单点登录之cas client
一、前期介绍
前篇有介绍过了cas server的相关搭建及简单配置,但是整个的单点登录功能并未就此完结。除了服务端还需要接入相应需要单点登录的客户端,即我们的应用系统。下面介绍相关的客户端配置,以springboot项目为例介绍。
二、客户端配置
1、添加依赖
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.5.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
2、配置属性值获取类,用户获取springboot属性配置文件中的特定属性值。
package com.example.configure; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.stereotype.Component; /** * Description:casclient属性实体类 * Package:com.example.configure * * @author lightbc * @version 1.0 */ @Component @ConfigurationProperties(prefix = "spring.cas.client") public class CasClientProperties { private String serverLoginUrl; private String serverUrlPrefix; private String serverName; private boolean redirectAfterValidation; private boolean useSession; public String getServerLoginUrl() { return serverLoginUrl; } public void setServerLoginUrl(String serverLoginUrl) { this.serverLoginUrl = serverLoginUrl; } public String getServerUrlPrefix() { return serverUrlPrefix; } public void setServerUrlPrefix(String serverUrlPrefix) { this.serverUrlPrefix = serverUrlPrefix; } public String getServerName() { return serverName; } public void setServerName(String serverName) { this.serverName = serverName; } public boolean isRedirectAfterValidation() { return redirectAfterValidation; } public void setRedirectAfterValidation(boolean redirectAfterValidation) { this.redirectAfterValidation = redirectAfterValidation; } public boolean isUseSession() { return useSession; } public void setUseSession(boolean useSession) { this.useSession = useSession; } }
3、springboot中因为没有web.xml配置文件,所以需要通过编程的方式进行配置,以下为相关配置类。
package com.example.configure; import org.jasig.cas.client.authentication.AuthenticationFilter; import org.jasig.cas.client.session.SingleSignOutHttpSessionListener; import org.jasig.cas.client.util.AssertionThreadLocalFilter; import org.jasig.cas.client.util.HttpServletRequestWrapperFilter; import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.boot.web.servlet.ServletListenerRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; /** * Description:casclient相关配置类 * Package:com.example.configure * * @author lightbc * @version 1.0 */ @Configuration public class CasClientConfigure { @Autowired private CasClientProperties properties; @Bean public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener(){ ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listener=new ServletListenerRegistrationBean<>(); listener.setEnabled(true); listener.setListener(new SingleSignOutHttpSessionListener()); listener.setOrder(1); return listener; } @Bean public FilterRegistrationBean authenticationFilter() { FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); filterRegistration.setFilter(new AuthenticationFilter()); filterRegistration.setEnabled(true); filterRegistration.addUrlPatterns("/*"); filterRegistration.addInitParameter("casServerLoginUrl", properties.getServerLoginUrl()); filterRegistration.addInitParameter("serverName",properties.getServerName()); filterRegistration.addInitParameter("useSession", properties.isUseSession()?"true":"false"); filterRegistration.addInitParameter("redirectAfterValidation", properties.isRedirectAfterValidation()?"true":"false"); filterRegistration.setOrder(3); return filterRegistration; } @Bean public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() { FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); filterRegistration.setFilter(new Cas20ProxyReceivingTicketValidationFilter()); filterRegistration.setEnabled(true); filterRegistration.addUrlPatterns("/*"); filterRegistration.addInitParameter("casServerUrlPrefix", properties.getServerUrlPrefix()); filterRegistration.addInitParameter("serverName", properties.getServerName()); filterRegistration.setOrder(4); return filterRegistration; } @Bean public FilterRegistrationBean httpServletRequestWrapperFilter() { FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); filterRegistration.setFilter(new HttpServletRequestWrapperFilter()); filterRegistration.setEnabled(true); filterRegistration.addUrlPatterns("/*"); filterRegistration.setOrder(5); return filterRegistration; } @Bean public FilterRegistrationBean assertionThreadLocalFilter() { FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); filterRegistration.setFilter(new AssertionThreadLocalFilter()); filterRegistration.setEnabled(true); filterRegistration.addUrlPatterns("/*"); filterRegistration.setOrder(6); return filterRegistration; } }
4、属性文件中添加相关属性。
# cas client spring.cas.client.serverLoginUrl=http://server.sso.com:8088/login spring.cas.client.serverUrlPrefix=http://server.sso.com:8088/ spring.cas.client.redirectAfterValidation=true spring.cas.client.useSession=true spring.cas.client.serverName=http://client.sso.com:8080
三、效果展示
1、启动cas server,再启动cas client。效果如下,未登录会跳转到单点登录的登录界面:
2、过程中可能遇到如下所示问题。
此时需修改cas server的services下的HTTPSandIMAPS-10000001.json文件。
再修改application.properties文件,添加如下内容:
cas.tgc.secure=false cas.serviceRegistry.initFromJson=true
四、补充说明
1、以上示例中用到的类似域名配置需要修改C:\Windows\System32\drivers\etc下的hosts文件。文件最后添加以下内容,并保存。
127.0.0.1 server.sso.com 127.0.0.1 client.sso.com
2、如果项目中含有web.xml配置文件,请参照这里。
