因为项目需要,系统需要部署一个cas 。直接下载war包 https://github.com/apereo/cas 各个版本都有。代码下来,mvn package 即可生成war包, 我用的 5.X 版本,war包理论上直接放tomcat的webapps下就可用。 tomcat 用的是9.0版本。
一般系统都是部署在某集团内网,简单一点,搞个http即可,不需要https那么麻烦。这就需要修改配置了。具体步骤如下,war放webapps下,仅仅启动一下tomcat就关闭。这个其实就是让tomcat解压一下war而已。其实也可以自己手动解压。
需要修改的文件 application.properties 和 HTTPSandIMAPS-10000001.json 这两。
application.properties 文件在....webapps\cas\WEB-INF\classes 目录下,增加下面两项即可
cas.tgc.secure=false
cas.serviceRegistry.initFromJson=true
另外,注意一点,
server.context-path=/cas
# http模式下,这个端口和tomcat端口保持一致
server.port=8888
这里可以顺便修改一下用户和密码,不改也行。改一下只是简单好记而已
cas.authn.accept.users=admin::admin
而 HTTPSandIMAPS-10000001.json 文件是在......webapps\cas\WEB-INF\classes\services目录下
"serviceId" : "^(https|imaps)://.*", 改为 "serviceId" : "^(https|http|imaps)://.*",即可
再次启动tomcat,服务端就可以了。
客户端其实代码得自己写,
配置类型
package com.chnenergy.plate.config;
import org.pac4j.cas.client.CasClient;
import org.pac4j.cas.config.CasConfiguration;
import org.pac4j.cas.config.CasProtocol;
import org.pac4j.core.client.Clients;
import org.pac4j.core.config.Config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class Pac4jConfig {
@Value("${pac4j.cas.login.url}")
private String loginUrl;
@Value("${pac4j.clients.callback.url}")
private String callbackUrl;
@Autowired
private CustomAuthorizer customAuthorizer;
@Bean
public Config config() {
final CasConfiguration configuration = new CasConfiguration(loginUrl);
configuration.setProtocol(CasProtocol.CAS20);
configuration.setAcceptAnyProxy(true);
final CasClient casClient = new CasClient(configuration);
final Clients clients = new Clients(callbackUrl, casClient);
final Config config = new Config(clients);
config.addAuthorizer("custom", customAuthorizer);
return config;
}
}
拦截类
package com.chnenergy.plate.config;
import org.pac4j.core.config.Config;
import org.pac4j.springframework.web.SecurityInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.*;
@Configuration
@ComponentScan(basePackages = "org.pac4j.springframework.web")
public class SecurityConfig implements WebMvcConfigurer {
@Autowired
private Config config;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new SecurityInterceptor(config, "CasClient","custom")).addPathPatterns("/**")
.excludePathPatterns(new String[] { "/callback", "/logout","/log/*"});
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/**").addResourceLocations("classpath:/static/").resourceChain(true);
}
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("forward:/index.html");
}
}
获取当前用户的类
package com.chnenergy.plate.config;
import com.chnenergy.plate.common.SessionUtil;
import org.pac4j.core.authorization.authorizer.ProfileAuthorizer;
import org.pac4j.core.context.J2EContext;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.exception.HttpAction;
import org.pac4j.core.profile.CommonProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.net.URLEncoder;
import java.util.List;
import javax.servlet.http.HttpServletResponse;
@Component
public class CustomAuthorizer extends ProfileAuthorizer<CommonProfile> {
private final Logger logger = LoggerFactory.getLogger(this.getClass());
@Override
public boolean isAuthorized(final WebContext context, final List<CommonProfile> profiles) throws HttpAction {
return isAnyAuthorized(context, profiles);
}
@Override
public boolean isProfileAuthorized(final WebContext context, final CommonProfile profile) {
if (profile == null) {
logger.error("profile is null");
return false;
}
try {
String loginName = profile.getId();
if (loginName == null)
{
System.out.print("获取loginName失败 ........");
return false;
}
else
{
System.out.print("当前用户 " + loginName + "login success");
}
SessionUtil.setSessionAttribute("loginName",loginName);
} catch (Exception e) {
e.printStackTrace();
System.out.print("登录抛出错误" + e.getMessage());
return false;
}
return true;
}
}
配置文件
server.port=8182
spring.main.allow-bean-definition-overriding=true
spring.jackson.date-format=yyyy-MM-dd HH:mm:ss
spring.jackson.time-zone=GMT+8
pac4j.cas.login.url=http://localhost:8080/cas
pac4j.clients.callback.url=http://localhost:8182/web/callback
还有 pom 文件
<!--4A start-->
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>spring-webmvc-pac4j</artifactId>
<version>${spring-webmvc-pac4j.version}</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.pac4j/pac4j-cas -->
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-cas</artifactId>
<version>${pac4j.version}</version>
</dependency>
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-oauth</artifactId>
<version>${pac4j.version}</version>
</dependency>
<!--4A end-->
如果网上代码与此雷同,不属巧合