1.概念
首先我们来说一下CAS,CAS全称为Central Authentication Service即中央认证服务,是一个企业多语言单点登录的解决方案,并努力去成为一个身份验证和授权需求的综合平台。
2.流程图
Service ticket(ST) :服务票据,服务的惟一标识码 , 由 CAS Server 发出( Http 传送),通过客户端浏览器到达业务服务器端;一个特定的服务只能有一个惟一的 ST ;
3.实现
3.1导入依赖
XML
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-support-springboot</artifactId>
<version>3.6.3</version>
</dependency>3.2 写入cas集成配置类
java
/**
* CAS集成核心配置类
*/
@Configuration
@Slf4j
@ConditionalOnProperty(value = "cas.loginType", havingValue = "cas")
public class CasFilterConfig {
/**
* 需要走cas拦截的地址(/* 所有地址都拦截)
*/
@Value("${cas.urlPattern:/login}")
private String filterUrl;
/**
* 默认的cas地址,防止通过 配置信息获取不到
*/
@Value("${cas.server-url-prefix:https://ip/cas}")
private String casServerUrl;
/**
* 认证地址(这个地址需要在cas服务端进行配置)
*/
@Value("${cas.authentication-url-patterns:https://ip/cas}")
private String authenticationUrl;
/**
* 应用访问地址(这个地址需要在cas服务端进行配置)
*/
@Value("${cas.client-host-url:http://ip:端口/路径}")
private String appServerUrl;
@Bean
public ServletListenerRegistrationBean servletListenerRegistrationBean() {
log.info(" \n cas 单点登录配置 \n appServerUrl = " + appServerUrl + "\n casServerUrl = " + casServerUrl);
log.info(" servletListenerRegistrationBean ");
ServletListenerRegistrationBean listenerRegistrationBean = new ServletListenerRegistrationBean();
listenerRegistrationBean.setListener(new SingleSignOutHttpSessionListener());
listenerRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
return listenerRegistrationBean;
}
/**
* 单点登录退出
*
* @return
*/
@Bean
public FilterRegistrationBean singleSignOutFilter() {
log.info(" servletListenerRegistrationBean ");
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new SingleSignOutFilter());
registrationBean.addUrlPatterns(filterUrl);
registrationBean.addInitParameter("casServerUrlPrefix", casServerUrl);
registrationBean.setName("CAS Single Sign Out Filter");
registrationBean.setOrder(1);
return registrationBean;
}
/**
* 单点登录认证
*
* @return
*/
@Bean
public FilterRegistrationBean AuthenticationFilter() {
log.info(" AuthenticationFilter ");
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new AuthenticationFilter());
registrationBean.addUrlPatterns(filterUrl);
registrationBean.setName("CAS Filter");
registrationBean.addInitParameter("casServerLoginUrl", casServerUrl);
registrationBean.addInitParameter("serverName", appServerUrl);
registrationBean.setOrder(1);
return registrationBean;
}
/**
* 单点登录校验
*
* @return
*/
@Bean
public FilterRegistrationBean Cas30ProxyReceivingTicketValidationFilter() {
log.info(" Cas30ProxyReceivingTicketValidationFilter ");
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new Cas30ProxyReceivingTicketValidationFilter());
registrationBean.addUrlPatterns(filterUrl);
registrationBean.setName("CAS Validation Filter");
registrationBean.addInitParameter("casServerUrlPrefix", authenticationUrl);
registrationBean.addInitParameter("serverName", appServerUrl);
registrationBean.setOrder(1);
return registrationBean;
}
/**
* 单点登录请求包装
*
* @return
*/
@Bean
public FilterRegistrationBean httpServletRequestWrapperFilter() {
log.info(" httpServletRequestWrapperFilter ");
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new HttpServletRequestWrapperFilter());
registrationBean.addUrlPatterns(filterUrl);
registrationBean.setName("CAS HttpServletRequest Wrapper Filter");
registrationBean.setOrder(1);
return registrationBean;
}
}3.3 再配置文件中撰写配置
XML
cas.loginType=cas
#需要走cas拦截的地址
cas.urlPattern=/login
#cas服务端的地址
cas.server-url-prefix=https://ip/cas
#客户端访问地址
cas.client-host-url=http://ip:端口/路径
cas.authentication-url-patterns=https://ip/cas3.4 撰写工具类
java
/**
* 使用cas对接封装的cas返回的用户信息的对象
*/
public class CasUtil {
private static final Logger LOGGER = LoggerFactory.getLogger(CasUtil.class);
/**
* cas client 默认的session key
*/
public final static String CAS = "_const_cas_assertion_";
/**
* 封装CasUserInfo
*
* @param request
* @return
*/
public static CasUserInfo getCasUserInfoFromCas(HttpServletRequest request) {
Object object = request.getSession().getAttribute(CAS);
if (null == object) {
return null;
}
Assertion assertion = (Assertion) object;
return buildCasUserInfoByCas(assertion);
}
/**
* 构建CasUserInfo
*
* @param assertion
* @return
*/
private static CasUserInfo buildCasUserInfoByCas(Assertion assertion) {
if (null == assertion) {
LOGGER.error(" Cas没有获取到用户 ");
return null;
}
CasUserInfo casUserInfo = new CasUserInfo();
String userName = assertion.getPrincipal().getName();
LOGGER.info(" cas对接登录用户= " + userName);
casUserInfo.setUserAccount(userName);
//获取属性值
Map<String, Object> attributes = assertion.getPrincipal().getAttributes();
Object name = attributes.get("cn");
casUserInfo.setUserName(name == null ? userName : name.toString());
casUserInfo.setAttributes(attributes);
return casUserInfo;
}
}