spring boot整合CAS配置详解

import org.jasig.cas.client.authentication.AuthenticationFilter; import org.jasig.cas.client.session.SingleSignOutFilter; import org.jasig.cas.client.session.SingleSignOutHttpSessionListener; import org.jasig.cas.client.util.AssertionThreadLocalFilter; import org.jasig.cas.client.util.HttpServletRequestWrapperFilter; import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter; import org.jasig.cas.client.validation.Cas20ServiceTicketValidator; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.boot.web.servlet.ServletListenerRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.cas.ServiceProperties; import org.springframework.security.cas.authentication.CasAuthenticationProvider; import org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService; import org.springframework.security.web.authentication.logout.LogoutFilter; import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;  import java.util.List;   @Configuration public class CasConfig {      @Autowired   SpringCasAutoconfig autoconfig;      private static boolean casEnabled = true;      public CasConfig() {   }    @Bean   public SpringCasAutoconfig getSpringCasAutoconfig(){     return new SpringCasAutoconfig();   }    /**    * 用于实现单点登出功能    */   @Bean   public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() {     ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listener = new ServletListenerRegistrationBean<>();     listener.setEnabled(casEnabled);     listener.setListener(new SingleSignOutHttpSessionListener());     listener.setOrder(1);     return listener;   }    /**    * 该过滤器用于实现单点登出功能，单点退出配置，一定要放在其他filter之前    */   @Bean   public FilterRegistrationBean logOutFilter() {     FilterRegistrationBean filterRegistration = new FilterRegistrationBean();     LogoutFilter logoutFilter = new LogoutFilter(autoconfig.getCasServerUrlPrefix() + "/logout?service=" + autoconfig.getServerName(),new SecurityContextLogoutHandler());     filterRegistration.setFilter(logoutFilter);     filterRegistration.setEnabled(casEnabled);     if(autoconfig.getSignOutFilters().size()>0)       filterRegistration.setUrlPatterns(autoconfig.getSignOutFilters());     else       filterRegistration.addUrlPatterns("/logout");     filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix());     filterRegistration.addInitParameter("serverName", autoconfig.getServerName());     filterRegistration.setOrder(2);     return filterRegistration;   }    /**    * 该过滤器用于实现单点登出功能，单点退出配置，一定要放在其他filter之前    */   @Bean   public FilterRegistrationBean singleSignOutFilter() {     FilterRegistrationBean filterRegistration = new FilterRegistrationBean();     filterRegistration.setFilter(new SingleSignOutFilter());     filterRegistration.setEnabled(casEnabled);     if(autoconfig.getSignOutFilters().size()>0)       filterRegistration.setUrlPatterns(autoconfig.getSignOutFilters());     else       filterRegistration.addUrlPatterns("/*");     filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix());     filterRegistration.addInitParameter("serverName", autoconfig.getServerName());     filterRegistration.setOrder(3);     return filterRegistration;   }    /**    * 该过滤器负责用户的认证工作    */   @Bean   public FilterRegistrationBean authenticationFilter() {     FilterRegistrationBean filterRegistration = new FilterRegistrationBean();     filterRegistration.setFilter(new AuthenticationFilter());     filterRegistration.setEnabled(casEnabled);     if(autoconfig.getAuthFilters().size()>0)       filterRegistration.setUrlPatterns(autoconfig.getAuthFilters());     else       filterRegistration.addUrlPatterns("/*");     //casServerLoginUrl:cas服务的登陆url     filterRegistration.addInitParameter("casServerLoginUrl", autoconfig.getCasServerLoginUrl());     //本项目登录ip+port     filterRegistration.addInitParameter("serverName", autoconfig.getServerName());     filterRegistration.addInitParameter("useSession", autoconfig.isUseSession()?"true":"false");     filterRegistration.addInitParameter("redirectAfterValidation", autoconfig.isRedirectAfterValidation()?"true":"false");     filterRegistration.setOrder(4);     return filterRegistration;   }    /**    * 该过滤器负责对Ticket的校验工作    */   @Bean   public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() {     FilterRegistrationBean filterRegistration = new FilterRegistrationBean();     Cas20ProxyReceivingTicketValidationFilter cas20ProxyReceivingTicketValidationFilter = new Cas20ProxyReceivingTicketValidationFilter();     //cas20ProxyReceivingTicketValidationFilter.setTicketValidator(cas20ServiceTicketValidator());     cas20ProxyReceivingTicketValidationFilter.setServerName(autoconfig.getServerName());     filterRegistration.setFilter(cas20ProxyReceivingTicketValidationFilter);     filterRegistration.setEnabled(casEnabled);     if(autoconfig.getValidateFilters().size()>0)       filterRegistration.setUrlPatterns(autoconfig.getValidateFilters());     else       filterRegistration.addUrlPatterns("/*");     filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix());     filterRegistration.addInitParameter("serverName", autoconfig.getServerName());     filterRegistration.setOrder(5);     return filterRegistration;   }     /**    * 该过滤器对HttpServletRequest请求包装， 可通过HttpServletRequest的getRemoteUser()方法获得登录用户的登录名    *    */   @Bean   public FilterRegistrationBean httpServletRequestWrapperFilter() {     FilterRegistrationBean filterRegistration = new FilterRegistrationBean();     filterRegistration.setFilter(new HttpServletRequestWrapperFilter());     filterRegistration.setEnabled(true);     if(autoconfig.getRequestWrapperFilters().size()>0)       filterRegistration.setUrlPatterns(autoconfig.getRequestWrapperFilters());     else       filterRegistration.addUrlPatterns("/*");     filterRegistration.setOrder(6);     return filterRegistration;   }    /**    * 该过滤器使得可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。    比如AssertionHolder.getAssertion().getPrincipal().getName()。    这个类把Assertion信息放在ThreadLocal变量中，这样应用程序不在web层也能够获取到当前登录信息    */   @Bean   public FilterRegistrationBean assertionThreadLocalFilter() {     FilterRegistrationBean filterRegistration = new FilterRegistrationBean();     filterRegistration.setFilter(new AssertionThreadLocalFilter());     filterRegistration.setEnabled(true);     if(autoconfig.getAssertionFilters().size()>0)       filterRegistration.setUrlPatterns(autoconfig.getAssertionFilters());     else       filterRegistration.addUrlPatterns("/*");     filterRegistration.setOrder(7);     return filterRegistration;   } } 

import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.annotation.Configuration;  import java.util.Arrays; import java.util.List;  @ConfigurationProperties(prefix = "spring.cas") public class SpringCasAutoconfig {    static final String separator = ",";    private String validateFilters;   private String signOutFilters;   private String authFilters;   private String assertionFilters;   private String requestWrapperFilters;    private String casServerUrlPrefix;   private String casServerLoginUrl;   private String serverName;   private boolean useSession = true;   private boolean redirectAfterValidation = true;    public List<String> getValidateFilters() {     return Arrays.asList(validateFilters.split(separator));   }   public void setValidateFilters(String validateFilters) {     this.validateFilters = validateFilters;   }   public List<String> getSignOutFilters() {     return Arrays.asList(signOutFilters.split(separator));   }   public void setSignOutFilters(String signOutFilters) {     this.signOutFilters = signOutFilters;   }   public List<String> getAuthFilters() {     return Arrays.asList(authFilters.split(separator));   }   public void setAuthFilters(String authFilters) {     this.authFilters = authFilters;   }   public List<String> getAssertionFilters() {     return Arrays.asList(assertionFilters.split(separator));   }   public void setAssertionFilters(String assertionFilters) {     this.assertionFilters = assertionFilters;   }   public List<String> getRequestWrapperFilters() {     return Arrays.asList(requestWrapperFilters.split(separator));   }   public void setRequestWrapperFilters(String requestWrapperFilters) {     this.requestWrapperFilters = requestWrapperFilters;   }   public String getCasServerUrlPrefix() {     return casServerUrlPrefix;   }   public void setCasServerUrlPrefix(String casServerUrlPrefix) {     this.casServerUrlPrefix = casServerUrlPrefix;   }   public String getCasServerLoginUrl() {     return casServerLoginUrl;   }   public void setCasServerLoginUrl(String casServerLoginUrl) {     this.casServerLoginUrl = casServerLoginUrl;   }   public String getServerName() {     return serverName;   }   public void setServerName(String serverName) {     this.serverName = serverName;   }   public boolean isRedirectAfterValidation() {     return redirectAfterValidation;   }   public void setRedirectAfterValidation(boolean redirectAfterValidation) {     this.redirectAfterValidation = redirectAfterValidation;   }   public boolean isUseSession() {     return useSession;   }   public void setUseSession(boolean useSession) {     this.useSession = useSession;   }  } 

  #cas client config   spring:cas:   sign-out-filters: /logout   auth-filters: /*   validate-filters: /*   request-wrapper-filters: /*   assertion-filters: /*   cas-server-login-url: cas登录url   cas-server-url-prefix:cas登录域名   redirect-after-validation: true   use-session: true   server-name: http://localhost:8080