1.cas server 搭建
请参考网上cas server安装部署
2.cas server 支持http协议
到 cas-overlay-template目录下,将target目录下的cas.war放到tomcat webapps下启动
打开解压后的cas
到/WEB-INF/classes/services里找到
HTTPSandIMAPS-10000001.json
编辑
HTTPSandIMAPS-10000001.json,serviceId中加入http协议
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|http|imaps)://.*",
"name" : "HTTPS and IMAPS",
"id" : 10000001,
"description" : "This service definition authorizes all application urls that support HTTPS and IMAPS protocols.",
"evaluationOrder" : 10000
}到/WEB-INF/classes里找到application.properties
编辑application.properties 在末尾加入以下两行配置
cas.tgc.secure=false
cas.serviceRegistry.initFromJson=true
重启tomcat
浏览器访问
http://localhost:8080/cas/login,可以正常访问即可
3.spring boot + spring security + cas整合
1. 创建项目
- 使用idea创建项目
file -> new -> Project -> Spring Initializr -> next依赖Spring Web 和 Spring Security点击 next ,finish - 引入cas client 依赖
pom.xml 加入cas的依赖
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
</dependency>- 添加一个controller IndexController.java
package com.cas.demo;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class IndexController {
@RequestMapping("/")
public String index(){
return "cas test";
}
}- application.properties配置端口为16001
server.port=16001
- 运行demo
查看控制台日志,copy随机生成的密码Using generated security password:9e58649d-a5dd-42d9-abbf-e285d3a3b7a3浏览器访问http://localhost:16001/会跳到登录界面使用用户名:user 密码:9e58649d-a5dd-42d9-abbf-e285d3a3b7a3进行登录,会看到浏览器输出cas test - 对接cas
- 新建SecurityConfiguration.java 继承WebSecurityConfigurerAdapter
代码如下
package com.cas.demo;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("userDetailsService")
private UserDetailsService userDetailsService;
@Bean
public ServiceProperties serviceProperties() {
ServiceProperties serviceProperties = new ServiceProperties();
//TODO: 读配置
serviceProperties.setService("http://localhost:16001/login/cas");
serviceProperties.setSendRenew(false);
return serviceProperties;
}
@Bean
public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
//TODO: 改成读配置
casAuthenticationEntryPoint.setLoginUrl("http://localhost:8080/cas/login");
casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
return casAuthenticationEntryPoint;
}
@Bean
public UserDetailsByNameServiceWrapper userDetailsByNameServiceWrapper() {
UserDetailsByNameServiceWrapper userDetailsByNameServiceWrapper = new UserDetailsByNameServiceWrapper();
userDetailsByNameServiceWrapper.setUserDetailsService(userDetailsService);
return userDetailsByNameServiceWrapper;
}
@Bean
public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
//TODO: 读配置
Cas20ServiceTicketValidator cas20ServiceTicketValidator = new Cas20ServiceTicketValidator(
"http://localhost:8080/cas");
return cas20ServiceTicketValidator;
}
@Bean
public CasAuthenticationProvider casAuthenticationProvider() {
CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
casAuthenticationProvider
.setAuthenticationUserDetailsService(userDetailsByNameServiceWrapper());
casAuthenticationProvider.setServiceProperties(serviceProperties());
casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
casAuthenticationProvider.setKey("an_id_for_this_auth_provider_only");
return casAuthenticationProvider;
}
@Bean
public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
casAuthenticationFilter.setAuthenticationManager(authenticationManager());
return casAuthenticationFilter;
}
@Bean
public LogoutFilter casLogoutFilter() {
//TODO: 读配置
LogoutFilter logoutFilter = new LogoutFilter(
"http://localhost:8080/cas/logout?service=http://localhost:8080/cas/login",
new SecurityContextLogoutHandler());
//与上面的url是映射关系,可配成其他的
logoutFilter.setFilterProcessesUrl("/logout/cas");
return logoutFilter;
}
@Bean
public SingleSignOutFilter singleSignOutFilter() {
SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
singleSignOutFilter.setIgnoreInitConfiguration(true);
return singleSignOutFilter;
}
@Override
public void configure(WebSecurity web) {
web.ignoring()
.antMatchers(HttpMethod.OPTIONS, "/**")
.antMatchers("/app/**/*.{js,html}")
.antMatchers("/i18n/**")
.antMatchers("/content/**")
.antMatchers("/swagger-ui/index.html")
.antMatchers("/test/**");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
auth.authenticationProvider(casAuthenticationProvider());
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/**").hasAuthority("ROLE_USER")
.and().exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint())
.and()
.addFilterAt(casAuthenticationFilter(), CasAuthenticationFilter.class)
.addFilterBefore(casLogoutFilter(), LogoutFilter.class)
.addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class);
}
}
- 添加DomainUserDetailsService.java 实现 UserDetailsService.java的loadUserByUsername方法
代码如下
package com.cas.demo;
import java.util.ArrayList;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
@Component("userDetailsService")
public class DomainUserDetailsService implements UserDetailsService {
private final Logger log = LoggerFactory.getLogger(DomainUserDetailsService.class);
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
log.info("经过认证类:{}", username);
List<GrantedAuthority> authorities = new ArrayList();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
return new User(username, "", authorities);
}
}
- 重启demo,tomcat运行cas
浏览器访问http://localhost:16001/会跳转到cas登录界面,用 用户名:casuser 密码:Mellon登录登录后,会跳转回demo应用,界面显示cas test 则对接成功
内容出处:,
声明:本网站所收集的部分公开资料来源于互联网,转载的目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。如果您发现网站上有侵犯您的知识产权的作品,请与我们取得联系,我们会及时修改或删除。文章链接:http://www.yixao.com/procedure/28268.html
赞 (0)
打赏
微信扫一扫
支付宝扫一扫
微信扫一扫
支付宝扫一扫
短视频流量变现 高转化白菜流赚钱法
上一篇
2021-08-31 06:51
ApiPost:利用CryptoJS对请求参数进行MD5/AES加密解密
下一篇
2021-09-01 07:19
相关推荐
-
wordpress商城网站添加支付宝收钱功能方法
1,WordPress网站最大的好处就是可以利用插件直接达成想要的效果,想要给网站配置支付宝微信收钱功能,好一佳也是使用插件功能来实现这个目的,在WordPress网站后台,有个插…
-
常用的JS代码片段,每段代码花30秒就能看懂
JavaScript 是目前最流行的编程语言之一,正如大多数人所说:“如果你想学一门编程语言,请学JavaScript。” FreeCodeCamp的创始人 Quincy Lars…
-
ThinkPHP5 5.0.23 远程代码执行漏洞
0x00背景 ThinkPHP诞生于2006年,是一个国产开源的PHP开发框架,其借鉴了Struts框架的Action对象,同时也使用面向对象的开发结构和MVC模式。ThinkPH…
-
Linux实现MYSQl数据库的定时备份
今天给大家分享一下如何在Linux下实现MYSQl数据库的定时备份。 前提需要保证你的Linux服务器已经安装了MYSQl数据库服务。 1、创建shell脚本 vim backup…
-
一个计算我妻子是否怀孕的贝叶斯模型
在2015年的二月21日,我的妻子已经33天没有来月经了,她怀孕了,这真是天大的好消息!通常月经的周期是大约一个月,如果你们夫妇打算怀孕,那么月经没来或许是一个好消息。但是33天,…
-
Elasticsearch分页查询四种解决方案与原理
1、from + size 浅分页 常用的分页查询根据from+size语句如下: GET /my_index/my_type/_search { “query”: { “matc…
-
Selenium Cookie跨域详解
实际上也不能说是严格意义的跨域,因为我们的跨域只针对同源策略中的部分情况,也就是在host为不同子域的情况,这类问题其实是比较常见的,在大型网站中使用到的单点登录等技术的情况下,我…
-
VSCode拓展推荐(前端开发)
一、拓展 名称 简述 Auto Close Tag 自动闭合HTML标签 Auto Import import提示 Auto Rename Tag 修改HTML标签时,自动修改匹配…
-
用Vue和Electron构建Markdown预览器
开发人员必须适应的最新趋势是为多个操作系统编写一个代码库。 Electron是一个JavaScript框架,它可以让你用简单的JavaScript和HTML创建桌面应用程序,并将网…
