一.服务端版本使用5.3.16
网上一大堆的,反正就是下载服务端,然后windows就 ./build.cmd run 下载包,能单独访问即可,配置http使用模式这些...等等..此处就不说了,本文只是简单记录客户端采坑后的处理过程
二.客户端
2.1 主要流程
2.2 客户端导包(其他的spring的包忽略未写)
<dependency> <groupId>net.unicon.cas</groupId> <artifactId>cas-client-autoconfig-support</artifactId> <version>2.3.0-GA</version> </dependency>
2.3 配置文件
server.port=8081 # cas服务端前缀 cas.server-url-prefix=http://192.168.124.14:8086/cas # cas服务端登录页面 cas.server-login-url=http://192.168.124.14:8086/cas/login # 客户端 cas.client-host-url=http://192.168.124.14:8081 #验证类型: Cas30ProxyReceivingTicketValidationFilter cas.validation-type=cas3
2.4 主要的2个java类
2.4.1 配置类
import net.unicon.cas.client.configuration.CasClientConfigurerAdapter;
import net.unicon.cas.client.configuration.EnableCasClient;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
import java.util.Map;
@Configuration
public class CasClientConfig extends CasClientConfigurerAdapter {
@Override
public void configureAuthenticationFilter(FilterRegistrationBean authenticationFilter) {
super.configureAuthenticationFilter(authenticationFilter);
Map<String, String> initParameters = authenticationFilter.getInitParameters();
// initParameters.put("authenticationRedirectStrategyClass","xxx.xxx.CustomAuthRedirectStrategy");
// 配置地址,这里还可以配置很多,例如cas重定向策略等。
initParameters.put("ignorePattern", "/ignoreUrl1/|/ignoreUrl2/|/ignoreUrl3/");
}
@Bean
public FilterRegistrationBean corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
//前端页面地址,可以配置多个
config.addAllowedOrigin("http://192.168.124.14:8081");
config.addAllowedOrigin("http://192.168.124.14:8082");
config.addAllowedOrigin("http://192.168.124.14:8083");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new CorsFilter(source));
//需要拦截的url
registrationBean.addUrlPatterns("/url1/*");
registrationBean.addUrlPatterns("/url2/*");
registrationBean.addUrlPatterns("/url3/*");
registrationBean.setOrder(-2147483648);
return registrationBean;
}
}
2.4.2 测试的请求Controller,至于为啥要重定向请求,再重定向页面,原理还没研究出来,不然就会302跨域
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.validation.Assertion;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import static java.lang.System.out;
import static org.jasig.cas.client.util.AbstractCasFilter.CONST_CAS_ASSERTION;
@Controller // 这里不能用@RestController否则请求重定向不行
@RequestMapping("/")
public class LoginController {
@ResponseBody
@RequestMapping("/userInfo")
public String userInfo(HttpSession session){
Assertion assertion = (Assertion)session.getAttribute(CONST_CAS_ASSERTION);
AttributePrincipal principal = assertion.getPrincipal();
String loginName = principal.getName();
out.println("loginName = " + loginName);
return "sso-test1,当前登录账户"+loginName;
}
@RequestMapping("/login")
public String login(HttpSession session){
Assertion assertion = (Assertion)session.getAttribute(CONST_CAS_ASSERTION);
AttributePrincipal principal = assertion.getPrincipal();
String loginName = principal.getName();
out.println("loginName = " + loginName);
return "redirect:/toRedirect";
}
@RequestMapping(value = "toRedirect", method = RequestMethod.GET)
public void redirect(HttpServletRequest request, HttpServletResponse response)
throws IOException {
HttpSession session = request.getSession();
response.addHeader("Access-Control-Allow-Credentials", "true");
Cookie cookie = new Cookie("JSESSIONID", session.getId());
cookie.setHttpOnly(true);
cookie.setPath("/");
cookie.setMaxAge(3600);
//explain: 这里的前端就只做了一件事,就是调用 /userIndo的请求,只是看能否登录而已..所以前端代码不粘贴了
String urlToRedirectTo = "http://192.168.124.14:8082/index"; // 前端index
out.println("urlToRedirectTo = " + urlToRedirectTo + ";;;; JSESSIONID = " + session.getId());
response.addCookie(cookie);
//重定向到前端页面
response.sendRedirect(urlToRedirectTo);
}
}
2.5 测试顺序就按上面的流程图来的
1. 访问http://client-ip:8081/login (未登陆情况))
2. http://cas-service-ip:8086/cas/login?service=http://client-ip:8081/login (重定向到cas的登录页)
3. 登陆
4. 跳转到请求:http://client-ip:8081/login => 重定向至 http://vue-client-ip:8083/index
5. vue请求后端接口: http://client-ip:8081/userInfo
6. 获取正常的登录用户信息
7. 同一浏览器访问http://client2-ip:8082/login (客户端2, 客户端1已登录情况[上述6步已完成了])
8. cas验证通过直接重定向至http://client2-ip:8082/login => 重定向至 http://vue-client2-ip:8084/index
9. vue请求后端接口: http://client2-ip:8082/userInfo => 获取正常的登录用户信息