不多废话,直接上最重要的代码,以下代码整合cas的重要过程
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
import
org.jasig.cas.client.authentication.AuthenticationFilter;
import
org.jasig.cas.client.session.SingleSignOutFilter;
import
org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import
org.jasig.cas.client.util.AssertionThreadLocalFilter;
import
org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;
import
org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import
org.springframework.beans.factory.annotation.Autowired;
import
org.springframework.boot.web.servlet.FilterRegistrationBean;
import
org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import
org.springframework.context.annotation.Bean;
import
org.springframework.context.annotation.Configuration;
import
org.springframework.security.cas.ServiceProperties;
import
org.springframework.security.cas.authentication.CasAuthenticationProvider;
import
org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService;
import
org.springframework.security.web.authentication.logout.LogoutFilter;
import
org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import
java.util.List;
@Configuration
public
class
CasConfig {
@Autowired
SpringCasAutoconfig autoconfig;
private
static
boolean
casEnabled =
true
;
public
CasConfig() {
}
@Bean
public
SpringCasAutoconfig getSpringCasAutoconfig(){
return
new
SpringCasAutoconfig();
}
/**
* 用于实现单点登出功能
*/
@Bean
public
ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() {
ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listener =
new
ServletListenerRegistrationBean<>();
listener.setEnabled(casEnabled);
listener.setListener(
new
SingleSignOutHttpSessionListener());
listener.setOrder(
1
);
return
listener;
}
/**
* 该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前
*/
@Bean
public
FilterRegistrationBean logOutFilter() {
FilterRegistrationBean filterRegistration =
new
FilterRegistrationBean();
LogoutFilter logoutFilter =
new
LogoutFilter(autoconfig.getCasServerUrlPrefix() +
"/logout?service="
+ autoconfig.getServerName(),
new
SecurityContextLogoutHandler());
filterRegistration.setFilter(logoutFilter);
filterRegistration.setEnabled(casEnabled);
if
(autoconfig.getSignOutFilters().size()>
0
)
filterRegistration.setUrlPatterns(autoconfig.getSignOutFilters());
else
filterRegistration.addUrlPatterns(
"/logout"
);
filterRegistration.addInitParameter(
"casServerUrlPrefix"
, autoconfig.getCasServerUrlPrefix());
filterRegistration.addInitParameter(
"serverName"
, autoconfig.getServerName());
filterRegistration.setOrder(
2
);
return
filterRegistration;
}
/**
* 该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前
*/
@Bean
public
FilterRegistrationBean singleSignOutFilter() {
FilterRegistrationBean filterRegistration =
new
FilterRegistrationBean();
filterRegistration.setFilter(
new
SingleSignOutFilter());
filterRegistration.setEnabled(casEnabled);
if
(autoconfig.getSignOutFilters().size()>
0
)
filterRegistration.setUrlPatterns(autoconfig.getSignOutFilters());
else
filterRegistration.addUrlPatterns(
"/*"
);
filterRegistration.addInitParameter(
"casServerUrlPrefix"
, autoconfig.getCasServerUrlPrefix());
filterRegistration.addInitParameter(
"serverName"
, autoconfig.getServerName());
filterRegistration.setOrder(
3
);
return
filterRegistration;
}
/**
* 该过滤器负责用户的认证工作
*/
@Bean
public
FilterRegistrationBean authenticationFilter() {
FilterRegistrationBean filterRegistration =
new
FilterRegistrationBean();
filterRegistration.setFilter(
new
AuthenticationFilter());
filterRegistration.setEnabled(casEnabled);
if
(autoconfig.getAuthFilters().size()>
0
)
filterRegistration.setUrlPatterns(autoconfig.getAuthFilters());
else
filterRegistration.addUrlPatterns(
"/*"
);
//casServerLoginUrl:cas服务的登陆url
filterRegistration.addInitParameter(
"casServerLoginUrl"
, autoconfig.getCasServerLoginUrl());
//本项目登录ip+port
filterRegistration.addInitParameter(
"serverName"
, autoconfig.getServerName());
filterRegistration.addInitParameter(
"useSession"
, autoconfig.isUseSession()?
"true"
:
"false"
);
filterRegistration.addInitParameter(
"redirectAfterValidation"
, autoconfig.isRedirectAfterValidation()?
"true"
:
"false"
);
filterRegistration.setOrder(
4
);
return
filterRegistration;
}
/**
* 该过滤器负责对Ticket的校验工作
*/
@Bean
public
FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() {
FilterRegistrationBean filterRegistration =
new
FilterRegistrationBean();
Cas20ProxyReceivingTicketValidationFilter cas20ProxyReceivingTicketValidationFilter =
new
Cas20ProxyReceivingTicketValidationFilter();
//cas20ProxyReceivingTicketValidationFilter.setTicketValidator(cas20ServiceTicketValidator());
cas20ProxyReceivingTicketValidationFilter.setServerName(autoconfig.getServerName());
filterRegistration.setFilter(cas20ProxyReceivingTicketValidationFilter);
filterRegistration.setEnabled(casEnabled);
if
(autoconfig.getValidateFilters().size()>
0
)
filterRegistration.setUrlPatterns(autoconfig.getValidateFilters());
else
filterRegistration.addUrlPatterns(
"/*"
);
filterRegistration.addInitParameter(
"casServerUrlPrefix"
, autoconfig.getCasServerUrlPrefix());
filterRegistration.addInitParameter(
"serverName"
, autoconfig.getServerName());
filterRegistration.setOrder(
5
);
return
filterRegistration;
}
/**
* 该过滤器对HttpServletRequest请求包装, 可通过HttpServletRequest的getRemoteUser()方法获得登录用户的登录名
*
*/
@Bean
public
FilterRegistrationBean httpServletRequestWrapperFilter() {
FilterRegistrationBean filterRegistration =
new
FilterRegistrationBean();
filterRegistration.setFilter(
new
HttpServletRequestWrapperFilter());
filterRegistration.setEnabled(
true
);
if
(autoconfig.getRequestWrapperFilters().size()>
0
)
filterRegistration.setUrlPatterns(autoconfig.getRequestWrapperFilters());
else
filterRegistration.addUrlPatterns(
"/*"
);
filterRegistration.setOrder(
6
);
return
filterRegistration;
}
/**
* 该过滤器使得可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
比如AssertionHolder.getAssertion().getPrincipal().getName()。
这个类把Assertion信息放在ThreadLocal变量中,这样应用程序不在web层也能够获取到当前登录信息
*/
@Bean
public
FilterRegistrationBean assertionThreadLocalFilter() {
FilterRegistrationBean filterRegistration =
new
FilterRegistrationBean();
filterRegistration.setFilter(
new
AssertionThreadLocalFilter());
filterRegistration.setEnabled(
true
);
if
(autoconfig.getAssertionFilters().size()>
0
)
filterRegistration.setUrlPatterns(autoconfig.getAssertionFilters());
else
filterRegistration.addUrlPatterns(
"/*"
);
filterRegistration.setOrder(
7
);
return
filterRegistration;
}
}
|
2.为了让你们更省力且直接的看到效果,我把相关配置也贴出来
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
import
org.springframework.boot.context.properties.ConfigurationProperties;
import
org.springframework.context.annotation.Configuration;
import
java.util.Arrays;
import
java.util.List;
@ConfigurationProperties
(prefix =
"spring.cas"
)
public
class
SpringCasAutoconfig {
static
final
String separator =
","
;
private
String validateFilters;
private
String signOutFilters;
private
String authFilters;
private
String assertionFilters;
private
String requestWrapperFilters;
private
String casServerUrlPrefix;
private
String casServerLoginUrl;
private
String serverName;
private
boolean
useSession =
true
;
private
boolean
redirectAfterValidation =
true
;
public
List<String> getValidateFilters() {
return
Arrays.asList(validateFilters.split(separator));
}
public
void
setValidateFilters(String validateFilters) {
this
.validateFilters = validateFilters;
}
public
List<String> getSignOutFilters() {
return
Arrays.asList(signOutFilters.split(separator));
}
public
void
setSignOutFilters(String signOutFilters) {
this
.signOutFilters = signOutFilters;
}
public
List<String> getAuthFilters() {
return
Arrays.asList(authFilters.split(separator));
}
public
void
setAuthFilters(String authFilters) {
this
.authFilters = authFilters;
}
public
List<String> getAssertionFilters() {
return
Arrays.asList(assertionFilters.split(separator));
}
public
void
setAssertionFilters(String assertionFilters) {
this
.assertionFilters = assertionFilters;
}
public
List<String> getRequestWrapperFilters() {
return
Arrays.asList(requestWrapperFilters.split(separator));
}
public
void
setRequestWrapperFilters(String requestWrapperFilters) {
this
.requestWrapperFilters = requestWrapperFilters;
}
public
String getCasServerUrlPrefix() {
return
casServerUrlPrefix;
}
public
void
setCasServerUrlPrefix(String casServerUrlPrefix) {
this
.casServerUrlPrefix = casServerUrlPrefix;
}
public
String getCasServerLoginUrl() {
return
casServerLoginUrl;
}
public
void
setCasServerLoginUrl(String casServerLoginUrl) {
this
.casServerLoginUrl = casServerLoginUrl;
}
public
String getServerName() {
return
serverName;
}
public
void
setServerName(String serverName) {
this
.serverName = serverName;
}
public
boolean
isRedirectAfterValidation() {
return
redirectAfterValidation;
}
public
void
setRedirectAfterValidation(
boolean
redirectAfterValidation) {
this
.redirectAfterValidation = redirectAfterValidation;
}
public
boolean
isUseSession() {
return
useSession;
}
public
void
setUseSession(
boolean
useSession) {
this
.useSession = useSession;
}
}
|
|
3.配置文件 dev.yml
1
2
3
4
5
6
7
8
9
10
11
12
|
#cas client config
spring:
cas:
sign-out-filters: /logout
auth-filters: /*
validate-filters: /*
request-wrapper-filters: /*
assertion-filters: /*
cas-server-login-url: cas登录url
cas-server-url-prefix:cas登录域名
redirect-after-validation: true
use-session: true
server-name: http://localhost:8080
|