Spring boot 集成cas单点登录

1、安装tomcat

 下载地址:https://tomcat.apache.org/download-90.cgi 根据自己电脑选择对应的版本

配置环境变量 TomcatHome

 

在path种添加%TomcatHome%\bin

 

 

运行bin目录下的 startup.bat ,若中文编码不正确,则将\conf 文件夹中的logging.properties

java.util.logging.ConsoleHandler.encoding = UTF-8 注释掉

 

第二步 安装cas

 

 下载地址:

https://musetransfer.com/s/xhyk7styv(有效期至8月9日)|【Muse】你有一份文件待查收,请点击链接获取文件

 失效后可以私信我 

1、解压后用idea打开,然后使用mvn package 命令打包,将war包放到Tomcat的webapps文件下,启动tomcat后自动解压war包。

2、浏览器打开http://localhost:8080/cas 系统有内置的用户名和密码分别是casuser密码Mellon ,静态的密码是可以修改的,进入tomcat—webapps—cas—WEB-INF—classes—application.Properties 拉在最后一行可以看到:cas.authn.accept.users=casuser::Mellon ,直接更改casuser 和Mellon就可以了。注意:在更改后要重启Tomcat才可以用你自定义的密码。我这里的端口号是7000

 

 

 第三步 集成cas登陆

在pom文件中添加依赖

 <dependency>
   <groupId>org.jasig.cas.client</groupId>
   <artifactId>cas-client-core</artifactId>
   <version>3.5.0</version>
  </dependency>

 

在配置文件中配置cas地址,和应用的地址

cas.server-url=http://localhost:7000/cas
cas.client-host=http://localhost:8088

 

 

 

 

创建util包,并在其中创建一个工具类,用于登录成功后获取用户信息使用

package com.sso.ssocasclient.util;

import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.util.AbstractCasFilter;
import org.jasig.cas.client.validation.Assertion;

import javax.servlet.http.HttpServletRequest;

/**
 * 类 {@code CasUtil}  <br> 获取登录后的用户信息工具类.
 *
 * <p>详细描述
 * <p>
 * @author <a href="mailto:lz2392504@gmail.com">CN華少</a>
 * @since v1.0.0
 */
public class CasUtil {
 /**
 * 从cas中获取用户名
 *
 * @param request
 * @return
 */
 public static String getAccountNameFromCas(HttpServletRequest request) {
 Assertion assertion = (Assertion) request.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
 if(assertion!= null){
 AttributePrincipal principal = assertion.getPrincipal();
 return principal.getName();
 }else{
 return null;
 }
 }
}

创建filter包,并创建CasFilter文件并实现多个拦截器

package com.sso.ssocasclient.filter;

import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.util.AssertionThreadLocalFilter;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;

/**
 * 类 {@code CasFilter}  <br> 认证拦截器配置.
 *
 * <p>详细描述
 * <p>
 * @author <a href="mailto:lz2392504@gmail.com">CN華少</a>
 * @since v1.0.0
 */

@Configuration
@PropertySource("classpath:application.properties")
public class CasFilter {

 @Value("${cas.server-url}")
 private   String CAS_URL;
 @Value("${cas.client-host}")
 private   String APP_URL;

 /**
 * 单点登录退出
 * @return
 */
 @Bean
 public FilterRegistrationBean singleSignOutFilter(){
 FilterRegistrationBean registrationBean = new FilterRegistrationBean();
 registrationBean.setFilter(new SingleSignOutFilter());
 registrationBean.addUrlPatterns("/*");
 registrationBean.addInitParameter("casServerUrlPrefix", CAS_URL );
 registrationBean.setName("CAS Single Sign Out Filter");
 registrationBean.setOrder(2);
 return registrationBean;
 }
 /**
 * 单点登录认证
 * @return
 */
 @Bean
 public FilterRegistrationBean AuthenticationFilter(){
 FilterRegistrationBean registrationBean = new FilterRegistrationBean();
 registrationBean.setFilter(new AuthenticationFilter());
 registrationBean.addUrlPatterns("/*");
 registrationBean.setName("CAS Filter");
 registrationBean.addInitParameter("casServerLoginUrl",CAS_URL);
 registrationBean.addInitParameter("serverName", APP_URL );
 registrationBean.setOrder(3);
 return registrationBean;
 }

 /**
 * Ticket的校验工作
 * @return
 */
 @Bean
 public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter(){
 FilterRegistrationBean registrationBean = new FilterRegistrationBean();
 registrationBean.setFilter(new Cas20ProxyReceivingTicketValidationFilter());
 registrationBean.addUrlPatterns("/*");
 registrationBean.setName("CAS Validation Filter");
 registrationBean.addInitParameter("casServerUrlPrefix", CAS_URL );
 registrationBean.addInitParameter("serverName", APP_URL );
 registrationBean.addInitParameter("acceptAnyProxy","true");
 registrationBean.addInitParameter("proxyReceptorUrl","/proxyCallback");
 registrationBean.addInitParameter("proxyCallbackUrl",APP_URL+"/proxyCallback");

 registrationBean.setOrder(4);
 return registrationBean;
 }
 /**
 * 单点登录请求包装
 * @return
 */
 @Bean
 public FilterRegistrationBean httpServletRequestWrapperFilter(){
 FilterRegistrationBean registrationBean = new FilterRegistrationBean();
 registrationBean.setFilter(new HttpServletRequestWrapperFilter());
 registrationBean.addUrlPatterns("/*");
 registrationBean.setName("CAS HttpServletRequest Wrapper Filter");
 registrationBean.setOrder(5);
 return registrationBean;
 }

 @Bean
 public FilterRegistrationBean assertionThreadLocalFilter(){
 FilterRegistrationBean registrationBean = new FilterRegistrationBean();
 registrationBean.setFilter(new AssertionThreadLocalFilter());
 registrationBean.addUrlPatterns("/*");
 registrationBean.setName("CAS Assertion Thread Local Filter");
 registrationBean.setOrder(6);
 return registrationBean;
 }

}

Controller 退出方法存在问题 还在调整

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

/**
 *
 */
@RestController
@Controller
public class DemoController {

    Logger logger =  LoggerFactory.getLogger(DemoController.class);

    @Value("${cas.server-url}")
    private   String CAS_URL;
    //进入系统首页方法,如果没有登录,会跳转到CAS统一登录页面,登录成功后会回调该方法。

    //登出
    @RequestMapping("/logout")
    public void logout(HttpSession session, HttpServletResponse response) throws IOException {
        session.invalidate();
        response.sendRedirect("http://localhost:7000/cas/logout?service=http://localhost:7001/result");
//        return "redirect:"+CAS_URL+"/logout?service="+CAS_URL;
//        return "redirect:http://localhost:7000/cas/logout?service=http://localhost:7001/result";
//        return "redirect:http://localhost:7000/cas/logout";
//        return "redirect:https://sso.cnhuashao.com/sso/logout?service=http://localhost:8080/index";
    }

    @GetMapping("/result")
    public Map<String,String> casLogout(){

        Map<String,String> result = new HashMap<>();
        result.put("a","a");
        return result;
    }

    @RequestMapping("/login")
//    @ResponseBody
    public Map<String,String> string(HttpServletRequest httpServletRequest){

//        logger.info("user:{}",httpServletRequest.getSession().getAttribute("loginName"));
        String loginUser = (String) httpServletRequest.getSession().getAttribute("loginName");
        Map<String,String> map = new HashMap<>();
        map.put("ss","sss");
        map.put("loginUser",loginUser);
        return map;
    }
}

 

参考文章:

Cas服务端部署

 https://blog.csdn.net/weixin_44543307/article/details/117928781

简单搭建CAS和测试认证

https://blog.csdn.net/withoutfear/article/details/115343559

 spring boot 集成cas

https://www.jianshu.com/p/2b784d06033d

posted @ 2022-07-09 10:11  铁锅炖猫  阅读(1617)  评论(0编辑  收藏  举报