1、客户端目录结构
客户端采用springboot构建进行快捷测试
2、pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.6.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>demo1</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>demo1</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!--导入配置文件处理器,配置文件进行绑定就会有提示-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<!-- 单点登录客户端依赖 -->
<dependency>
<groupId>net.unicon.cas</groupId>
<artifactId>cas-client-autoconfig-support</artifactId>
<version>1.5.0-GA</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
3、application.properties
server.port=8081
#cas 配置
# cas服务端的登录地址
cas.server-login-url: http://127.0.0.1:8080/cas/login
# cas服务端的地址
cas.server-url-prefix: http://127.0.0.1:8080/cas
# 当前服务器的地址(客户端)
cas.client-host-url: http://127.0.0.1:8081
# Ticket校验器使用Cas30ProxyReceivingTicketValidationFilter
cas.validation-type: cas3
4、CASConfig
package com.example.demo1.config;
import net.unicon.cas.client.configuration.CasClientConfigurerAdapter;
import net.unicon.cas.client.configuration.EnableCasClient;
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.Map;
/**
* CAS配置类
*/
@Configuration
@EnableCasClient // 开启 Cas Client 注解
public class CASConfig extends CasClientConfigurerAdapter {
private static final String CAS_SERVER_URL_LOGIN = "http://127.0.0.1:8080/cas/login";
private static final String SERVER_NAME = "http://127.0.0.1:8081/";
@Bean
public FilterRegistrationBean filterRegistrationBean(){
FilterRegistrationBean registration = new FilterRegistrationBean();
// AuthenticationFilter 该过滤器负责用户的认证工作
registration.setFilter(new AuthenticationFilter());
// 设定匹配的路径
registration.addUrlPatterns("/*");
Map<String,String> initParameters = new HashMap<String, String>();
initParameters.put("casServerLoginUrl", CAS_SERVER_URL_LOGIN);
initParameters.put("serverName", SERVER_NAME);
// 忽略 /logoutSuccess 的路径
initParameters.put("ignorePattern", "/logoutSuccess/*");
registration.setInitParameters(initParameters);
// 设定加载的顺序
registration.setOrder(1);
return registration;
}
}
5、TestController
package com.example.demo1.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
@Controller
public class TestController {
@RequestMapping("/test")
@ResponseBody
public String test(HttpServletRequest request) {
return "demo1";
}
/**
* 退出
* @param session
* @return
*/
@RequestMapping("/logout")
public String logout(HttpSession session) {
session.invalidate();
// 退出登录后,跳转到退出成功的页面,不走默认页面
return "redirect:http://127.0.0.1:8080/cas/logout?service=http://127.0.0.1:8081/logoutSuccess";
}
/**
* 退出成功页
* @return
*/
@RequestMapping("/logoutSuccess")
@ResponseBody
public String logoutSuccess() {
return "demo1 logoutSuccess";
}
}
6、Demo1Application
package com.example.demo1;
import net.unicon.cas.client.configuration.EnableCasClient;
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import java.util.HashMap;
import java.util.Map;
@SpringBootApplication
public class Demo1Application {
public static void main(String[] args) {
SpringApplication.run(Demo1Application.class, args);
}
}
7、测试流程
登录成后退出登录http://localhost:8081/logout
然后访问http://localhost:8081/test 即需要再次登录
8、遇到问题
①未认证授权的服务
这个原因是因为我们的服务不是HTTPS协议的 ,在WEB-INF/classess/application.properties,在最下面添加如下代码
#除去https
cas.tgc.secure=false
#注册services中的json校验
cas.serviceRegistry.initFromJson=true
但这只是CAS本身的访问,客户端和cas还要求是http协议,这需要改如下配制。
修改WEB-INF\classes\services\HTTPSandIMAPS-10000001.json
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|http|imaps)://.*",
"name" : "HTTPS and IMAPS",
"id" : 10000001,
"description" : "This service definition authorizes all application urls that support HTTPS and IMAPS protocols.",
"evaluationOrder" : 10000
}
②cas 票根不符合目标服务
serverName的配置与注册服务不一致导致的。
③cas退出登录没有重定向到指定页面
服务端 修改application.properties
#默认servcie跳转不会生效,开启退出登录重定向
cas.logout.followServiceRedirects=true