16.玩转Spring Boot 使用Spring security 集成CAS

原创 2017年01月03日 22:38:47

玩转Spring Boot 使用Spring security 集成CAS


      在上一篇中说了Spring Boot 使用Spring security,在这一篇中将讲讲security 集成CAS,如果对CAS环境搭建不清楚的话,那么可以看我CAS的博文:
2.CAS环境搭建
3.CAS从数据库获取用户信息
4.CAS登录页面定制
5.CAS增加验证码
6.CAS增加Remember me
7.CAS自定义错误信息

1.创建工程

      创建Maven工程:springboot-security-cas

2.加入依赖

      创建工程后,打开pom.xml,在pom.xml中加入以下内容:
<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>1.4.3.RELEASE</version>
	</parent>
	<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
		<java.version>1.8</java.version>
	</properties>
	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>
		<!-- security starter Poms -->
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		</dependency>
		<!-- security 对CAS支持 -->
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-cas</artifactId>
		</dependency>
		<!-- security taglibs -->
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-taglibs</artifactId>
		</dependency>
		<!-- 热加载 -->
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-devtools</artifactId>
			<optional>true</optional>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-configuration-processor</artifactId>
			<optional>true</optional>
		</dependency>
	</dependencies>
	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>

3.创建application.properties

      创建application.properties文件,加入以下内容:
#CAS服务地址
cas.server.host.url=http://localhost:8081/cas
#CAS服务登录地址
cas.server.host.login_url=${cas.server.host.url}/login
#CAS服务登出地址
cas.server.host.logout_url=${cas.server.host.url}/logout?service=${app.server.host.url}
#应用访问地址
app.server.host.url=http://localhost:8080
#应用登录地址
app.login.url=/login
#应用登出地址
app.logout.url=/logout

4.创建入口启动类(MainConfig)

      创建入口启动类MainConfig,完整代码如下:
package com.chengli.springboot;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@SpringBootApplication
public class MainConfig {
	public static void main(String[] args) {
		SpringApplication.run(MainConfig.class, args);
	}

	@RequestMapping("/")
	public String index() {
		return "访问了首页哦";
	}

	@RequestMapping("/hello")
	public String hello() {
		return "不验证哦";
	}

	@PreAuthorize("hasAuthority('TEST')")//有TEST权限的才能访问
	@RequestMapping("/security")
	public String security() {
		return "hello world security";
	}

	@PreAuthorize("hasAuthority('ADMIN')")//必须要有ADMIN权限的才能访问
	@RequestMapping("/authorize")
	public String authorize() {
		return "有权限访问";
	}
	
	/**这里注意的是,TEST与ADMIN只是权限编码,可以自己定义一套规则,根据实际情况即可*/
}

5.创建Security配置类(SecurityConfig)

      创建Security配置类SecurityConfig,完整代码如下:
package com.chengli.springboot.security;

import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;

import com.chengli.springboot.custom.CustomUserDetailsService;
import com.chengli.springboot.properties.CasProperties;

@Configuration
@EnableWebSecurity //启用web权限
@EnableGlobalMethodSecurity(prePostEnabled = true) //启用方法验证
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	@Autowired
	private CasProperties casProperties;
	
	/**定义认证用户信息获取来源,密码校验规则等*/
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		super.configure(auth);
		auth.authenticationProvider(casAuthenticationProvider());
		//inMemoryAuthentication 从内存中获取
		//auth.inMemoryAuthentication().withUser("chengli").password("123456").roles("USER")
		//.and().withUser("admin").password("123456").roles("ADMIN");
		
		//jdbcAuthentication从数据库中获取,但是默认是以security提供的表结构
		//usersByUsernameQuery 指定查询用户SQL
		//authoritiesByUsernameQuery 指定查询权限SQL
		//auth.jdbcAuthentication().dataSource(dataSource).usersByUsernameQuery(query).authoritiesByUsernameQuery(query);
		
		//注入userDetailsService,需要实现userDetailsService接口
		//auth.userDetailsService(userDetailsService);
	}
	
	/**定义安全策略*/
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests()//配置安全策略
			//.antMatchers("/","/hello").permitAll()//定义/请求不需要验证
			.anyRequest().authenticated()//其余的所有请求都需要验证
			.and()
		.logout()
			.permitAll()//定义logout不需要验证
			.and()
		.formLogin();//使用form表单登录
		
		http.exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint())
			.and()
			.addFilter(casAuthenticationFilter())
			.addFilterBefore(casLogoutFilter(), LogoutFilter.class)
			.addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class);
		
		//http.csrf().disable(); //禁用CSRF
	}
	
	/**认证的入口*/
	@Bean
	public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
		CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
		casAuthenticationEntryPoint.setLoginUrl(casProperties.getCasServerLoginUrl());
		casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
		return casAuthenticationEntryPoint;
	}
	
	/**指定service相关信息*/
	@Bean
	public ServiceProperties serviceProperties() {
		ServiceProperties serviceProperties = new ServiceProperties();
		serviceProperties.setService(casProperties.getAppServerUrl() + casProperties.getAppLoginUrl());
		serviceProperties.setAuthenticateAllArtifacts(true);
		return serviceProperties;
	}
	
	/**CAS认证过滤器*/
	@Bean
	public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
		CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
		casAuthenticationFilter.setAuthenticationManager(authenticationManager());
		casAuthenticationFilter.setFilterProcessesUrl(casProperties.getAppLoginUrl());
		return casAuthenticationFilter;
	}
	
	/**cas 认证 Provider*/
	@Bean
	public CasAuthenticationProvider casAuthenticationProvider() {
		CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
		casAuthenticationProvider.setAuthenticationUserDetailsService(customUserDetailsService());
		//casAuthenticationProvider.setUserDetailsService(customUserDetailsService()); //这里只是接口类型,实现的接口不一样,都可以的。
		casAuthenticationProvider.setServiceProperties(serviceProperties());
		casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
		casAuthenticationProvider.setKey("casAuthenticationProviderKey");
		return casAuthenticationProvider;
	}
	
	/*@Bean
	public UserDetailsService customUserDetailsService(){
		return new CustomUserDetailsService();
	}*/
	
	/**用户自定义的AuthenticationUserDetailsService*/
	@Bean
	public AuthenticationUserDetailsService<CasAssertionAuthenticationToken> customUserDetailsService(){
		return new CustomUserDetailsService();
	}
	
	@Bean
	public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
		return new Cas20ServiceTicketValidator(casProperties.getCasServerUrl());
	}
	
	/**单点登出过滤器*/
	@Bean
	public SingleSignOutFilter singleSignOutFilter() {
		SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
		singleSignOutFilter.setCasServerUrlPrefix(casProperties.getCasServerUrl());
		singleSignOutFilter.setIgnoreInitConfiguration(true);
		return singleSignOutFilter;
	}
	
	/**请求单点退出过滤器*/
	@Bean
	public LogoutFilter casLogoutFilter() {
		LogoutFilter logoutFilter = new LogoutFilter(casProperties.getCasServerLogoutUrl(), new SecurityContextLogoutHandler());
		logoutFilter.setFilterProcessesUrl(casProperties.getAppLogoutUrl());
		return logoutFilter;
	}
}

6.用户自定义类

      (1)定义CasProperties,用于将properties文件指定的内容注入以方便使用,这里不注入也是可以的,可以获取Spring 当前的环境,代码如下:
package com.chengli.springboot.properties;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

/**
 * CAS的配置参数
 * @author ChengLi
 */
@Component
public class CasProperties {
	@Value("${cas.server.host.url}")
	private String casServerUrl;

	@Value("${cas.server.host.login_url}")
	private String casServerLoginUrl;

	@Value("${cas.server.host.logout_url}")
	private String casServerLogoutUrl;

	@Value("${app.server.host.url}")
	private String appServerUrl;

	@Value("${app.login.url}")
	private String appLoginUrl;

	@Value("${app.logout.url}")
	private String appLogoutUrl;
......省略 getters setters 方法
}

      (2)定义CustomUserDetailsService类,代码如下:
package com.chengli.springboot.custom;

import java.util.HashSet;
import java.util.Set;

import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/**
 * 用于加载用户信息 实现UserDetailsService接口,或者实现AuthenticationUserDetailsService接口
 * @author ChengLi
 *
 */
public class CustomUserDetailsService /*
	//实现UserDetailsService接口,实现loadUserByUsername方法
	implements UserDetailsService {
	@Override
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
		System.out.println("当前的用户名是:"+username);
		//这里我为了方便,就直接返回一个用户信息,实际当中这里修改为查询数据库或者调用服务什么的来获取用户信息
		UserInfo userInfo = new UserInfo();
		userInfo.setUsername("admin");
		userInfo.setName("admin");
		Set<AuthorityInfo> authorities = new HashSet<AuthorityInfo>();
		AuthorityInfo authorityInfo = new AuthorityInfo("TEST");
		authorities.add(authorityInfo);
		userInfo.setAuthorities(authorities);
		return userInfo;
	}*/
	
	
	//实现AuthenticationUserDetailsService,实现loadUserDetails方法
	implements AuthenticationUserDetailsService<CasAssertionAuthenticationToken> {

	@Override
	public UserDetails loadUserDetails(CasAssertionAuthenticationToken token) throws UsernameNotFoundException {
		System.out.println("当前的用户名是:"+token.getName());
		/*这里我为了方便,就直接返回一个用户信息,实际当中这里修改为查询数据库或者调用服务什么的来获取用户信息*/
		UserInfo userInfo = new UserInfo();
		userInfo.setUsername("admin");
		userInfo.setName("admin");
		Set<AuthorityInfo> authorities = new HashSet<AuthorityInfo>();
		AuthorityInfo authorityInfo = new AuthorityInfo("TEST");
		authorities.add(authorityInfo);
		userInfo.setAuthorities(authorities);
		return userInfo;
	}

}

      (3)定义AuthorityInfo类,用于加载当前登录用户的权限信息,实现GrantedAuthority接口,代码如下:
package com.chengli.springboot.custom;

import org.springframework.security.core.GrantedAuthority;

/**
 * 权限信息
 * 
 * @author ChengLi
 *
 */
public class AuthorityInfo implements GrantedAuthority {
	private static final long serialVersionUID = -175781100474818800L;

	/**
	 * 权限CODE
	 */
	private String authority;

	public AuthorityInfo(String authority) {
		this.authority = authority;
	}

	@Override
	public String getAuthority() {
		return authority;
	}

	public void setAuthority(String authority) {
		this.authority = authority;
	}

}

      (4)定义UserInfo类,用于加载当前用户信息,实现UserDetails接口,代码如下:
package com.chengli.springboot.custom;

import java.util.Collection;
import java.util.HashSet;
import java.util.Set;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

/**
 * 用户信息
 * @、这里我写了几个较为常用的字段,id,name,username,password,可以根据实际的情况自己增加
 * @author ChengLi
 *
 */
public class UserInfo implements UserDetails {
	private static final long serialVersionUID = -1041327031937199938L;

	/**
	 * 用户ID
	 */
	private Long id;

	/**
	 * 用户名称
	 */
	private String name;

	/**
	 * 登录名称
	 */
	private String username;

	/**
	 * 登录密码
	 */
	private String password;

	private boolean isAccountNonExpired = true;

	private boolean isAccountNonLocked = true;

	private boolean isCredentialsNonExpired = true;

	private boolean isEnabled = true;

	private Set<AuthorityInfo> authorities = new HashSet<AuthorityInfo>();
....省略getters setters 方法
}

到这里基本就已经完成了,运行CAS Server ,将以上的application.properties文件中的地址修改为实际的地址即可运行。

完整示例代码在QQ交流群中:springboot-security-cas.zip

有兴趣的朋友可以加群探讨相互学习:

Spring Boot QQ交流群:599546061
版权声明:原创文章,转载请注明出处

spring boot-整合CAS Client实现单点登陆验证

实现方式一:使用第三方的starter 1、依赖的jar net.unicon.cas cas-client-autoconfig-support ...

spring boot 整合 CAS

spring boot整合cas

spring boot配置Cas单点登录

cas server配置: 参照网址:http://www.jianshu.com/p/600593b1f366 源码github地址:https://github.com/willwu1984/sp...

Spring Boot 集成Shiro和CAS

请大家在看本文之前,先了解如下知识点: 1、Shiro 是什么?怎么用? 2、Cas 是什么?怎么用? 3、最好有Spring基础可以先看看这两篇文章,按照这2篇文章的内容做一遍: Sprin...
  • catoop
  • catoop
  • 2016年01月17日 23:03
  • 35512

SpringBoot集成CAS客户端

此文章用于记录自己学习springBoot集成cas的过程。 针对cas实现单点登录主要是两个部分,一个部分是client,一个部分是server。对于client,我们实现的时候需要在自己的项目中...

基于CAS的单点登录SSO[5]: 基于Springboot实现CAS客户端的前后端分离

基于CAS的单点登录SSO[5]: 基于Springboot实现CAS客户端的前后端分离 作者:家辉,日期:2017-08-24 CSDN博客: http://blog.csdn.net/gob...
  • gobitan
  • gobitan
  • 2017年08月30日 23:16
  • 2016

SpringBoot集成SpringSecurity+CAS

本文主要讲述如何通过SpringSecurity+CAS在springboot项目中实现单点登录和单点注销的功能。参考内容有Spring Security官方文档中的 1. 5. Java Conf...

第四部分:spring security使用cas单点登录配置

spring security使用cas单点登录配置

15.玩转Spring Boot 使用Spring security

玩转Spring Boot 使用Spring security       Spring Boot与Spring Security在一起开发非常简单,充分体现了自动装配的强大,Spring Sec...

Delphi7高级应用开发随书源码

  • 2003年04月30日 00:00
  • 676KB
  • 下载
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:16.玩转Spring Boot 使用Spring security 集成CAS
举报原因:
原因补充:

(最多只允许输入30个字)