springboot整合CASClient实现单点登陆验证的⽰例
本⽂介绍了spring boot整合CAS Client实现单点登陆验证的⽰例,分享给⼤家,也给⾃⼰留个笔记,具体如下:
单点登录( Single Sign-On , 简称 SSO )是⽬前⽐较流⾏的服务于企业业务整合的解决⽅案之⼀, SSO 使得在多个应⽤系统中,⽤户只需要登录⼀次就可以访问所有相互信任的应⽤系统。
CAS Client
负责处理对客户端受保护资源的访问请求,需要对请求⽅进⾏⾝份认证时,重定向到 CAS Server 进⾏认证。(原则上,客户端应⽤不再接受任何的⽤户名密码等 Credentials )。
实现⽅式⼀:使⽤第三⽅的starter
1、依赖的jar
<dependency>
<groupId>net.unicon.cas</groupId>
<artifactId>cas-client-autoconfig-support</artifactId>
<version>1.4.0-GA</version>
</dependency>
2、增加配置⽂件
cas.server-url-prefix=127.0.0.1
cas.server-login-url=127.0.0.1/login
cas.client-host-url=192.26.4.28:8080
cas.validation-type=CAS
3、开启CAS Client⽀持
@SpringBootApplication
@ComponentScan(basePackages={"ailservice"})
@EnableCasClient // 开启CAS⽀持
public class Application extends SpringBootServletInitializer{
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
通过上⾯的3步,就可以完成CAS的客户端认证了!
4、扩展
cas.validation-type⽬前⽀持3中⽅式:1、CAS;2、CAS3;3、SAML
其他可⽤的配置如下:
cas.authentication-url-patterns
cas.validation-url-patterns
cas.assertion-thread-local-url-patterns
cas.gateway
cas.use-session
cas.allowed-proxy-chains
cas.proxy-callback-url
cas.proxy-receptor-url
cas.accept-any-proxy
具体的含义从名字上就可以很清楚的看出来。
实现⽅式⼆:⼿动配置
我们原来使⽤CAS Client,需要在l中做如下配置:
<filter>
<filter-name>authenticationFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>127.0.0.1/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>192.26.4.28:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>authenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责对Ticket的校验⼯作,必须启⽤它 -->
<filter>
<filter-name>validationFilter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>127.0.0.1</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>192.26.4.28:8080</param-value>
</init-param>
<!-- <init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>true</param-value>
</init-param> -->
</filter>
<filter-mapping>
<filter-name>validationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责实现HttpServletRequest请求的包裹,⽐如允许开发者通过HttpServletRequest的getRemoteUser()⽅法获得SSO登录⽤户的登录名,可选配置。 --> <filter>
<filter-name>httpServletRequestWrapperFilter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>httpServletRequestWrapperFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
所以,我们⼿动配置的时候,需要⼿动配置上⾯xml中对应的Filter,代码如下:
@Configuration
@Component
public class CasConfigure {
@Bean
public FilterRegistrationBean authenticationFilterRegistrationBean() {
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new AuthenticationFilter());
Map<String, String> initParameters = new HashMap<String, String>();
initParameters.put("casServerLoginUrl", "127.0.0.1/login");
initParameters.put("serverName", "192.26.4.28:8080");
authenticationFilter.setInitParameters(initParameters);
authenticationFilter.setOrder(2);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 设置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
@Bean
public FilterRegistrationBean ValidationFilterRegistrationBean(){
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new Cas20ProxyReceivingTicketValidationFilter());
Map<String, String> initParameters = new HashMap<String, String>();
initParameters.put("casServerUrlPrefix", "127.0.0.1");
initParameters.put("serverName", "192.26.4.28:8080");
authenticationFilter.setInitParameters(initParameters);
authenticationFilter.setOrder(1);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 设置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
@Bean
public FilterRegistrationBean casHttpServletRequestWrapperFilter(){
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new HttpServletRequestWrapperFilter());
authenticationFilter.setOrder(3);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 设置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
@Bean
public FilterRegistrationBean casAssertionThreadLocalFilter(){
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
springboot实现aopauthenticationFilter.setFilter(new AssertionThreadLocalFilter());
authenticationFilter.setOrder(4);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 设置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
}
通过上⾯的配置,也可以完成CAS Client的认证
以上就是本⽂的全部内容,希望对⼤家的学习有所帮助,也希望⼤家多多⽀持。
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论