关于cas部署前的修改，包括客户端和服务端

 因为项目需要，系统需要部署一个cas 。直接下载war包 https://github.com/apereo/cas 各个版本都有。代码下来，mvn package 即可生成war包， 我用的 5.X 版本，war包理论上直接放tomcat的webapps下就可用。 tomcat 用的是9.0版本。

一般系统都是部署在某集团内网，简单一点，搞个http即可，不需要https那么麻烦。这就需要修改配置了。具体步骤如下，war放webapps下，仅仅启动一下tomcat就关闭。这个其实就是让tomcat解压一下war而已。其实也可以自己手动解压。

需要修改的文件 application.properties 和 HTTPSandIMAPS-10000001.json 这两。

  application.properties 文件在....webapps\cas\WEB-INF\classes 目录下，增加下面两项即可

cas.tgc.secure=false
cas.serviceRegistry.initFromJson=true

另外，注意一点， 

server.context-path=/cas  

# http模式下，这个端口和tomcat端口保持一致

server.port=8888

这里可以顺便修改一下用户和密码，不改也行。改一下只是简单好记而已

cas.authn.accept.users=admin::admin

而 HTTPSandIMAPS-10000001.json 文件是在......webapps\cas\WEB-INF\classes\services目录下

"serviceId" : "^(https|imaps)://.*", 改为 "serviceId" : "^(https|http|imaps)://.*",即可

再次启动tomcat，服务端就可以了。

客户端其实代码得自己写，

配置类型

package com.chnenergy.plate.config;

import org.pac4j.cas.client.CasClient;
import org.pac4j.cas.config.CasConfiguration;
import org.pac4j.cas.config.CasProtocol;
import org.pac4j.core.client.Clients;
import org.pac4j.core.config.Config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class Pac4jConfig {

    @Value("${pac4j.cas.login.url}")
    private String loginUrl;

    @Value("${pac4j.clients.callback.url}")
    private String callbackUrl;
       
    @Autowired
    private CustomAuthorizer customAuthorizer;

    @Bean
    public Config config() {
    	
        final CasConfiguration configuration = new CasConfiguration(loginUrl);
        configuration.setProtocol(CasProtocol.CAS20);
        configuration.setAcceptAnyProxy(true);
        
        final CasClient casClient = new CasClient(configuration);
        final Clients clients = new Clients(callbackUrl, casClient);
    	
        final Config config = new Config(clients);
        config.addAuthorizer("custom", customAuthorizer);
        return config;
    }

}

拦截类

package com.chnenergy.plate.config;

import org.pac4j.core.config.Config;
import org.pac4j.springframework.web.SecurityInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.*;

@Configuration
@ComponentScan(basePackages = "org.pac4j.springframework.web")
public class SecurityConfig implements WebMvcConfigurer {

	@Autowired
	private Config config;

	@Override
	public void addInterceptors(InterceptorRegistry registry) {
		
		
		registry.addInterceptor(new SecurityInterceptor(config, "CasClient","custom")).addPathPatterns("/**")
		.excludePathPatterns(new String[] { "/callback", "/logout","/log/*"});
		
		
	}

	@Override
	public void addResourceHandlers(ResourceHandlerRegistry registry) {
		
		registry.addResourceHandler("/**").addResourceLocations("classpath:/static/").resourceChain(true);
		
				
	}

	@Override
	public void addViewControllers(ViewControllerRegistry registry) {
		registry.addViewController("/").setViewName("forward:/index.html");
	}
	
	
}

获取当前用户的类

package com.chnenergy.plate.config;

import com.chnenergy.plate.common.SessionUtil;
import org.pac4j.core.authorization.authorizer.ProfileAuthorizer;
import org.pac4j.core.context.J2EContext;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.exception.HttpAction;
import org.pac4j.core.profile.CommonProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.net.URLEncoder;
import java.util.List;
import javax.servlet.http.HttpServletResponse;


@Component
public class CustomAuthorizer extends ProfileAuthorizer<CommonProfile> {

    
    private final Logger logger = LoggerFactory.getLogger(this.getClass());

    @Override
    public boolean isAuthorized(final WebContext context, final List<CommonProfile> profiles) throws HttpAction {
        return isAnyAuthorized(context, profiles);
    }

    @Override
    public boolean isProfileAuthorized(final WebContext context, final CommonProfile profile) {
    	
        if (profile == null) {
            logger.error("profile is null");
            return false;
        }

        try {

            String loginName = profile.getId();
            
            if (loginName == null)
            {
            	
            	System.out.print("获取loginName失败 ........");
            	return false;
            }
            else 
            {
            	System.out.print("当前用户 " + loginName + "login success");
            }
            
            SessionUtil.setSessionAttribute("loginName",loginName);
            
        } catch (Exception e) {
            e.printStackTrace();
            
            System.out.print("登录抛出错误" + e.getMessage());
            
            return false;
        }
        return true;
    }
}

配置文件

server.port=8182

spring.main.allow-bean-definition-overriding=true
spring.jackson.date-format=yyyy-MM-dd HH:mm:ss
spring.jackson.time-zone=GMT+8

pac4j.cas.login.url=http://localhost:8080/cas


pac4j.clients.callback.url=http://localhost:8182/web/callback

还有 pom 文件

 <!--4A start-->
        <dependency>
            <groupId>org.pac4j</groupId>
            <artifactId>spring-webmvc-pac4j</artifactId>
            <version>${spring-webmvc-pac4j.version}</version>
        </dependency>
        <!-- https://mvnrepository.com/artifact/org.pac4j/pac4j-cas -->
        <dependency>
            <groupId>org.pac4j</groupId>
            <artifactId>pac4j-cas</artifactId>
            <version>${pac4j.version}</version>
        </dependency>
        <dependency>
            <groupId>org.pac4j</groupId>
            <artifactId>pac4j-oauth</artifactId>
            <version>${pac4j.version}</version>
        </dependency>
        <!--4A end-->

如果网上代码与此雷同，不属巧合