//本机服务,访问/login/cas时进行校验登录
serviceProperties.setService(“http://localhost:8123/login/cas”);
serviceProperties.setSendRenew(false);
return serviceProperties;
}
@Bean
@Primary
public AuthenticationEntryPoint authenticationEntryPoint(
ServiceProperties sP) {
CasAuthenticationEntryPoint entryPoint
= new CasAuthenticationEntryPoint();
//cas登录服务
entryPoint.setLoginUrl(casServerUrl + “/login”);
entryPoint.setServiceProperties(sP);
return entryPoint;
}
@Bean
public TicketValidator ticketValidator() {
//指定cas校验器
return new Cas30ServiceTicketValidator(
casServerUrl);
}
//cas认证
@Bean
public CasAuthenticationProvider casAuthenticationProvider() {
CasAuthenticationProvider provider = new CasAuthenticationProvider();
provider.setServiceProperties(serviceProperties());
provider.setTicketValidator(ticketValidator());
//固定响应用户,在生产环境中需要额外设置用户映射
provider.setUserDetailsService(
s -> new User(“auth-user”, “123”, true, true, true, true,
AuthorityUtils.createAuthorityList(“ROLE_ADMIN”)));
provider.setKey(“CAS_PROVIDER_LOCALHOST_8123”);
return provider;
}
@Bean
public SecurityContextLogoutHandler securityContextLogoutHandler() {
return new SecurityContextLogoutHandler();
}
@Bean
public LogoutFilter logoutFilter() {
//退出后转发路径
LogoutFilter logoutFilter = new LogoutFilter(
casServerUrl + “/logout”,
securityContextLogoutHandler());
//cas退出
logoutFilter.setFilterProcessesUrl(“/logout/cas”);
return logoutFilter;
}
@Bean
public SingleSignOutFilter singleSignOutFilter() {
//单点退出
SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
singleSignOutFilter.setCasServerUrlPrefix(casServerUrl);
singleSignOutFilter.setIgnoreInitConfiguration(true);
return singleSignOutFilter;
}
//设置退出监听
@EventListener
public SingleSignOutHttpSessionListener singleSignOutHttpSessionListener(
HttpSessionEvent event) {
return new SingleSignOutHttpSessionListener();
}
}
注意,
1.
casAuthenticationFilter()创建的bean为核心,
所以必须设置anthenticationManager,cas返回的ticket由他来校验
2. 由于设置的
ServicePropertiesbean响应路径为/cas/login,所以权限配置处必须允许访问到,否则会出现死循环
3. 入口点为casAuthenticationEntryPoint
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private AuthenticationProvider authenticationProvider;
@Autowired
private SingleSignOutFilter singleSignOutFilter;
@Autowired
private LogoutFilter logoutFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
//所有都需要认证才能访问
//由于设置了验证filter访问为,/login/cas,所以必须通过验证,否则出现死循环
http
.authorizeRequests().antMatchers(“/login/cas”).permitAll()
.and()
.authorizeRequests().anyRequest().authenticated()
.and()
.httpBasic().authenticationEntryPoint(authenticationEntryPoint)
.and()
.logout().logoutSuccessUrl(“/logout”)
.and()
.addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class).addFilterBefore(logoutFilter, LogoutFilter.class);
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.authenticationProvider(authenticationProvider);
}
@Override
protected AuthenticationManager authenticationManager() throws Exception {
//设置cas认证提供
return new ProviderManager(
Arrays.asList(authenticationProvider));
}
@Bean
public CasAuthenticationFilter casAuthenticationFilter(ServiceProperties sp)
throws Exception {
//cas认证过滤器,当触发本filter时,对ticket进行认证
CasAuthenticationFilter filter = new CasAuthenticationFilter();
filter.setServiceProperties(sp);
filter.setAuthenticationManager(authenticationManager());
return filter;
}
@Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
}
}
最后
针对最近很多人都在面试,我这边也整理了相当多的面试专题资料,也有其他大厂的面经。希望可以帮助到大家。
最新整理面试题
上述的面试题答案都整理成文档笔记。也还整理了一些面试资料&最新2021收集的一些大厂的面试真题
最新整理电子书
最新整理大厂面试文档
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。
针对最近很多人都在面试,我这边也整理了相当多的面试专题资料,也有其他大厂的面经。希望可以帮助到大家。
最新整理面试题
[外链图片转存中…(img-S3pQNUDn-1723359448354)]
上述的面试题答案都整理成文档笔记。也还整理了一些面试资料&最新2021收集的一些大厂的面试真题
最新整理电子书
[外链图片转存中…(img-waAGubv4-1723359448355)]
最新整理大厂面试文档
[外链图片转存中…(img-wt3Iw5yg-1723359448356)]
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
