springmvc shiro整合cas单点登入

shiro cas分为登入跟登出

maven依赖:

<dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.3.2</version>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.3.2</version>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-cas</artifactId>
            <version>1.3.2</version>
        </dependency>

        <dependency>
            <groupId>org.jasig.cas.client</groupId>
            <artifactId>cas-client-core</artifactId>
            <version>3.2.1</version>
        </dependency>

 

一、登入

web.xml需要有shiro的过滤器,在springmvc之前。

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:web="http://java.sun.com/xml/ns/javaee" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
  <display-name>NSSP</display-name>
  <filter>
    <filter-name>logoutFilter</filter-name>
    <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>logoutFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <!-- CAS: 用于单点退出,这个过滤器是在其他服务登出通知cas服务的时候,cas服务端通知本服务退出时起作用的-->
  <listener>
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
  </listener>
  <filter>
    <filter-name>shiroFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
      <param-name>targetFilterLifecycle</param-name>
      <param-value>true</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>shiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>spring要用的相关.xml文件</param-value>
  </context-param>
  <filter>
    <description>字符集过滤器</description>
    <filter-name>encodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
      <description>字符集编码</description>
      <param-name>encoding</param-name>
      <param-value>UTF-8</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>encodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <listener>
    <description>spring监听器</description>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>
  <servlet>
    <description>spring mvc servlet</description>
    <servlet-name>springMvc</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
      <description>spring mvc 配置文件</description>
      <param-name>contextConfigLocation</param-name>
      <param-value>classpath:spring-mvc.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>springMvc</servlet-name>
    <url-pattern>/</url-pattern>
  </servlet-mapping>
</web-app>

然后配置相关的url:

shiro.loginUrl=http://cas.server:8080/typp-cas-server/login?service=http://client.ip:8081/shiro-cas
配置cas服务端的登入地址,以及登入成功后的回调地址
shiro.logoutUrl=http://cas.server:8080/typp-cas-server/logout?service=http://client.ip:8081
配置cas服务端的登出地址,以及登出成功后的回调地址 shiro.cas.serverUrlPrefix=http://cas.server:8080/typp-cas-server
配置cas服务端项目地址,验票的时候要用到。
shiro.cas.service=http://client.ip:8081/shiro-cas
配置验票成功后的通知地址。为了保存登入状态。

 

shiro的相关配置:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-4.0.xsd   
    http://www.springframework.org/schema/context 
    http://www.springframework.org/schema/context/spring-context-4.0.xsd 
    http://www.springframework.org/schema/util 
    http://www.springframework.org/schema/util/spring-util-4.0.xsd">
    <description>Shiro 配置</description>

    <!-- 注解使用properties -->
    <bean id="configProperties"
          class="org.springframework.beans.factory.config.PropertiesFactoryBean">
        <property name="locations">
            <list>
                <value>classpath:/*.properties</value>
            </list>
        </property>
    </bean>
    <!-- 会话ID生成器 -->
    <bean id="sessionIdGenerator"
        class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator" />

    <!-- 会话Cookie模板 -->
    <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
        <constructor-arg value="sid" />
        <property name="httpOnly" value="true" />
        <property name="maxAge" value="-1" />
    </bean>

    <bean id="sessionDAO"
        class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">
        <property name="activeSessionsCacheName" value="shiro-activeSessionCache" />
        <property name="sessionIdGenerator" ref="sessionIdGenerator" />
    </bean>

    <!-- 会话管理器 -->
    <bean id="sessionManager"
        class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
        <property name="globalSessionTimeout" value="900000" />
        <property name="deleteInvalidSessions" value="true" />
        <property name="sessionValidationSchedulerEnabled" value="true" />
        <property name="sessionValidationScheduler" ref="sessionValidationScheduler" />
        <property name="sessionDAO" ref="sessionDAO" />
        <property name="sessionIdCookieEnabled" value="true" />
        <property name="sessionIdCookie" ref="sessionIdCookie" />
    </bean>

    <!-- 会话验证调度器 -->
    <bean id="sessionValidationScheduler"
        class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
        <property name="interval" value="1800000" /> <!-- 30分钟 -->
        <property name="sessionManager" ref="sessionManager" />
    </bean>

    <bean id="casRealm" class="org.apache.shiro.cas.CasRealm">
        <property name="defaultRoles" value="ROLE_USER"/>
        <!-- cas服务端地址前缀 -->
        <property name="casServerUrlPrefix" value="${shiro.cas.serverUrlPrefix}"/>
        <!-- 应用服务地址,用来接收cas服务端票据,是要验证票据保存登入状态,所以要配成跟cas的回调地址是一样的 -->
        <property name="casService" value="${shiro.cas.service}"/>
    </bean>

    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="subjectFactory" ref="casSubjectFactory"/>
        <property name="realm" ref="casRealm"/>
    </bean>
    <bean id="casSubjectFactory" class="org.apache.shiro.cas.CasSubjectFactory"/>
    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager"/>
    </bean>

    <!-- 相当于调用SecurityUtils.setSecurityManager(securityManager) -->
    <bean
        class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
        <property name="staticMethod"
            value="org.apache.shiro.SecurityUtils.setSecurityManager" />
        <property name="arguments" ref="securityManager" />
    </bean>

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager" />
        <property name="loginUrl" value="${shiro.loginUrl}" />
        <!--<property name="successUrl" value="/linewell/auth/pass/workspace" />-->
        <property name="successUrl" value="/index.jsp"></property>
        <property name="unauthorizedUrl" value="/401.jsp" />
        <property name="filters">
            <util:map>
                <entry key="cas" value-ref="casFilter"></entry>
                <entry key="authc">
                    <bean class="club.codeapes.web.core.filter.AuthenticationFilter" />
                </entry>
            </util:map>
        </property>
        <property name="filterChainDefinitions">
            <value>
                /shiro-cas = cas
                /dist/**/*. = anon
                /* = roles[ROLE_USER]  <!-- 所有的内容必须cas认证后有ROLE_USER角色才可以访问 -->
                /protected/** =authc
                <!--authc里面添加权限相关的把控 -->
            </value>
        </property>
    </bean>
<bean id="casFilter" class="org.apache.shiro.cas.CasFilter"> <!-- 配置验证错误时的失败页面,这个过滤器是回调以后保存登入状态的 --> <property name="failureUrl" value="${shiro.failureUrl}"/> </bean> <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> </beans>

 

二、登出操作

写一个控制器注销局部会话:

@RequestMapping(value = "/logout")
    public @ResponseBody Map<String, Object> logout(HttpServletRequest request) {
        Map<String, Object> result = new HashMap<String, Object>();
        Subject subject = SecurityUtils.getSubject();
        SecurityUtils.getSecurityManager().logout(subject);
        return result;
    }

然后,注销后,前端location.href到配置好的登出地址。这个是为了cas注销全局的会话。全局会话实现是基于cookie的,然后要附上本项目的ip用于回调,当项目局部和全局会话都不在的时候会定向到shiro里面配置好的登入的url,开始新的登入。

posted @ 2019-01-23 23:39  护花使者  Views(1991)  Comments(0Edit  收藏  举报