首先我这边
<spring.boot.version>2.2.10.RELEASE</spring.boot.version>
这是spring boot的版本
然后就是cas版本
<!-- https://mvnrepository.com/artifact/net.unicon.cas/cas-client-autoconfig-support --> <!-- cas客户端--> <dependency> <groupId>net.unicon.cas</groupId> <artifactId>cas-client-autoconfig-support</artifactId> <version>2.3.0-GA</version> </dependency>
然后加入配置类
@Configuration
public class CasFilterConfig {
@Autowired
private CasClientProperties casClientProperties;
/**
* 单点登出
*
* @return
*/
@Bean
public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() {
ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listener =
new ServletListenerRegistrationBean<>();
listener.setEnabled(casClientProperties.isEnable());
listener.setListener(new SingleSignOutHttpSessionListener());
listener.setOrder(1);
return listener;
}
@Bean
public FilterRegistrationBean singleSignOutFilter() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new SingleSignOutFilter());
registrationBean.addUrlPatterns("/*");
registrationBean.addInitParameter("casServerUrlPrefix", casClientProperties.getServerUrlPrefix());
registrationBean.setEnabled(casClientProperties.isEnable());
registrationBean.setOrder(2);
return registrationBean;
}
/**
* 认证过滤器
* 如果用户需要进行身份验证,则会将用户重定向到CAS服务器。
*
* @return
*/
@Bean
public FilterRegistrationBean authenticationFilter() {
StaticLog.info("cas isEnable:" + casClientProperties.isEnable());
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setFilter(new AuthenticationFilter());
filterRegistrationBean.addInitParameter("casServerLoginUrl", casClientProperties.getServerLoginUrl());
filterRegistrationBean.addInitParameter("serverName", casClientProperties.getClientHostUrl());
filterRegistrationBean.addInitParameter("gateway", String.valueOf(casClientProperties.isGateway()));
filterRegistrationBean.addInitParameter("ignorePattern", String.valueOf(casClientProperties.getIgnorePattern()));
filterRegistrationBean.setEnabled(casClientProperties.isEnable());
filterRegistrationBean.addUrlPatterns("/authVerificationController/*");
// filterRegistrationBean.addInitParameter("renew", String.valueOf(casClientProperties.isRenew()));
filterRegistrationBean.setOrder(3);
return filterRegistrationBean;
}
/**
* 使用 CAS 2.0 protocol. ticket校验工作
* Cas30ProxyReceivingTicketValidationFilter 使用cas3.0 protocol
* Cas30JsonProxyReceivingTicketValidationFilter 过滤器能够接受CAS的验证响应,根据CAS协议规定的格式为JSON
*
* @return
*/
@Bean
public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new Cas20ProxyReceivingTicketValidationFilter());
registrationBean.addUrlPatterns("/*");
registrationBean.addInitParameter("casServerUrlPrefix", casClientProperties.getServerUrlPrefix());
registrationBean.addInitParameter("serverName", casClientProperties.getClientHostUrl());
registrationBean.addInitParameter("useSession", String.valueOf(casClientProperties.isUseSession()));
registrationBean.addInitParameter("exceptionOnValidationFailure", String.valueOf(casClientProperties.isExceptionOnValidationFailure()));
registrationBean.addInitParameter("redirectAfterValidation", String.valueOf(casClientProperties.isRedirectAfterValidation()));
registrationBean.setEnabled(casClientProperties.isEnable());
registrationBean.setOrder(4);
return registrationBean;
}
/**
* 将断言信息存放在ThreadLocal中,可以通过此类获取登录的用户信息
* 可以在任意地方获取到用户信息 AssertionHolder类是专门处理此信息类
* 但是此类无法访问 HttpServletRequest,因此无法调用 getRemoteUser()
*
* @return
*/
@Bean
public FilterRegistrationBean assertionThreadLocalFilter() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setEnabled(casClientProperties.isEnable());
registrationBean.setOrder(5);
registrationBean.setFilter(new AssertionThreadLocalFilter());
return registrationBean;
}
/**
* HttpServletRequest包装类
* 可以通过getRemoteUser()与getPrincipal()获取相应CAS的信息
*
* @return
*/
@Bean
public FilterRegistrationBean requestWrapperFilter() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setEnabled(casClientProperties.isEnable());
registrationBean.setFilter(new HttpServletRequestWrapperFilter());
registrationBean.addUrlPatterns("/*");
registrationBean.setOrder(6);
return registrationBean;
}
}
其中有个类是用来映射配置的
@ConfigurationProperties(prefix = "cas")
@Configuration
public class CasClientProperties {
@Autowired
@Qualifier("configCtrl")
private ConfigCtrl configCtrl;
/**
* 是否开启单点登录
*/
private boolean enable = false;
/**
* 单点登录需要访问的CAS SERVER URL入口
*/
private String serverLoginUrl;
/**
* 托管此应用的服务器名称,例如本机:http://localhost:8080
*/
private String clientHostUrl;
/**
* 指定是否应将renew = true发送到CAS服务器
*/
private boolean renew = false;
/**
* 指定是否应将gateway = true发送到CAS服务器
*/
private boolean gateway = false;
/**
* cas服务器的开头 例如 http://localhost:8443/cas
*/
private String serverUrlPrefix;
/**
* 是否将Assertion 存入到session中
* 如果不使用session(会话),tickets(票据)将每次请求时都需要tickets
*/
private boolean useSession = true;
/**
* 是否在票证验证后重定向到相同的URL,但在参数中没有票证
*/
private boolean redirectAfterValidation = true;
/**
* 是否在tickets验证失败时抛出异常
*/
private boolean exceptionOnValidationFailure = false;
/**
* 验证白名单,当请求路径匹配此表达式时,自动通过验证
*/
@Nullable
private String ignorePattern;
/**
* 白名单表达式的类型
* REGEX 正则表达式 默认的
* CONTAINS 包含匹配
* EXACT 精确匹配
*/
@Nullable
private String ignoreUrlPatternType;
public boolean isEnable() {
//取nacos配置,要是没有这个就直接返回值就是了
String isEnable = configCtrl.getIsEnable();
if (StrUtil.isNotBlank(isEnable)){;
return Convert.toBool(isEnable);
}
return enable;
}
public void setEnable(boolean enable) {
this.enable = enable;
}
public String getServerLoginUrl() {
return serverLoginUrl;
}
public void setServerLoginUrl(String serverLoginUrl) {
this.serverLoginUrl = serverLoginUrl;
}
public String getClientHostUrl() {
return clientHostUrl;
}
public void setClientHostUrl(String clientHostUrl) {
this.clientHostUrl = clientHostUrl;
}
public boolean isRenew() {
return renew;
}
public void setRenew(boolean renew) {
this.renew = renew;
}
public boolean isGateway() {
return gateway;
}
public void setGateway(boolean gateway) {
this.gateway = gateway;
}
public String getServerUrlPrefix() {
return serverUrlPrefix;
}
public void setServerUrlPrefix(String serverUrlPrefix) {
this.serverUrlPrefix = serverUrlPrefix;
}
public boolean isUseSession() {
return useSession;
}
public void setUseSession(boolean useSession) {
this.useSession = useSession;
}
public boolean isRedirectAfterValidation() {
return redirectAfterValidation;
}
public void setRedirectAfterValidation(boolean redirectAfterValidation) {
this.redirectAfterValidation = redirectAfterValidation;
}
public boolean isExceptionOnValidationFailure() {
return exceptionOnValidationFailure;
}
public void setExceptionOnValidationFailure(boolean exceptionOnValidationFailure) {
this.exceptionOnValidationFailure = exceptionOnValidationFailure;
}
@Nullable
public String getIgnorePattern() {
return ignorePattern;
}
public void setIgnorePattern(@Nullable String ignorePattern) {
this.ignorePattern = ignorePattern;
}
@Nullable
public String getIgnoreUrlPatternType() {
return ignoreUrlPatternType;
}
public void setIgnoreUrlPatternType(@Nullable String ignoreUrlPatternType) {
this.ignoreUrlPatternType = ignoreUrlPatternType;
}
}
然后这是请求这边获取用户的信息
Principal principal = request.getUserPrincipal();
Map<String, Object> mapCas = new HashMap<>();
if (principal != null && principal instanceof AttributePrincipal) {
AttributePrincipal aPrincipal = (AttributePrincipal) principal;
//获取用户信息中公开的Attributes部分
mapCas = aPrincipal.getAttributes();
}
以上代码是从别人博客那边借鉴过来的
然后是配置
cas:
#cas认证中心地址
server-url-prefix: http://xxxxxx/authserver
#cas认证中心登录地址
server-login-url: http://xxxxxx/authserver/login
#后端服务地址 这个需要注意这个地址需要cas服务那边把这个地址配置好,然后才能用
#我这边是通过后端跳转的,所以实际cas服务配置的地址是http://xxxxx/api/authVerificationController/redirect
#但实际我这边后端只配了,因为如果也配上面带具体接口的路由会导致cas服务跳转的时候重复,cas服务会截断后面的接口路由地址去拼在下面这个地址上,api是网关前缀
client-host-url: http://xxxxx/api
记录一下,下次抄作业方便一点