CAS单点登录:开启OAuth2.0协议(七)

1.添加依赖

<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-oauth-webflow</artifactId>
    <version>${cas.version}</version>
</dependency>

2.application.properties添加以下属性

##
# CAS_Service
#
cas.server.name=https://server.cas.com:${server.port}/cas
cas.server.prefix=${cas.server.name}

##
# OAuth
#
cas.authn.oauth.refreshToken.timeToKillInSeconds=2592000
cas.authn.oauth.code.timeToKillInSeconds=30
cas.authn.oauth.code.numberOfUses=1
cas.authn.oauth.accessToken.releaseProtocolAttributes=true
cas.authn.oauth.accessToken.timeToKillInSeconds=7200
cas.authn.oauth.accessToken.maxTimeToLiveInSeconds=28800
cas.authn.oauth.grants.resourceOwner.requireServiceHeader=true
cas.authn.oauth.userProfileViewType=NESTED

3.增加接入servcie的注册文件:OAUTH-1001. json

{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "abc",
  "clientSecret": "xyz",
  "serviceId" : "^(https|http|imaps)://app1.cas.com.*",
  "name" : "OAuthService",
  "id" : 1001
}

这里的serviceId是通过请求过来的url中的redirect_uri来进行限制的。

4.端点介绍

启用OAuth支持后,将提供以下端点:

端点 描述 方法类型
/oauth2.0/authorize 获取authCode或者token GET
/oauth2.0/accessToken,/oauth2.0/token 获取accessToken POST
/oauth2.0/profile 通过access_token参数获取用户信息 GET

5.测试

1.首先Oauth客户端使用Get请求访问以下地址,获取AuthCode:

  https://server.cas.com:8443/cas/oauth2.0/authorize?response_type=code&scope=openid&client_id=abc&redirect_uri=http://app1.cas.com

  client_id:为之前service中的值

  redirect_uri:认证通过后的跳转地址,会根据service文件中的serviceId进行判断是否注册。

请求后,会跳转登录界面,登录成功跳转http://app1.cas.com,并返回AuthCode,如:

  http://app1.cas.com/?code=OC-1-jkaGG16jVb-O8cUkMHI1RfgVuYKfs9zs

 

2.根据authCode获取accessToken

  https://server.cas.com:8443/cas/oauth2.0/accessToken?grant_type=authorization_code&client_id=abc&client_secret=xyz&code=OC-1-jkaGG16jVb-O8cUkMHI1RfgVuYKfs9zs&redirect_uri=http://app1.cas.com

请求URL,获取响应:access_token=AT-1-TRYGjkhonoCqC5m-RKFef3ZrDBrzNUg-&expires_in=28800

 

 

3.根据AccerssToken获取用户信息

  https://server.cas.com:8443/cas/oauth2.0/profile?access_token=AT-1-TRYGjkhonoCqC5m-RKFef3ZrDBrzNUg-

请求URL,获取响应如下:

{
  "service" : "http://app1.cas.com",
  "attributes" : {
    "credentialType" : "RememberMeUsernamePasswordCaptchaCredential"
  },
  "id" : "admin",
  "client_id" : "abc"
}

 

 
参考:https://blog.csdn.net/qq_34021712/article/details/82290876

posted @ 2020-05-25 14:18  市井俗人  阅读(3021)  评论(0编辑  收藏  举报