shiro cas集成

最新推荐文章于 2024-08-11 14:58:26 发布

ppt0501

最新推荐文章于 2024-08-11 14:58:26 发布

阅读量8.3k

点赞数 3

分类专栏：架构文章标签： shiro cas sso

本文链接：https://blog.csdn.net/ppt0501/article/details/41728819

版权

架构专栏收录该内容

1 篇文章 0 订阅

订阅专栏

这篇文章主要介绍shiro+cas实现单点登录（SSO），搞了三天，参考了网上很多文章，折腾了很久，也学到了很多，在此，总结一下。

1、需要依赖的包：

<dependency>
		<groupId>org.apache.shiro</groupId>
		<artifactId>shiro-cas</artifactId>
		<version>1.2.2</version>
	</dependency>

2、web.xml增加内容：

<filter>
		<filter-name>shiroFilter</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
		<init-param>
			<param-name>targetFilterLifecycle</param-name>
			<param-value>true</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>shiroFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

3、applicationContext-shiro.xml内容：

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans 
	http://www.springframework.org/schema/beans/spring-beans-3.1.xsd"
	default-lazy-init="true">

	<description>Shiro安全配置</description>
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">  
        <property name="securityManager" ref="securityManager"/>  
        <!-- 设定角色的登录链接，这里为cas登录页面的链接可配置回调地址  -->  
        <property name="loginUrl" value="https://www.ppt.com:8443/cas/login?service=http://localhost:8888/Jfmweb/index.jsp" />  
        <!-- <property name="successUrl" value="/index.jsp"></property>  --> <!-- 加这句会出现页面循坏重定向 -->
        <property name="filters">  
            <map>  
                <entry key="casFilter" value-ref="casFilter"/>  
            </map>  
        </property>   
        <property name="filterChainDefinitions">
            <value>                 
                /index.jsp = casFilter
                /ucenter/** = authc,perms["ppt"]
                /product/** = authc
                /** = anon  
            </value>  
        </property>  
    </bean>  
    <bean id="casFilter" class="org.apache.shiro.cas.CasFilter">  
        <property name="failureUrl" value="/common/403.jsp"/>  
    </bean>
    <bean id="shiroDbRealm" class="com.csair.uweb.service.account.ShiroDbRealm">  
       <property name="casServerUrlPrefix" value="https://www.ppt.com:8443/cas/"/> <!-- 一定是ip+port+context path -->
       <property name="casService" value="http://localhost:8888/Jfmweb/index.jsp"/> <!-- 没有这句，认证不会通过，casfilter失败 -->
    </bean>  
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">      
        <property name="realm" ref="shiroDbRealm"/>  
        <property name="subjectFactory" ref="casSubjectFactory"/>  
    </bean>  
    <bean id="casSubjectFactory" class="org.apache.shiro.cas.CasSubjectFactory"/>  
    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>  
    <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">  
        <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/>  
        <property name="arguments" ref="securityManager"/>  
    </bean>
</beans>

4、自定义realm：

public class ShiroDbRealm extends CasRealm {

	private Logger log = Logger.getLogger(ShiroDbRealm.class);
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		try {
			System.out.println("授权");
			String username = (String)principals.getPrimaryPrincipal();
			log.info("cas realm username:" + username);
			SimpleAuthorizationInfo author = new SimpleAuthorizationInfo();
			author.addRole("role");
			author.addStringPermission("permission");
			author.addStringPermission("ppt");
			return author;
		} catch(Exception e) {
			e.printStackTrace();
		}
		return null;
	}
	
	public static class ShiroUser implements Serializable {
		private static final long serialVersionUID = -3041131129273959698L;
		public long id;
		public String name;
		public long type;
		public String account;
	}
	
}

到此就可以了。下面说说，其中遇到的问题：

1、页面一直提示循坏重定向，经测试，原来是加多了这个：<property name="successUrl" value="/index.jsp"></property>

2、提示这个错：Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target是因为证书问题，访问的域名，一定是证书的所有者：所有者:CN=www.ppt.com, OU=www.ppt.com, O=www.ppt.com, L=www.ppt.com, ST=www.ppt.com, C=cn这里的www.ppt.com这个错误折腾了我两天，满满的都是泪啊。还有一个ticket验证不通过，也是这个原因。

3、这个错误： [org.jasig.cas.client.util.XmlUtils] - org.xml.sax.SAXParseException: The reference to entity "locale" must end with the ';' delimiter.是因为<property name="casServerUrlPrefix" value="https://www.ppt.com:8443/cas/"/>这里的value是IP+PORT+context path就够了，再加上login的话，就会报错。

4、一直停留在首页跳转页面（http://localhost:8888/Jfmweb/index.jsp）,是因为少了这个：/index.jsp = casFilter

三个问题，搞了三天，继续加油。