溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
怎么在spring boot中利用CAS Client實現單點登陸驗證?很多新手對此不是很清楚,為了幫助大家解決這個難題,下面小編將為大家詳細講解,有這方面需求的人可以來學習下,希望你能有所收獲。
CAS Client
負責處理對客戶端受保護資源的訪問請求,需要對請求方進行身份認證時,重定向到 CAS Server 進行認證。(原則上,客戶端應用不再接受任何的用戶名密碼等 Credentials )。
實現方式一:使用第三方的starter
1、依賴的jar
<dependency> <groupId>net.unicon.cas</groupId> <artifactId>cas-client-autoconfig-support</artifactId> <version>1.4.0-GA</version> </dependency>
2、增加配置文件
cas.server-url-prefix=http://127.0.0.1 cas.server-login-url=http://127.0.0.1/login cas.client-host-url=http://192.26.4.28:8080 cas.validation-type=CAS
3、開啟CAS Client支持
@SpringBootApplication
@ComponentScan(basePackages={"com.chhliu.emailservice"})
@EnableCasClient // 開啟CAS支持
public class Application extends SpringBootServletInitializer{
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}通過上面的3步,就可以完成CAS的客戶端認證了!
4、擴展
cas.validation-type目前支持3中方式:1、CAS;2、CAS3;3、SAML
其他可用的配置如下:
cas.authentication-url-patterns cas.validation-url-patterns cas.request-wrapper-url-patterns cas.assertion-thread-local-url-patterns cas.gateway cas.use-session cas.redirect-after-validation cas.allowed-proxy-chains cas.proxy-callback-url cas.proxy-receptor-url cas.accept-any-proxy server.context-parameters.renew
具體的含義從名字上就可以很清楚的看出來。
實現方式二:手動配置
我們原來使用CAS Client,需要在web.xml中做如下配置:
<filter> <filter-name>authenticationFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://127.0.0.1/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://192.26.4.28:8080</param-value> </init-param> </filter> <filter-mapping> <filter-name>authenticationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 該過濾器負責對Ticket的校驗工作,必須啟用它 --> <filter> <filter-name>validationFilter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://127.0.0.1</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://192.26.4.28:8080</param-value> </init-param> <!-- <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>useSession</param-name> <param-value>true</param-value> </init-param> --> </filter> <filter-mapping> <filter-name>validationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 該過濾器負責實現HttpServletRequest請求的包裹, 比如允許開發者通過HttpServletRequest的getRemoteUser()方法獲得SSO登錄用戶的登錄名,可選配置。 --> <filter> <filter-name>httpServletRequestWrapperFilter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>httpServletRequestWrapperFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
所以,我們手動配置的時候,需要手動配置上面xml中對應的Filter,代碼如下:
@Configuration
@Component
public class CasConfigure {
@Bean
public FilterRegistrationBean authenticationFilterRegistrationBean() {
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new AuthenticationFilter());
Map<String, String> initParameters = new HashMap<String, String>();
initParameters.put("casServerLoginUrl", "http://127.0.0.1/login");
initParameters.put("serverName", "http://192.26.4.28:8080");
authenticationFilter.setInitParameters(initParameters);
authenticationFilter.setOrder(2);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 設置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
@Bean
public FilterRegistrationBean ValidationFilterRegistrationBean(){
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new Cas20ProxyReceivingTicketValidationFilter());
Map<String, String> initParameters = new HashMap<String, String>();
initParameters.put("casServerUrlPrefix", "http://127.0.0.1");
initParameters.put("serverName", "http://192.26.4.28:8080");
authenticationFilter.setInitParameters(initParameters);
authenticationFilter.setOrder(1);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 設置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
@Bean
public FilterRegistrationBean casHttpServletRequestWrapperFilter(){
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new HttpServletRequestWrapperFilter());
authenticationFilter.setOrder(3);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 設置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
@Bean
public FilterRegistrationBean casAssertionThreadLocalFilter(){
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new AssertionThreadLocalFilter());
authenticationFilter.setOrder(4);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 設置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
}看完上述內容是否對您有幫助呢?如果還想對相關知識有進一步的了解或閱讀更多相關文章,請關注億速云行業資訊頻道,感謝您對億速云的支持。
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
