spring boot整合CAS Client实现单点登陆验证的示例

2024-07-13 10:16:48

字体：大中小

来源：转载

供稿：网友

本文介绍了spring boot整合CAS Client实现单点登陆验证的示例，分享给大家，也给自己留个笔记，具体如下：

单点登录（ Single Sign-On , 简称 SSO ）是目前比较流行的服务于企业业务整合的解决方案之一， SSO 使得在多个应用系统中，用户只需要登录一次就可以访问所有相互信任的应用系统。

CAS Client

负责处理对客户端受保护资源的访问请求，需要对请求方进行身份认证时，重定向到 CAS Server 进行认证。（原则上，客户端应用不再接受任何的用户名密码等 Credentials ）。

实现方式一：使用第三方的starter

1、依赖的jar

<dependency>   <groupId>net.unicon.cas</groupId>   <artifactId>cas-client-autoconfig-support</artifactId>   <version>1.4.0-GA</version>  </dependency>

2、增加配置文件

cas.server-url-prefix=http://127.0.0.1 cas.server-login-url=http://127.0.0.1/login cas.client-host-url=http://192.26.4.28:8080 cas.validation-type=CAS

3、开启CAS Client支持

@SpringBootApplication @ComponentScan(basePackages={"com.chhliu.emailservice"}) @EnableCasClient // 开启CAS支持 public class Application extends SpringBootServletInitializer{   public static void main(String[] args) {  SpringApplication.run(Application.class, args);    } }

通过上面的3步，就可以完成CAS的客户端认证了！

4、扩展

cas.validation-type目前支持3中方式：1、CAS；2、CAS3；3、SAML

其他可用的配置如下：

cas.authentication-url-patterns cas.validation-url-patterns cas.request-wrapper-url-patterns cas.assertion-thread-local-url-patterns cas.gateway cas.use-session cas.redirect-after-validation cas.allowed-proxy-chains cas.proxy-callback-url cas.proxy-receptor-url cas.accept-any-proxy server.context-parameters.renew

具体的含义从名字上就可以很清楚的看出来。

实现方式二：手动配置

我们原来使用CAS Client，需要在web.xml中做如下配置：

<filter>  <filter-name>authenticationFilter</filter-name>  <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>  <init-param>   <param-name>casServerLoginUrl</param-name>   <param-value>http://127.0.0.1/login</param-value>  </init-param>  <init-param>   <param-name>serverName</param-name>   <param-value>http://192.26.4.28:8080</param-value>  </init-param>  </filter>  <filter-mapping>  <filter-name>authenticationFilter</filter-name>  <url-pattern>/*</url-pattern>  </filter-mapping>  <!-- 该过滤器负责对Ticket的校验工作，必须启用它 -->  <filter>  <filter-name>validationFilter</filter-name>  <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>  <init-param>   <param-name>casServerUrlPrefix</param-name>   <param-value>http://127.0.0.1</param-value>  </init-param>  <init-param>   <param-name>serverName</param-name>   <param-value>http://192.26.4.28:8080</param-value>  </init-param>  <!-- <init-param>   <param-name>redirectAfterValidation</param-name>   <param-value>true</param-value>  </init-param>  <init-param>   <param-name>useSession</param-name>   <param-value>true</param-value>  </init-param> -->  </filter>  <filter-mapping>  <filter-name>validationFilter</filter-name>  <url-pattern>/*</url-pattern>  </filter-mapping>  <!-- 该过滤器负责实现HttpServletRequest请求的包裹， 比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名，可选配置。 -->  <filter>  <filter-name>httpServletRequestWrapperFilter</filter-name>  <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>  </filter>  <filter-mapping>  <filter-name>httpServletRequestWrapperFilter</filter-name>  <url-pattern>/*</url-pattern>  </filter-mapping>

所以，我们手动配置的时候，需要手动配置上面xml中对应的Filter，代码如下：

@Configuration @Component public class CasConfigure {   @Bean  public FilterRegistrationBean authenticationFilterRegistrationBean() {  FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();  authenticationFilter.setFilter(new AuthenticationFilter());  Map<String, String> initParameters = new HashMap<String, String>();  initParameters.put("casServerLoginUrl", "http://127.0.0.1/login");  initParameters.put("serverName", "http://192.26.4.28:8080");  authenticationFilter.setInitParameters(initParameters);  authenticationFilter.setOrder(2);  List<String> urlPatterns = new ArrayList<String>();  urlPatterns.add("/*");// 设置匹配的url  authenticationFilter.setUrlPatterns(urlPatterns);  return authenticationFilter;  }   @Bean  public FilterRegistrationBean ValidationFilterRegistrationBean(){  FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();  authenticationFilter.setFilter(new Cas20ProxyReceivingTicketValidationFilter());  Map<String, String> initParameters = new HashMap<String, String>();  initParameters.put("casServerUrlPrefix", "http://127.0.0.1");  initParameters.put("serverName", "http://192.26.4.28:8080");  authenticationFilter.setInitParameters(initParameters);  authenticationFilter.setOrder(1);  List<String> urlPatterns = new ArrayList<String>();  urlPatterns.add("/*");// 设置匹配的url  authenticationFilter.setUrlPatterns(urlPatterns);  return authenticationFilter;  }   @Bean  public FilterRegistrationBean casHttpServletRequestWrapperFilter(){  FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();  authenticationFilter.setFilter(new HttpServletRequestWrapperFilter());  authenticationFilter.setOrder(3);  List<String> urlPatterns = new ArrayList<String>();  urlPatterns.add("/*");// 设置匹配的url  authenticationFilter.setUrlPatterns(urlPatterns);  return authenticationFilter;  }   @Bean  public FilterRegistrationBean casAssertionThreadLocalFilter(){  FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();  authenticationFilter.setFilter(new AssertionThreadLocalFilter());  authenticationFilter.setOrder(4);  List<String> urlPatterns = new ArrayList<String>();  urlPatterns.add("/*");// 设置匹配的url  authenticationFilter.setUrlPatterns(urlPatterns);  return authenticationFilter;  } }

通过上面的配置，也可以完成CAS Client的认证

以上就是本文的全部内容，希望对大家的学习有所帮助，也希望大家多多支持VeVb武林网。

注：相关教程知识阅读请移步到JAVA教程频道。

上一篇：Java Web实现添加定时任务的方法示例

下一篇：spring boot使用自定义配置的线程池执行Async异步任务