1.使用shiro进行权限校验的系统接入方法
1.1 shiro.xml配置
#单点登录CAS设置
cas.server.url=http://认证中心地址:端口号/cas
cas.project.url=http:/本应用地址:端口号
<!--Shiro 安全认证过滤器-->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="${cas.server.url}?service=${cas.project.url}${adminPath}/cas" />
<!--<property name="loginUrl" value="${adminPath}/login" />-->
<property name="successUrl" value="${adminPath}?login" />
<property name="filters">
<map>
<entry key="authc" value-ref="formAuthenticationFilter"/>
<entry key="cas" value-ref="casFilter"/>
<entry key="logout" value-ref="logoutFilter"/>
</map>
</property>
<property name="filterChainDefinitions" ref="shiroFilterChainDefinitions"/>
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="casAuthorizingRealm" />
<!--<property name="realm" ref="systemAuthorizingRealm" />-->
<property name="sessionManager" ref="sessionManager" />
<property name="cacheManager" ref="shiroCacheManager" />
</bean>
<!-- CAS认证过滤器 -->
<bean id="casFilter" class="com.rj.smeha.modules.sys.security.CustomCasFilter">
<property name="failureUrl" value="${adminPath}/login"/>
</bean>
<bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter">
<property name="redirectUrl" value="${cas.server.url}/logout? service=${cas.project.url}${frontPath}"/>
</bean>
<bean id="casAuthorizingRealm" class="com.rj.smeha.modules.sys.security.CasAuthorizingRealm">
<property name="casServerUrlPrefix" value="${cas.server.url}" />
<property name="casService" value="${cas.project.url}${adminPath}/cas" />
</bean>
1.2 Web.xml配置
<!--允许通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名可选-->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器使得可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。比如AssertionHolder.getAssertion().getPrincipal().getName()。
这个类把Assertion信息放在ThreadLocal变量中,这样应用程序不在web层也能够获取到当前登录信息 -->
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>
org.jasig.cas.client.util.AssertionThreadLocalFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--单点登出 所有客户端均退出-->
<listener>
<listener-class>
org.jasig.cas.client.session.SingleSignOutHttpSessionListener
</listener-class>
</listener>
2.未使用shiro进行权限校验的系统接入方法
2.1.添加jar包
有两种方式:
第一种,下载cas-client-3.2.1.zip然后解压,在modules文件夹中有需要的jar包,请根据自己的项目情况选择使用,把相应的jar包放到你项目WEB-INF/lib下。
第二种,通过maven的方式引用:
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.1.12</version>
</dependency>
2.2.配置 CAS Filter
<!--SSO客户端配置 用于单点退出,该过滤器用于实现单点登出功能,可选配置 -->
<listener>
<listener-class>
org.jasig.cas.client.session.SingleSignOutHttpSessionListener
</listener-class>
</listener>
<!-- 该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
<filter-name>SingleSignOutFilter</filter-name>
<filter-class>
org.jasig.cas.client.session.SingleSignOutFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>SingleSignOutFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CASValidationFilter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://sso.smeha.cn/sso</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://you.client.com:8080</param-value>
<!—客户端URL地址-->
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>exceptionOnValidationFailure</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责用户的认证工作,必须启用它 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>
org.jasig.cas.client.authentication.AuthenticationFilter
</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value> http://sso.smeha.cn/sso/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value> http://you.client.com:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 允许通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。 -->
<filter>
<filter-name>CASHttpServletRequestWrapperFilter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>CASHttpServletRequestWrapperFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 比如AssertionHolder.getAssertion().getPrincipal().getName()。 -->
<filter>
<filter-name>CASAssertionThreadLocalFilter</filter-name>
<filter-class>
org.jasig.cas.client.util.AssertionThreadLocalFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>CASAssertionThreadLocalFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 拦截成功登录SSO系统之后返回的数据并做相关处理. -->
<filter>
<filter-name>SSO4InvokeContextFilter</filter-name>
<filter-class>com.common.web.filter.SSO4InvokeContextFilter </filter-class>
</filter>
<filter-mapping>
<filter-name>SSO4InvokeContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>