spring boot整合CAS配置详解

时间:2021-11-14 06:40:47

在下不才,以下是我花了好几天的时间才整合出来的在spring boot里面的CAS配置整合

为了帮助没搞定的人,毕竟自己踩了很多坑,一步一步爬过来的,有什么不足之处可以给建议  谢谢(小部分代码是整合他人的)

1.不多废话,直接上最重要的代码,以下代码整合cas的重要过程

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.AssertionThreadLocalFilter;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
 
import java.util.List;
 
 
@Configuration
public class CasConfig {
   
  @Autowired
  SpringCasAutoconfig autoconfig;
   
  private static boolean casEnabled = true;
   
  public CasConfig() {
  }
 
  @Bean
  public SpringCasAutoconfig getSpringCasAutoconfig(){
    return new SpringCasAutoconfig();
  }
 
  /**
   * 用于实现单点登出功能
   */
  @Bean
  public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() {
    ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listener = new ServletListenerRegistrationBean<>();
    listener.setEnabled(casEnabled);
    listener.setListener(new SingleSignOutHttpSessionListener());
    listener.setOrder(1);
    return listener;
  }
 
  /**
   * 该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前
   */
  @Bean
  public FilterRegistrationBean logOutFilter() {
    FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
    LogoutFilter logoutFilter = new LogoutFilter(autoconfig.getCasServerUrlPrefix() + "/logout?service=" + autoconfig.getServerName(),new SecurityContextLogoutHandler());
    filterRegistration.setFilter(logoutFilter);
    filterRegistration.setEnabled(casEnabled);
    if(autoconfig.getSignOutFilters().size()>0)
      filterRegistration.setUrlPatterns(autoconfig.getSignOutFilters());
    else
      filterRegistration.addUrlPatterns("/logout");
    filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix());
    filterRegistration.addInitParameter("serverName", autoconfig.getServerName());
    filterRegistration.setOrder(2);
    return filterRegistration;
  }
 
  /**
   * 该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前
   */
  @Bean
  public FilterRegistrationBean singleSignOutFilter() {
    FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
    filterRegistration.setFilter(new SingleSignOutFilter());
    filterRegistration.setEnabled(casEnabled);
    if(autoconfig.getSignOutFilters().size()>0)
      filterRegistration.setUrlPatterns(autoconfig.getSignOutFilters());
    else
      filterRegistration.addUrlPatterns("/*");
    filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix());
    filterRegistration.addInitParameter("serverName", autoconfig.getServerName());
    filterRegistration.setOrder(3);
    return filterRegistration;
  }
 
  /**
   * 该过滤器负责用户的认证工作
   */
  @Bean
  public FilterRegistrationBean authenticationFilter() {
    FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
    filterRegistration.setFilter(new AuthenticationFilter());
    filterRegistration.setEnabled(casEnabled);
    if(autoconfig.getAuthFilters().size()>0)
      filterRegistration.setUrlPatterns(autoconfig.getAuthFilters());
    else
      filterRegistration.addUrlPatterns("/*");
    //casServerLoginUrl:cas服务的登陆url
    filterRegistration.addInitParameter("casServerLoginUrl", autoconfig.getCasServerLoginUrl());
    //本项目登录ip+port
    filterRegistration.addInitParameter("serverName", autoconfig.getServerName());
    filterRegistration.addInitParameter("useSession", autoconfig.isUseSession()?"true":"false");
    filterRegistration.addInitParameter("redirectAfterValidation", autoconfig.isRedirectAfterValidation()?"true":"false");
    filterRegistration.setOrder(4);
    return filterRegistration;
  }
 
  /**
   * 该过滤器负责对Ticket的校验工作
   */
  @Bean
  public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() {
    FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
    Cas20ProxyReceivingTicketValidationFilter cas20ProxyReceivingTicketValidationFilter = new Cas20ProxyReceivingTicketValidationFilter();
    //cas20ProxyReceivingTicketValidationFilter.setTicketValidator(cas20ServiceTicketValidator());
    cas20ProxyReceivingTicketValidationFilter.setServerName(autoconfig.getServerName());
    filterRegistration.setFilter(cas20ProxyReceivingTicketValidationFilter);
    filterRegistration.setEnabled(casEnabled);
    if(autoconfig.getValidateFilters().size()>0)
      filterRegistration.setUrlPatterns(autoconfig.getValidateFilters());
    else
      filterRegistration.addUrlPatterns("/*");
    filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix());
    filterRegistration.addInitParameter("serverName", autoconfig.getServerName());
    filterRegistration.setOrder(5);
    return filterRegistration;
  }
 
 
  /**
   * 该过滤器对HttpServletRequest请求包装, 可通过HttpServletRequest的getRemoteUser()方法获得登录用户的登录名
   *
   */
  @Bean
  public FilterRegistrationBean httpServletRequestWrapperFilter() {
    FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
    filterRegistration.setFilter(new HttpServletRequestWrapperFilter());
    filterRegistration.setEnabled(true);
    if(autoconfig.getRequestWrapperFilters().size()>0)
      filterRegistration.setUrlPatterns(autoconfig.getRequestWrapperFilters());
    else
      filterRegistration.addUrlPatterns("/*");
    filterRegistration.setOrder(6);
    return filterRegistration;
  }
 
  /**
   * 该过滤器使得可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
   比如AssertionHolder.getAssertion().getPrincipal().getName()。
   这个类把Assertion信息放在ThreadLocal变量中,这样应用程序不在web层也能够获取到当前登录信息
   */
  @Bean
  public FilterRegistrationBean assertionThreadLocalFilter() {
    FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
    filterRegistration.setFilter(new AssertionThreadLocalFilter());
    filterRegistration.setEnabled(true);
    if(autoconfig.getAssertionFilters().size()>0)
      filterRegistration.setUrlPatterns(autoconfig.getAssertionFilters());
    else
      filterRegistration.addUrlPatterns("/*");
    filterRegistration.setOrder(7);
    return filterRegistration;
  }
}

2.为了让你们更省力且直接的看到效果,我把相关配置也贴出来

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;
 
import java.util.Arrays;
import java.util.List;
 
@ConfigurationProperties(prefix = "spring.cas")
public class SpringCasAutoconfig {
 
  static final String separator = ",";
 
  private String validateFilters;
  private String signOutFilters;
  private String authFilters;
  private String assertionFilters;
  private String requestWrapperFilters;
 
  private String casServerUrlPrefix;
  private String casServerLoginUrl;
  private String serverName;
  private boolean useSession = true;
  private boolean redirectAfterValidation = true;
 
  public List<String> getValidateFilters() {
    return Arrays.asList(validateFilters.split(separator));
  }
  public void setValidateFilters(String validateFilters) {
    this.validateFilters = validateFilters;
  }
  public List<String> getSignOutFilters() {
    return Arrays.asList(signOutFilters.split(separator));
  }
  public void setSignOutFilters(String signOutFilters) {
    this.signOutFilters = signOutFilters;
  }
  public List<String> getAuthFilters() {
    return Arrays.asList(authFilters.split(separator));
  }
  public void setAuthFilters(String authFilters) {
    this.authFilters = authFilters;
  }
  public List<String> getAssertionFilters() {
    return Arrays.asList(assertionFilters.split(separator));
  }
  public void setAssertionFilters(String assertionFilters) {
    this.assertionFilters = assertionFilters;
  }
  public List<String> getRequestWrapperFilters() {
    return Arrays.asList(requestWrapperFilters.split(separator));
  }
  public void setRequestWrapperFilters(String requestWrapperFilters) {
    this.requestWrapperFilters = requestWrapperFilters;
  }
  public String getCasServerUrlPrefix() {
    return casServerUrlPrefix;
  }
  public void setCasServerUrlPrefix(String casServerUrlPrefix) {
    this.casServerUrlPrefix = casServerUrlPrefix;
  }
  public String getCasServerLoginUrl() {
    return casServerLoginUrl;
  }
  public void setCasServerLoginUrl(String casServerLoginUrl) {
    this.casServerLoginUrl = casServerLoginUrl;
  }
  public String getServerName() {
    return serverName;
  }
  public void setServerName(String serverName) {
    this.serverName = serverName;
  }
  public boolean isRedirectAfterValidation() {
    return redirectAfterValidation;
  }
  public void setRedirectAfterValidation(boolean redirectAfterValidation) {
    this.redirectAfterValidation = redirectAfterValidation;
  }
  public boolean isUseSession() {
    return useSession;
  }
  public void setUseSession(boolean useSession) {
    this.useSession = useSession;
  }
 
}

3.配置文件  dev.yml

?
1
2
3
4
5
6
7
8
9
10
11
12
#cas client config
spring:cas:
sign-out-filters: /logout
auth-filters: /*
validate-filters: /*
request-wrapper-filters: /*
assertion-filters: /*
cas-server-login-url: cas登录url
cas-server-url-prefix:cas登录域名
redirect-after-validation: true
use-session: true
server-name: http://localhost:8080

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持服务器之家。

原文链接:http://blog.csdn.net/jw314947712/article/details/54236216