spring boot 和 cas 整合

1. 修改依赖

复制代码
 <!--  spring-boot-configuration 配置信息 ,加入此项可以提示 配置信息 -->
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-configuration-processor</artifactId>
    <optional>true</optional>
</dependency>



<java.cas.client.version>3.5.0</java.cas.client.version>



<!--   cas 单点登录 客户端 拦截器    -->
<dependency>
   <groupId>org.jasig.cas.client</groupId>
   <artifactId>cas-client-core</artifactId>
   <version>${java.cas.client.version}</version>
</dependency>
复制代码

 

 

2. 建立 配置类 

复制代码
package com.cjy.core.config.cas;

import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.lang.Nullable;

/**
 * <p><b>
 *
 * </b></p>
 * <br/>创建时间: 2019/7/8 13:39
 *
 * @author Zero
 */
@ConfigurationProperties(prefix = "cas")
@Configuration
public class CasClientProperties {
    /**
     * 是否开启单点登录
     */
    private boolean enable = true;
    /**
     * 单点登录需要访问的CAS SERVER URL入口
     */
    private String casServerLoginUrl;
    /**
     * 托管此应用的服务器名称,例如本机:http://localhost:8080
     */
    private String serverName;

    /**
     * 指定是否应将renew = true发送到CAS服务器
     */
    private boolean renew = false;
    /**
     * 指定是否应将gateway = true发送到CAS服务器
     */
    private boolean gateway = false;

    /**
     * cas服务器的开头  例如 http://localhost:8443/cas
     */
    private String casServerUrlPrefix;
    /**
     * 是否将Assertion 存入到session中
     * 如果不使用session(会话),tickets(票据)将每次请求时都需要tickets
     */
    private boolean useSession = true;
    /**
     * 是否在票证验证后重定向到相同的URL,但在参数中没有票证
     */
    private boolean redirectAfterValidation = true;
    /**
     * 是否在tickets验证失败时抛出异常
     */
    private boolean exceptionOnValidationFailure = false;

    /**
     * 验证白名单,当请求路径匹配此表达式时,自动通过验证
     */
    @Nullable
    private String ignorePattern;

    /**
     * 白名单表达式的类型
     * REGEX 正则表达式 默认的
     * CONTAINS  包含匹配
     * EXACT 精确匹配
     */
    @Nullable
    private String ignoreUrlPatternType;

    public boolean isEnable() {
        return enable;
    }

    public void setEnable(boolean enable) {
        this.enable = enable;
    }

    public String getCasServerLoginUrl() {
        return casServerLoginUrl;
    }

    public void setCasServerLoginUrl(String casServerLoginUrl) {
        this.casServerLoginUrl = casServerLoginUrl;
    }

    public String getServerName() {
        return serverName;
    }

    public void setServerName(String serverName) {
        this.serverName = serverName;
    }

    public boolean isRenew() {
        return renew;
    }

    public void setRenew(boolean renew) {
        this.renew = renew;
    }

    public boolean isGateway() {
        return gateway;
    }

    public void setGateway(boolean gateway) {
        this.gateway = gateway;
    }

    public String getCasServerUrlPrefix() {
        return casServerUrlPrefix;
    }

    public void setCasServerUrlPrefix(String casServerUrlPrefix) {
        this.casServerUrlPrefix = casServerUrlPrefix;
    }

    public boolean isUseSession() {
        return useSession;
    }

    public void setUseSession(boolean useSession) {
        this.useSession = useSession;
    }

    public boolean isRedirectAfterValidation() {
        return redirectAfterValidation;
    }

    public void setRedirectAfterValidation(boolean redirectAfterValidation) {
        this.redirectAfterValidation = redirectAfterValidation;
    }

    public boolean isExceptionOnValidationFailure() {
        return exceptionOnValidationFailure;
    }

    public void setExceptionOnValidationFailure(boolean exceptionOnValidationFailure) {
        this.exceptionOnValidationFailure = exceptionOnValidationFailure;
    }

    @Nullable
    public String getIgnorePattern() {
        return ignorePattern;
    }

    public void setIgnorePattern(@Nullable String ignorePattern) {
        this.ignorePattern = ignorePattern;
    }

    @Nullable
    public String getIgnoreUrlPatternType() {
        return ignoreUrlPatternType;
    }

    public void setIgnoreUrlPatternType(@Nullable String ignoreUrlPatternType) {
        this.ignoreUrlPatternType = ignoreUrlPatternType;
    }
}
复制代码

3. 建立 拦截器 bean

复制代码
package com.cjy.core.config.cas;

import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.AssertionThreadLocalFilter;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

/**
 * <p><b>
 *
 * </b></p>
 * <br/>创建时间: 2019/7/8 13:37
 *
 * @author Zero
 */
@Configuration
public class CasFilterConfig {

    @Autowired
    private CasClientProperties casClientProperties;


    /**
     * 单点登出
     *
     * @return
     */
    @Bean
    public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() {
        ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listener =
                new ServletListenerRegistrationBean<>();
        listener.setEnabled(casClientProperties.isEnable());
        listener.setListener(new SingleSignOutHttpSessionListener());
        listener.setOrder(1);
        return listener;
    }

    @Bean
    public FilterRegistrationBean singleSignOutFilter() {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        registrationBean.setFilter(new SingleSignOutFilter());
        registrationBean.addUrlPatterns("/*");
        registrationBean.addInitParameter("casServerUrlPrefix", casClientProperties.getCasServerUrlPrefix());
        registrationBean.setEnabled(casClientProperties.isEnable());
        registrationBean.setOrder(2);

        return registrationBean;
    }

    /**
     * 认证过滤器
     * 如果用户需要进行身份验证,则会将用户重定向到CAS服务器。
     *
     * @return
     */
    @Bean
    public FilterRegistrationBean authenticationFilter() {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.setFilter(new AuthenticationFilter());
        filterRegistrationBean.setEnabled(casClientProperties.isEnable());
        filterRegistrationBean.addUrlPatterns("/*");
        filterRegistrationBean.addInitParameter("casServerLoginUrl", casClientProperties.getCasServerLoginUrl());
        filterRegistrationBean.addInitParameter("serverName", casClientProperties.getServerName());
        filterRegistrationBean.addInitParameter("gateway", String.valueOf(casClientProperties.isGateway()));
        filterRegistrationBean.addInitParameter("ignorePattern", String.valueOf(casClientProperties.getIgnorePattern()));
        //   filterRegistrationBean.addInitParameter("renew", String.valueOf(casClientProperties.isRenew()));
        filterRegistrationBean.setOrder(3);

        return filterRegistrationBean;
    }


    /**
     * 使用 CAS 2.0 protocol. ticket校验工作
     * Cas30ProxyReceivingTicketValidationFilter 使用cas3.0 protocol
     * Cas30JsonProxyReceivingTicketValidationFilter 过滤器能够接受CAS的验证响应,根据CAS协议规定的格式为JSON
     *
     * @return
     */
    @Bean
    public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();

        registrationBean.setFilter(new Cas20ProxyReceivingTicketValidationFilter());
        registrationBean.addUrlPatterns("/*");
        registrationBean.addInitParameter("casServerUrlPrefix", casClientProperties.getCasServerUrlPrefix());
        registrationBean.addInitParameter("serverName", casClientProperties.getServerName());
        registrationBean.addInitParameter("useSession", String.valueOf(casClientProperties.isUseSession()));
        registrationBean.addInitParameter("exceptionOnValidationFailure", String.valueOf(casClientProperties.isExceptionOnValidationFailure()));
        registrationBean.addInitParameter("redirectAfterValidation", String.valueOf(casClientProperties.isRedirectAfterValidation()));
        registrationBean.setEnabled(casClientProperties.isEnable());
        registrationBean.setOrder(4);
        return registrationBean;
    }


    /**
     * 将断言信息存放在ThreadLocal中,可以通过此类获取登录的用户信息
     * 可以在任意地方获取到用户信息 AssertionHolder类是专门处理此信息类
     * 但是此类无法访问 HttpServletRequest,因此无法调用 getRemoteUser()
     *
     * @return
     */
    @Bean
    public FilterRegistrationBean assertionThreadLocalFilter() {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        registrationBean.setEnabled(casClientProperties.isEnable());
        registrationBean.setOrder(5);
        registrationBean.setFilter(new AssertionThreadLocalFilter());
        return registrationBean;
    }

    /**
     * HttpServletRequest包装类
     * 可以通过getRemoteUser()与getPrincipal()获取相应CAS的信息
     *
     * @return
     */
    @Bean
    public FilterRegistrationBean requestWrapperFilter() {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        registrationBean.setEnabled(casClientProperties.isEnable());
        registrationBean.setFilter(new HttpServletRequestWrapperFilter());
        registrationBean.addUrlPatterns("/*");
        registrationBean.setOrder(6);
        return registrationBean;
    }
}
复制代码

 

posted on   正义的伙伴!  阅读(2876)  评论(0编辑  收藏  举报

努力加载评论中...

导航

//增加一段JS脚本,为目录生成使用
点击右上角即可分享
微信分享提示