1.cas server 搭建
请参考网上cas server安装部署
2.cas server 支持http协议
到 cas-overlay-template目录下,将target目录下的cas.war放到tomcat webapps下启动
打开解压后的cas
到/WEB-INF/classes/services里找到
HTTPSandIMAPS-10000001.json
编辑
HTTPSandIMAPS-10000001.json,serviceId中加入http协议
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|http|imaps)://.*",
"name" : "HTTPS and IMAPS",
"id" : 10000001,
"description" : "This service definition authorizes all application urls that support HTTPS and IMAPS protocols.",
"evaluationOrder" : 10000
}到/WEB-INF/classes里找到application.properties
编辑application.properties 在末尾加入以下两行配置
cas.tgc.secure=false
cas.serviceRegistry.initFromJson=true
重启tomcat
浏览器访问
http://localhost:8080/cas/login,可以正常访问即可
3.spring boot + spring security + cas整合
1. 创建项目
- 使用idea创建项目
file -> new -> Project -> Spring Initializr -> next依赖Spring Web 和 Spring Security点击 next ,finish - 引入cas client 依赖
pom.xml 加入cas的依赖
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
</dependency>- 添加一个controller IndexController.java
package com.cas.demo;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class IndexController {
@RequestMapping("/")
public String index(){
return "cas test";
}
}- application.properties配置端口为16001
server.port=16001
- 运行demo
查看控制台日志,copy随机生成的密码Using generated security password:9e58649d-a5dd-42d9-abbf-e285d3a3b7a3浏览器访问http://localhost:16001/会跳到登录界面使用用户名:user 密码:9e58649d-a5dd-42d9-abbf-e285d3a3b7a3进行登录,会看到浏览器输出cas test - 对接cas
- 新建SecurityConfiguration.java 继承WebSecurityConfigurerAdapter
代码如下
package com.cas.demo;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("userDetailsService")
private UserDetailsService userDetailsService;
@Bean
public ServiceProperties serviceProperties() {
ServiceProperties serviceProperties = new ServiceProperties();
//TODO: 读配置
serviceProperties.setService("http://localhost:16001/login/cas");
serviceProperties.setSendRenew(false);
return serviceProperties;
}
@Bean
public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
//TODO: 改成读配置
casAuthenticationEntryPoint.setLoginUrl("http://localhost:8080/cas/login");
casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
return casAuthenticationEntryPoint;
}
@Bean
public UserDetailsByNameServiceWrapper userDetailsByNameServiceWrapper() {
UserDetailsByNameServiceWrapper userDetailsByNameServiceWrapper = new UserDetailsByNameServiceWrapper();
userDetailsByNameServiceWrapper.setUserDetailsService(userDetailsService);
return userDetailsByNameServiceWrapper;
}
@Bean
public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
//TODO: 读配置
Cas20ServiceTicketValidator cas20ServiceTicketValidator = new Cas20ServiceTicketValidator(
"http://localhost:8080/cas");
return cas20ServiceTicketValidator;
}
@Bean
public CasAuthenticationProvider casAuthenticationProvider() {
CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
casAuthenticationProvider
.setAuthenticationUserDetailsService(userDetailsByNameServiceWrapper());
casAuthenticationProvider.setServiceProperties(serviceProperties());
casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
casAuthenticationProvider.setKey("an_id_for_this_auth_provider_only");
return casAuthenticationProvider;
}
@Bean
public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
casAuthenticationFilter.setAuthenticationManager(authenticationManager());
return casAuthenticationFilter;
}
@Bean
public LogoutFilter casLogoutFilter() {
//TODO: 读配置
LogoutFilter logoutFilter = new LogoutFilter(
"http://localhost:8080/cas/logout?service=http://localhost:8080/cas/login",
new SecurityContextLogoutHandler());
//与上面的url是映射关系,可配成其他的
logoutFilter.setFilterProcessesUrl("/logout/cas");
return logoutFilter;
}
@Bean
public SingleSignOutFilter singleSignOutFilter() {
SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
singleSignOutFilter.setIgnoreInitConfiguration(true);
return singleSignOutFilter;
}
@Override
public void configure(WebSecurity web) {
web.ignoring()
.antMatchers(HttpMethod.OPTIONS, "/**")
.antMatchers("/app/**/*.{js,html}")
.antMatchers("/i18n/**")
.antMatchers("/content/**")
.antMatchers("/swagger-ui/index.html")
.antMatchers("/test/**");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
auth.authenticationProvider(casAuthenticationProvider());
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/**").hasAuthority("ROLE_USER")
.and().exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint())
.and()
.addFilterAt(casAuthenticationFilter(), CasAuthenticationFilter.class)
.addFilterBefore(casLogoutFilter(), LogoutFilter.class)
.addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class);
}
}
- 添加DomainUserDetailsService.java 实现 UserDetailsService.java的loadUserByUsername方法
代码如下
package com.cas.demo;
import java.util.ArrayList;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
@Component("userDetailsService")
public class DomainUserDetailsService implements UserDetailsService {
private final Logger log = LoggerFactory.getLogger(DomainUserDetailsService.class);
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
log.info("经过认证类:{}", username);
List<GrantedAuthority> authorities = new ArrayList();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
return new User(username, "", authorities);
}
}
- 重启demo,tomcat运行cas
浏览器访问http://localhost:16001/会跳转到cas登录界面,用 用户名:casuser 密码:Mellon登录登录后,会跳转回demo应用,界面显示cas test 则对接成功
内容出处:,
声明:本网站所收集的部分公开资料来源于互联网,转载的目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。如果您发现网站上有侵犯您的知识产权的作品,请与我们取得联系,我们会及时修改或删除。文章链接:http://www.yixao.com/procedure/28268.html
赞 (0)
打赏
微信扫一扫
支付宝扫一扫
微信扫一扫
支付宝扫一扫
短视频流量变现 高转化白菜流赚钱法
上一篇
2021-08-31 06:51
ApiPost:利用CryptoJS对请求参数进行MD5/AES加密解密
下一篇
2021-09-01 07:19
相关推荐
-
如何使用原生方法来替代jQuery的常用方法
今天在逛Github时无意间发现一个仓库《You Dont Need jQuery》。打开来看,发现很有意思!而且作者列举了很多jQuery常用的方法以及原生实现,因此这篇文章将以…
-
用Pytest+Allure生成漂亮的HTML图形化测试报告
对于软件测试来说,测试报告是非常重要的工作产出。一个漂亮、清晰、格式规范的测试报告,能够减少开发人员和测试人员的沟通成本。 本篇文章将介绍如何使用开源的测试报告生成框架 Allur…
-
用Vue和Electron构建Markdown预览器
开发人员必须适应的最新趋势是为多个操作系统编写一个代码库。 Electron是一个JavaScript框架,它可以让你用简单的JavaScript和HTML创建桌面应用程序,并将网…
-
阿里巴巴Excel读写组件EasyExcel入门实践
前言 最近在开发一个运营端的系统,而运营端系统,经常有数据通过Excel文件上传、导出的功能,也就是涉及到Excel文件的读写操作。 我们都知道,在Java开发中,Excel相关的…
-
Python读取配置文件模块ConfigParser
一、ConfigParser模块简介 假设有如下配置文件,需要在Pyhton程序中读取 $ cat config.ini [db] db_port = 3306 db_user =…
-
前端设计大佬自己写了vue支付密码效果
从网上搜索了好多都很麻烦,花了点事件自己做了个,简单轻便,老少皆宜 。 <template> <section class=”pay-mask” @…
-
QRCanvas–基于canvas的JavaScript 二维码生成工具
介绍 在我们日常的开发中,特别是在现代的社会环境下,二维码的应用可谓是丰富多彩,各种各样让人眼花缭乱的二维码,可见二维码已经渗透进我们生活的方方面面,也可以说目二维码确确实实方便了…
-
网页web防扒技术合集
1.禁用浏览器右键菜单 document.oncontextmenu = new Function(“return false;”); 2.监听键盘事件 function mAle…
-
MySQL读写分离的方法
前言 这篇我们来说说基于Mycat实现读写分离,实现的相关技术还有sharding-sphere、TDDL等,技术解决的问题都是一致的,技术之间思想基本相同,所以我们只需要发现…
-
Vue前端开发之表单封装
效果图片 动态表单和子表单 upholdjx/tao-form 简介: 基于 Vue 和 ElementUI 构建的form表单和子表单动态构建,具有动态渲染,参数校验,数据双向绑…
