cas+shiro 的单用户登录

最新推荐文章于 2021-05-18 14:00:52 发布

那个id是什么东西

最新推荐文章于 2021-05-18 14:00:52 发布

阅读量1k

点赞数

分类专栏： cas

本文链接：https://blog.csdn.net/qq_36666181/article/details/88310624

版权

本文介绍了一个使用CAS和Shiro实现的单用户登录系统，当同一用户在多个设备上登录时，系统会强制登出先前的会话。通过调用CAS服务器的接口获取SSO会话并删除旧的ticket，确保最新登录的会话有效。详细步骤包括关注JSESSIONID、ticket_granting_ticket和authenticated_services参数，并提供了服务器和客户端的代码修改建议。

摘要由CSDN通过智能技术生成

该系统分为两部分，服务器和客户端，这里要说明一下，服务器上删除ticket的代码，我是拿的悟空大神的，并没有改动，具体地址为：https://blog.csdn.net/u010475041/article/details/78662266

应用场景：

A登陆了系统，正在玩着玩着，B也登陆了系统。这时候让A被迫下线。

思路：

首先我们先知道，在cas服务端，是有方法可以获取服务端现在的ticket的，找到那个方法。我的地址是： https://你的域名或者ip:8443(接口)/cas（这个你不一定需要）/status/ssosessions/getSsoSessions。总之，方法地址就是/status/ssosessions/getSsoSessions这里了。

我拿谷歌和火狐两个浏览器，测试这个接口，分别的返回值如下：

先登入谷歌：
cookie JSESSIONID 288854BD53C476D66436476AEEDE7175
{"totalUsageCount":2,"activeSsoSessions":[{"authentication_date":1551920722.969000000,"authentication_date_formatted":"2019-03-07T09:05:22Z","authentication_attributes":{"authenticationMethod":"QueryAndEncodeDatabaseAuthenticationHandler","successfulAuthenticationHandlers":["QueryAndEncodeDatabaseAuthenticationHandler"]},"authenticated_principal":"admin","number_of_uses":2,
"ticket_granting_ticket":"TGT-1-lwfjdiF2qR92VLaoicY6vesdSrngHkGIeqpD1LGrmuhUphONof-PC-20171207BQO","principal_attributes":{"email":"admin@163.com","id":"813487c718f645f483226acac6edc284","intime":1531880261000,"password":"c41d7c66e1b8404545aa3a0ece2006ac","username":"admin"},
"is_proxied":false,
"authenticated_services":{"ST-1-gE50uqUyMCMRzsdmoWst-PC-20171207BQO":{"id":"http://localhost:8084/callback?client_name=cas","originalUrl":"http://localhost:8084/callback?client_name=cas","artifactId":null,"principal":{"@class":"org.apereo.cas.authentication.principal.SimplePrincipal","id":"admin","attributes":{"email":"admin@163.com","id":"813487c718f645f483226acac6edc284","intime":1531880261000,"password":"c41d7c66e1b8404545aa3a0ece2006ac","username":"admin"}},"loggedOutAlready":false}}}],"totalTicketGrantingTickets":1,"totalTickets":1,"totalPrincipals":1,"totalProxyGrantingTickets":0}
接着火狐：
cookie JSESSIONID 7D5B6137FE232A820A450D45CEEE1ACD
{"totalUsageCount":2,"activeSsoSessions":[{"authentication_date":1551921028.080000000,"authentication_date_formatted":"2019-03-07T09:10:28Z","authentication_attributes":{"authenticationMethod":"QueryAndEncodeDatabaseAuthenticationHandler","successfulAuthenticationHandlers":["QueryAndEncodeDatabaseAuthenticationHandler"]},"authenticated_principal":"admin","number_of_uses":2,
"ticket_granting_ticket":"TGT-2-RtfJrwAkUeJQkpkOHdIt0h5GsgiZ7cqpofETqMCyTG0fjZRFbZ-PC-20171207BQO","principal_attributes":{"email":"admin@163.com","id":"813487c718f645f483226acac6edc284","intime":1531880261000,"password":"c41d7c66e1b8404545aa3a0ece2006ac","username":"admin"},
"is_proxied":false,
"authenticated_services":{"ST-2-9C1CRuDGydocDMsQsMEJ-PC-20171207BQO":{"id":"http://localhost:8084/callback?client_name=cas","originalUrl":"http://localhost:8084/callback?client_name=cas","artifactId":null,"principal":{"@class":"org.apereo.cas.authentication.principal.SimplePrincipal","id":"admin","attributes":{"email":"admin@163.com","id":"813487c718f645f483226acac6edc284","intime":1531880261000,"password":"c41d7c66e1b8404545aa3a0ece2006ac","username":"admin"}},"loggedOutAlready":false}}}],"totalTicketGrantingTickets":1,"totalTickets":1,"totalPrincipals":1,"totalProxyGrantingTickets":0}
刷新谷歌之后的：
{"totalUsageCount":2,"activeSsoSessions":[{"authentication_date":1551921028.080000000,"authentication_date_formatted":"2019-03-07T09:10:28Z","authentication_attributes":{"authenticationMethod":"QueryAndEncodeDatabaseAuthenticationHandler","successfulAuthenticationHandlers":["QueryAndEncodeDatabaseAuthenticationHandler"]},"authenticated_principal":"admin","number_of_uses":2,
"ticket_granting_ticket":"TGT-2-RtfJrwAkUeJQkpkOHdIt0h5GsgiZ7cqpofETqMCyTG0fjZRFbZ-PC-20171207BQO","principal_attributes":{"email":"admin@163.com","id":"813487c718f645f483226acac6edc284","intime":1531880261000,"password":"c41d7c66e1b8404545aa3a0ece2006ac","username":"admin"},
"is_proxied":false,
"authenticated_services":{"ST-2-9C1CRuDGydocDMsQsMEJ-PC-20171207BQO":{"id":"http://localhost:8084/callback?client_name=cas","originalUrl":"http://localhost:8084/callback?client_name=cas","artifactId":null,"principal":{"@class":"org.apereo.cas.authentication.principal.SimplePrincipal","id":"admin","attributes":{"email":"admin@163.com","id":"813487c718f645f483226acac6edc284","intime":1531880261000,"password":"c41d7c66e1b8404545aa3a0ece2006ac","username":"admin"}},"loggedOutAlready":false}}}],"totalTicketGrantingTickets":1,"totalTickets":1,"totalPrincipals":1,"totalProxyGrantingTickets":0}

看着一堆，其实你只需要注意-----JSESSIONID ，ticket_granting_ticket，authenticated_services，这三个参数就够了。

这是每次登入不通浏览器时，服务器保存的值。

这时候你就要知道了，你要修改一下服务器的代码，告诉服务器，同一个账号在两个地方登陆，只保留最后一次的值。也就是说，把之前的值删了，只保留最新的值。

之后，你的客户端去访问时，才可以获取到最新的值，再和你保存在自己本地的cookie进行比较，看看是不是一样的，有没有被人挤下去。

代码：

先看服务器的代码：

其实可以直接去下载大神的包，拿来就行了。

1.引入相应的包（）

<?xml version="1.0" encoding="UTF-8"?>
<!--
  ~ 版权所有.(c)2008-2017. 卡尔科技工作室
  -->

<!--
  ~ 版权所有.(c)2008-2017. 卡尔科技工作室
  -->

<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <parent>
        <artifactId>sso-support</artifactId>
        <groupId>com.carl.auth</groupId>
        <version>1.7.0-SNAPSHOT</version>
        <relativePath>../pom.xml</relativePath>
    </parent>
    <modelVersion>4.0.0</modelVersion>

    <artifactId>sso-support-single-login<