spring boot整合CAS Client实现单点登陆验证的示例
本文介绍了springboot整合CASClient实现单点登陆验证的示例,分享给大家,也给自己留个笔记,具体如下:
单点登录(SingleSign-On,简称SSO)是目前比较流行的服务于企业业务整合的解决方案之一,SSO使得在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。
CASClient
负责处理对客户端受保护资源的访问请求,需要对请求方进行身份认证时,重定向到CASServer进行认证。(原则上,客户端应用不再接受任何的用户名密码等Credentials)。
实现方式一:使用第三方的starter
1、依赖的jar
net.unicon.cas cas-client-autoconfig-support 1.4.0-GA
2、增加配置文件
cas.server-url-prefix=http://127.0.0.1 cas.server-login-url=http://127.0.0.1/login cas.client-host-url=http://192.26.4.28:8080 cas.validation-type=CAS
3、开启CASClient支持
@SpringBootApplication
@ComponentScan(basePackages={"com.chhliu.emailservice"})
@EnableCasClient//开启CAS支持
publicclassApplicationextendsSpringBootServletInitializer{
publicstaticvoidmain(String[]args){
SpringApplication.run(Application.class,args);
}
}
通过上面的3步,就可以完成CAS的客户端认证了!
4、扩展
cas.validation-type目前支持3中方式:1、CAS;2、CAS3;3、SAML
其他可用的配置如下:
cas.authentication-url-patterns cas.validation-url-patterns cas.request-wrapper-url-patterns cas.assertion-thread-local-url-patterns cas.gateway cas.use-session cas.redirect-after-validation cas.allowed-proxy-chains cas.proxy-callback-url cas.proxy-receptor-url cas.accept-any-proxy server.context-parameters.renew
具体的含义从名字上就可以很清楚的看出来。
实现方式二:手动配置
我们原来使用CASClient,需要在web.xml中做如下配置:
authenticationFilter org.jasig.cas.client.authentication.AuthenticationFilter casServerLoginUrl http://127.0.0.1/login serverName http://192.26.4.28:8080 authenticationFilter /* validationFilter org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter casServerUrlPrefix http://127.0.0.1 serverName http://192.26.4.28:8080 validationFilter /* httpServletRequestWrapperFilter org.jasig.cas.client.util.HttpServletRequestWrapperFilter httpServletRequestWrapperFilter /*
所以,我们手动配置的时候,需要手动配置上面xml中对应的Filter,代码如下:
@Configuration
@Component
publicclassCasConfigure{
@Bean
publicFilterRegistrationBeanauthenticationFilterRegistrationBean(){
FilterRegistrationBeanauthenticationFilter=newFilterRegistrationBean();
authenticationFilter.setFilter(newAuthenticationFilter());
MapinitParameters=newHashMap();
initParameters.put("casServerLoginUrl","http://127.0.0.1/login");
initParameters.put("serverName","http://192.26.4.28:8080");
authenticationFilter.setInitParameters(initParameters);
authenticationFilter.setOrder(2);
ListurlPatterns=newArrayList();
urlPatterns.add("/*");//设置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
returnauthenticationFilter;
}
@Bean
publicFilterRegistrationBeanValidationFilterRegistrationBean(){
FilterRegistrationBeanauthenticationFilter=newFilterRegistrationBean();
authenticationFilter.setFilter(newCas20ProxyReceivingTicketValidationFilter());
MapinitParameters=newHashMap();
initParameters.put("casServerUrlPrefix","http://127.0.0.1");
initParameters.put("serverName","http://192.26.4.28:8080");
authenticationFilter.setInitParameters(initParameters);
authenticationFilter.setOrder(1);
ListurlPatterns=newArrayList();
urlPatterns.add("/*");//设置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
returnauthenticationFilter;
}
@Bean
publicFilterRegistrationBeancasHttpServletRequestWrapperFilter(){
FilterRegistrationBeanauthenticationFilter=newFilterRegistrationBean();
authenticationFilter.setFilter(newHttpServletRequestWrapperFilter());
authenticationFilter.setOrder(3);
ListurlPatterns=newArrayList();
urlPatterns.add("/*");//设置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
returnauthenticationFilter;
}
@Bean
publicFilterRegistrationBeancasAssertionThreadLocalFilter(){
FilterRegistrationBeanauthenticationFilter=newFilterRegistrationBean();
authenticationFilter.setFilter(newAssertionThreadLocalFilter());
authenticationFilter.setOrder(4);
ListurlPatterns=newArrayList();
urlPatterns.add("/*");//设置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
returnauthenticationFilter;
}
}
通过上面的配置,也可以完成CASClient的认证
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持毛票票。