this.assertionFilters = assertionFilters; 
  } 
  public List<String> getRequestWrapperFilters() { 
    return Arrays.asList(requestWrapperFilters.split(separator)); 
  } 
  public void setRequestWrapperFilters(String requestWrapperFilters) { 
    this.requestWrapperFilters = requestWrapperFilters; 
  } 
  public String getCasServerUrlPrefix() { 
    return casServerUrlPrefix; 
  } 
  public void setCasServerUrlPrefix(String casServerUrlPrefix) { 
    this.casServerUrlPrefix = casServerUrlPrefix; 
  } 
  public String getCasServerLoginUrl() { 
    return casServerLoginUrl; 
  } 
  public void setCasServerLoginUrl(String casServerLoginUrl) { 
    this.casServerLoginUrl = casServerLoginUrl; 
  } 
  public String getServerName() { 
    return serverName; 
  } 
  public void setServerName(String serverName) { 
    this.serverName = serverName; 
  } 
  public boolean isRedirectAfterValidation() { 
    return redirectAfterValidation; 
  } 
  public void setRedirectAfterValidation(boolean redirectAfterValidation) { 
    this.redirectAfterValidation = redirectAfterValidation; 
  } 
  public boolean isUseSession() { 
    return useSession; 
  } 
  public void setUseSession(boolean useSession) { 
    this.useSession = useSession; 
  } 
 
} 

3.配置文件 dev.yml

  #cas client config 
  spring:cas: 
  sign-out-filters: /logout 
  auth-filters: /* 
  validate-filters: /* 
  request-wrapper-filters: /* 
  assertion-filters: /* 
  cas-server-login-url: cas登录url 
  cas-server-url-prefix:cas登录域名 
  redirect-after-validation: true 
  use-session: true 
  server-name: http://localhost:8080