修改nginx
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location /api/ {
proxy_pass http://127.0.0.1:9001/; # 后端
}
location / {
proxy_pass http://127.0.0.1:3000/; # 前端
}
}
}
改写redirect返回401
java
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import org.jasig.cas.client.authentication.AuthenticationRedirectStrategy;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
/**
* <p>Title: </p>
* <p>Description: CAS统一身份认证集成配置,session过期或未认证时返回结果处理</p>
* <p>Copyright: Copyright (c) 2023</p>
* <p>Company: </p>
*
* @author yanfh
* @version 1.0
* @date 2023/4/14 10:11
*/
@Component
public class CustomAuthRedirectStrategy implements AuthenticationRedirectStrategy {
/**
* 重定向策略,由原来自动跳转url,改为返回json
*
* @param httpServletRequest request请求
* @param httpServletResponse response请求
* @param potentialRedirectUrl 重定向URL
* @throws IOException IO异常
*/
@Override
public void redirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String potentialRedirectUrl) throws IOException {
httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
httpServletResponse.setHeader("content-type", "text/html;charset=UTF-8");
httpServletResponse.setCharacterEncoding("UTF-8");
PrintWriter out = httpServletResponse.getWriter();
ObjectMapper om = new ObjectMapper();
ObjectNode node = om.createObjectNode();
node.put("code", HttpStatus.UNAUTHORIZED.value());
node.put("message", "Unauthorized");
out.write(om.writeValueAsString(node));
}
}cas 配置忽略拦截
java
@Bean
public FilterRegistrationBean filterAuthenticationRegistration() {
final FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new AuthenticationFilter());
// 设定匹配的路径
registration.addUrlPatterns("/*");
Map<String, String> initParameters = new HashMap<String, String>();
initParameters.put("casServerLoginUrl", serverLoginUrl);
initParameters.put("serverName", clientHostUrl);
if (ignorePattern != null && !"".equals(ignorePattern)) {
initParameters.put("ignorePattern", ignorePattern);
}
//自定义UrlPatternMatcherStrategy 验证规则
if (ignoreUrlPatternType != null && !"".equals(ignoreUrlPatternType)) {
initParameters.put("ignoreUrlPatternType", ignoreUrlPatternType);
}
initParameters.put("authenticationRedirectStrategyClass", CustomAuthRedirectStrategy.class.getName());
registration.setInitParameters(initParameters);
// 设定加载的顺序
registration.setOrder(2);
return registration;
}前端请求后端接口判断是否返回401,若返回401,手动拼接认证地址跳转window.location.href='http://CAS服务端/cas/login?service='+encodeURIComponent('http://后端/api/login'),由后端 response.sendRedirect("http://前端页面")
java
@GetMapping("/login")
public void casRedirect(HttpServletRequest request, HttpServletResponse response) {
try {
response.sendRedirect(clientUrl);
} catch (java.io.IOException e) {
throw new RuntimeException(e);
}
}