CAS单点登录:开启OAuth2.0协议(七)
1.添加依赖
<dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-oauth-webflow</artifactId> <version>${cas.version}</version> </dependency>
2.application.properties添加以下属性
##
# CAS_Service
#
cas.server.name=https://server.cas.com:${server.port}/cas
cas.server.prefix=${cas.server.name}
##
# OAuth
#
cas.authn.oauth.refreshToken.timeToKillInSeconds=2592000
cas.authn.oauth.code.timeToKillInSeconds=30
cas.authn.oauth.code.numberOfUses=1
cas.authn.oauth.accessToken.releaseProtocolAttributes=true
cas.authn.oauth.accessToken.timeToKillInSeconds=7200
cas.authn.oauth.accessToken.maxTimeToLiveInSeconds=28800
cas.authn.oauth.grants.resourceOwner.requireServiceHeader=true
cas.authn.oauth.userProfileViewType=NESTED
3.增加接入servcie的注册文件:OAUTH-1001. json
{ "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService", "clientId": "abc", "clientSecret": "xyz", "serviceId" : "^(https|http|imaps)://app1.cas.com.*", "name" : "OAuthService", "id" : 1001 }
这里的serviceId是通过请求过来的url中的redirect_uri来进行限制的。
4.端点介绍
启用OAuth支持后,将提供以下端点:
端点 | 描述 | 方法类型 |
/oauth2.0/authorize | 获取authCode或者token | GET |
/oauth2.0/accessToken,/oauth2.0/token | 获取accessToken | POST |
/oauth2.0/profile | 通过access_token参数获取用户信息 | GET |
5.测试
1.首先Oauth客户端使用Get请求访问以下地址,获取AuthCode:
https://server.cas.com:8443/cas/oauth2.0/authorize?response_type=code&scope=openid&client_id=abc&redirect_uri=http://app1.cas.com
client_id:为之前service中的值
redirect_uri:认证通过后的跳转地址,会根据service文件中的serviceId进行判断是否注册。
请求后,会跳转登录界面,登录成功跳转http://app1.cas.com,并返回AuthCode,如:
http://app1.cas.com/?code=OC-1-jkaGG16jVb-O8cUkMHI1RfgVuYKfs9zs
2.根据authCode获取accessToken
https://server.cas.com:8443/cas/oauth2.0/accessToken?grant_type=authorization_code&client_id=abc&client_secret=xyz&code=OC-1-jkaGG16jVb-O8cUkMHI1RfgVuYKfs9zs&redirect_uri=http://app1.cas.com
请求URL,获取响应:access_token=AT-1-TRYGjkhonoCqC5m-RKFef3ZrDBrzNUg-&expires_in=28800
3.根据AccerssToken获取用户信息
https://server.cas.com:8443/cas/oauth2.0/profile?access_token=AT-1-TRYGjkhonoCqC5m-RKFef3ZrDBrzNUg-
请求URL,获取响应如下:
{ "service" : "http://app1.cas.com", "attributes" : { "credentialType" : "RememberMeUsernamePasswordCaptchaCredential" }, "id" : "admin", "client_id" : "abc" }
参考:https://blog.csdn.net/qq_34021712/article/details/82290876