概述
企业内部一般都有一套单点登录系统(常用的实现有apereo cas),所有的内部系统的登录认证都对接它。本文介绍spring boot的程序如何对接CAS服务。
常用的安全框架有spring security和apache shiro。shiro的配置和使用相对简单,本文使用shrio对接CAS服务。
配置
新增依赖
pom.xml新增:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
< properties >
< shiro.version >1.2.4</ shiro.version >
</ properties >
< dependencies >
<!--Apache Shiro -->
< dependency >
< groupId >org.apache.shiro</ groupId >
< artifactId >shiro-spring</ artifactId >
< version >${shiro.version}</ version >
</ dependency >
< dependency >
< groupId >org.apache.shiro</ groupId >
< artifactId >shiro-ehcache</ artifactId >
< version >${shiro.version}</ version >
</ dependency >
< dependency >
< groupId >org.apache.shiro</ groupId >
< artifactId >shiro-cas</ artifactId >
< version >${shiro.version}</ version >
</ dependency >
</ dependencies >
|
spring boot配置
application.properties
1
2
|
shiro.cas=https://cas.xxx.com # 这是CAS服务的地址
shiro.server=http://127.0.0.1:8080 # 自己应用的地址,测试使用127即可
|
应用配置
初始化shiro bean,将文件放到任意子包下即可,比如xxx.config,spring boot会自动扫描加载
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
@Configuration
public class ShiroCasConfiguration {
private static final String casFilterUrlPattern = "/shiro-cas" ;
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
filterRegistration.setFilter( new DelegatingFilterProxy( "shiroFilter" ));
filterRegistration.addInitParameter( "targetFilterLifecycle" , "true" );
filterRegistration.setEnabled( true );
filterRegistration.addUrlPatterns( "/*" );
return filterRegistration;
}
@Bean (name = "lifecycleBeanPostProcessor" )
public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
@Bean (name = "securityManager" )
public DefaultWebSecurityManager getDefaultWebSecurityManager( @Value ( "${shiro.cas}" ) String casServerUrlPrefix,
@Value ( "${shiro.server}" ) String shiroServerUrlPrefix) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
CasRealm casRealm = new CasRealm();
casRealm.setDefaultRoles( "ROLE_USER" );
casRealm.setCasServerUrlPrefix(casServerUrlPrefix);
casRealm.setCasService(shiroServerUrlPrefix + casFilterUrlPattern);
securityManager.setRealm(casRealm);
securityManager.setCacheManager( new MemoryConstrainedCacheManager());
securityManager.setSubjectFactory( new CasSubjectFactory());
return securityManager;
}
private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean) {
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put(casFilterUrlPattern, "casFilter" );
filterChainDefinitionMap.put( "/login" , "anon" );
filterChainDefinitionMap.put( "/bower_components/**" , "anon" ); //可以将不需要拦截的静态文件目录加进去
filterChainDefinitionMap.put( "/logout" , "logout" );
filterChainDefinitionMap.put( "/**" , "authc" );
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
}
/**
* CAS Filter
*/
@Bean (name = "casFilter" )
public CasFilter getCasFilter( @Value ( "${shiro.cas}" ) String casServerUrlPrefix,
@Value ( "${shiro.server}" ) String shiroServerUrlPrefix) {
CasFilter casFilter = new CasFilter();
casFilter.setName( "casFilter" );
casFilter.setEnabled( true );
String loginUrl = casServerUrlPrefix + "/login?service=" + shiroServerUrlPrefix + casFilterUrlPattern;
casFilter.setFailureUrl(loginUrl);
return casFilter;
}
@Bean (name = "shiroFilter" )
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager,
CasFilter casFilter,
@Value ( "${shiro.cas}" ) String casServerUrlPrefix,
@Value ( "${shiro.server}" ) String shiroServerUrlPrefix) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
String loginUrl = casServerUrlPrefix + "/login?service=" + shiroServerUrlPrefix + casFilterUrlPattern;
shiroFilterFactoryBean.setLoginUrl(loginUrl);
shiroFilterFactoryBean.setSuccessUrl( "/" );
Map<String, Filter> filters = new HashMap<>();
filters.put( "casFilter" , casFilter);
LogoutFilter logoutFilter = new LogoutFilter();
logoutFilter.setRedirectUrl(casServerUrlPrefix + "/logout?service=" + shiroServerUrlPrefix);
filters.put( "logout" ,logoutFilter);
shiroFilterFactoryBean.setFilters(filters);
loadShiroFilterChain(shiroFilterFactoryBean);
return shiroFilterFactoryBean;
}
}
|
程序中获取登录的用户名
上述配置完成后,就可以找程序中获取登录用户的名字了
1
2
3
4
5
6
7
|
public String getUsername() {
Subject subject = SecurityUtils.getSubject();
if (subject == null || subject.getPrincipals() == null ) {
return DEFAULTUSER;
}
return (String) subject.getPrincipals().getPrimaryPrincipal();
}
|
总结
shiro使用还是比较简单的,使用的时候只需要修改application.properties即可
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持服务器之家。
原文链接:http://www.jianshu.com/p/600593b1f366