CAS单点登录-自定义认证之Shiro、Rest（六）

最新推荐文章于 2024-10-02 10:53:34 发布

2301_78399616

最新推荐文章于 2024-10-02 10:53:34 发布

阅读量662

点赞数 28

文章标签： python 前端开发语言

本文链接：https://blog.csdn.net/2301_78399616/article/details/140675287

版权

客户端校验Demo

SysUser.java

版权所有.©2008-2017. 卡尔科技工作室

package com.carl.auth.sso.rest.client.bean;

import com.fasterxml.jackson.annotation.JsonIgnore;

import com.fasterxml.jackson.annotation.JsonProperty;

import javax.validation.constraints.NotNull;

import java.util.HashMap;

import java.util.Map;

/**

@author Carl
@date 2017/9/14
@since JDK1.7

public class SysUser {

@JsonProperty(“id”)

@NotNull

private String username;

@JsonProperty(“@class”)

//需要返回实现org.apereo.cas.authentication.principal.Principal的类名接口

private String clazz = “org.apereo.cas.authentication.principal.SimplePrincipal”;

@JsonProperty(“attributes”)

private Map<String, Object> attributes = new HashMap<>();

@JsonIgnore

@NotNull

private String password;

@JsonIgnore

//用户是否不可用

private boolean disable = false;

@JsonIgnore

//用户是否过期

private boolean expired = false;

@JsonIgnore

//是否锁定

private boolean locked = false;

public boolean isLocked() {

return locked;

}

public SysUser setLocked(boolean locked) {

this.locked = locked;

return this;

}

public boolean isDisable() {

return disable;

}

public SysUser setDisable(boolean disable) {

this.disable = disable;

return this;

}

public boolean isExpired() {

return expired;

}

public SysUser setExpired(boolean expired) {

this.expired = expired;

return this;

}

public String getPassword() {

return password;

}

public SysUser setPassword(String password) {

this.password = password;

return this;

}

public String getUsername() {

return username;

}

public SysUser setUsername(String username) {

this.username = username;

return this;

}

public String getClazz() {

return clazz;

}

public Map<String, Object> getAttributes() {

return attributes;

}

public SysUser setAttributes(Map<String, Object> attributes) {

this.attributes = attributes;

return this;

}

@JsonIgnore

public SysUser addAttribute(String key, Object val) {

getAttributes().put(key, val);

return this;

}

而上面的属性，必须跟@class的实现一一对应，如attributes 就是返回属性给对接的客户端，有必要的信息必须返回给cas，cas会进行二次过滤，而二次过滤是属于多属性返回的内容，后面的章节会说明白哦

AuthUserController.java

版权所有.©2008-2017. 卡尔科技工作室

package com.carl.auth.sso.rest.client.controller;

import com.carl.auth.sso.rest.client.bean.SysUser;

import com.carl.auth.sso.rest.client.service.UserRepertory;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.http.HttpHeaders;

import org.springframework.http.HttpStatus;

import org.springframework.http.ResponseEntity;

import org.springframework.util.Base64Utils;

import org.springframework.web.bind.annotation.PostMapping;

import org.springframework.web.bind.annotation.RequestHeader;

import org.springframework.web.bind.annotation.RestController;

import java.io.UnsupportedEncodingException;

/**

@author Carl
@date 2017/9/14
@since JDK1.7

@RestController

public class AuthUserController {

private static final Logger LOGGER = LoggerFactory.getLogger(AuthUserController.class);

@Autowired

private UserRepertory userRepertory;

/**

1. cas 服务端会通过post请求，并且把用户信息以"用户名:密码"进行Base64编码放在authorization请求头中
1. 返回200状态码并且格式为{“@class”:“org.apereo.cas.authentication.principal.SimplePrincipal”,“id”:“casuser”,“attributes”:{}} 是成功的
1. 返回状态码403用户不可用；404账号不存在；423账户被锁定；428过期；其他登录失败
@param httpHeaders
@return

@PostMapping(“/login”)

public Object login(@RequestHeader HttpHeaders httpHeaders) {

LOGGER.info(“Rest api login.”);

LOGGER.debug(“request headers: {}”, httpHeaders);

SysUser user = null;

try {

UserTemp userTemp = obtainUserFormHeader(httpHeaders);

//尝试查找用户库是否存在

user = userRepertory.getUser(userTemp.username);

if (user != null) {

if (!user.getPassword().equals(userTemp.password)) {

//密码不匹配

return new ResponseEntity(HttpStatus.BAD_REQUEST);

}

if (user.isDisable()) {

//禁用 403

return new ResponseEntity(HttpStatus.FORBIDDEN);

}

if (user.isLocked()) {

//锁定 423

return new ResponseEntity(HttpStatus.LOCKED);

}

if (user.isExpired()) {

//过期 428

return new ResponseEntity(HttpStatus.PRECONDITION_REQUIRED);

}

} else {

//不存在 404

return new ResponseEntity(HttpStatus.NOT_FOUND);

}

} catch (UnsupportedEncodingException e) {

LOGGER.error(“”, e);

new ResponseEntity(HttpStatus.BAD_REQUEST);

}

LOGGER.info(“[{}] login is ok”, user.getUsername());

//成功返回json

return user;

}

/**

根据请求头获取用户名及密码
@param httpHeaders
@return
@throws UnsupportedEncodingException

private UserTemp obtainUserFormHeader(HttpHeaders httpHeaders) throws UnsupportedEncodingException {

/**

This allows the CAS server to reach to a remote REST endpoint via a POST for verification of credentials.
Credentials are passed via an Authorization header whose value is Basic XYZ where XYZ is a Base64 encoded version of the credentials.

//根据官方文档，当请求过来时，会通过把用户信息放在请求头authorization中，并且通过Basic认证方式加密

String authorization = httpHeaders.getFirst(“authorization”);//将得到 Basic Base64(用户名:密码)

String baseCredentials = authorization.split(" ")[1];

String usernamePassword = new String(Base64Utils.decodeFromString(baseCredentials), “UTF-8”);//用户名:密码

LOGGER.debug(“login user: {}”, usernamePassword);

String credentials[] = usernamePassword.split(“:”);

return new UserTemp(credentials[0], credentials[1]);

}

/**