至于框架整合。https://download.csdn.net/download/qq_37256345/10803287 有个demo
这里就不多讲了,主要是问题
cas :4.0.x
spring boot:2.0.x
由于cas此版本不支持 前后分离。
问题1: 由于前端代码是放nginx 后台在tomcat ,端口不一致 于是存在跨域问题
解决办法:
nginx通过反向代理, 代理地址为tomcat地址,并且前端请求的地址为 nginx配置地址
问题2: 接口无法测试
解决办法:
放开全部权限,并且写一个中转工具类
取用户信息 ,全部从该工具类取, 可以根据不同用户 修改不同用户信息,
接口对完,测试上场就注释下面部分代码,该 从security中获取用户信息,这样只需修改一个地方。
问题3:上传下载,nginx 做了限制。
解决方法:client_max_body_size 10m; ngxin配置
security
放开下载接口即可;如果下载是用nginx 做的,配置nginx即可,
问题4:前后分离ajax请求未登录无法跳转登录页
解决方案:前端拦截异常 统一跳转 security+cas 的回调地址,并在该接口做一次重定向,跳转至nginx 的首页
回调地址必须为 nginx代理的那个tomcat地址,否则仍然会出现跨域问题。
--------------------------------------------------------------------
新的解决方案
cas 302重定向的核心代码
如果能改源码最好了,不能改源码那就复制一个一模一样的类出来其他的都不改
public class MyCasAuthenticationEntryPoint implements AuthenticationEntryPoint,
InitializingBean {
// ~ Instance fields
// ================================================================================================
private ServiceProperties serviceProperties;
private String loginUrl;
/**
* Determines whether the Service URL should include the session id for the specific user. As of
* CAS 3.0.5, the session id will automatically be stripped. However, older versions of CAS
* (i.e. CAS 2), do not automatically strip the session identifier (this is a bug on the part of
* the older server implementations), so an option to disable the session encoding is provided
* for backwards compatibility.
*
* By default, encoding is enabled.
*/
private boolean encodeServiceUrlWithSessionId = true;
// ~ Methods
// ========================================================================================================
public void afterPropertiesSet() throws Exception {
Assert.hasLength(this.loginUrl, "loginUrl must be specified");
Assert.notNull(this.serviceProperties, "serviceProperties must be specified");
Assert.notNull(this.serviceProperties.getService(),
"serviceProperties.getService() cannot be null.");
}
public final void commence(final HttpServletRequest servletRequest,
final HttpServletResponse response,
final AuthenticationException authenticationException) throws IOException,
ServletException {
final String urlEncodedService = createServiceUrl(servletRequest, response);
final String redirectUrl = createRedirectUrl(urlEncodedService);
//System.out.println(redirectUrl);
preCommence(servletRequest, response);
//response.sendRedirect(redirectUrl);
response.setCharacterEncoding("UTF-8");
response.setHeader("Content-Type", "application/json");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "GET, POST");
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Max-Age", "3600");
response.setStatus(HttpServletResponse.SC_OK);
response.setContentType("application/json;charset=UTF-8");
PrintWriter writer = null;
try {
RespData redirect = RespData.redirect(redirectUrl);
writer = response.getWriter();
writer.write(JSONObject.toJSONString(redirect));
writer.flush();
} catch (IOException ex) {
} finally {
if (writer != null) {
writer.close();
}
}
}
/**
* Constructs a new Service Url. The default implementation relies on the CAS client to do the
* bulk of the work.
*
* @param request the HttpServletRequest
* @param response the HttpServlet Response
* @return the constructed service url. CANNOT be NULL.
*/
protected String createServiceUrl(final HttpServletRequest request,
final HttpServletResponse response) {
return CommonUtils.constructServiceUrl(null, response,
this.serviceProperties.getService(), null,
this.serviceProperties.getArtifactParameter(),
this.encodeServiceUrlWithSessionId);
}
/**
* Constructs the Url for Redirection to the CAS server. Default implementation relies on the
* CAS client to do the bulk of the work.
*
* @param serviceUrl the service url that should be included.
* @return the redirect url. CANNOT be NULL.
*/
protected String createRedirectUrl(final String serviceUrl) {
return CommonUtils.constructRedirectUrl(this.loginUrl,
this.serviceProperties.getServiceParameter(), serviceUrl,
this.serviceProperties.isSendRenew(), false);
}
/**
* Template method for you to do your own pre-processing before the redirect occurs.
*
* @param request the HttpServletRequest
* @param response the HttpServletResponse
*/
protected void preCommence(final HttpServletRequest request,
final HttpServletResponse response) {
}
/**
* The enterprise-wide CAS login URL. Usually something like
* <code>https://www.mycompany.com/cas/login</code>.
*
* @return the enterprise-wide CAS login URL
*/
public final String getLoginUrl() {
return this.loginUrl;
}
public final ServiceProperties getServiceProperties() {
return this.serviceProperties;
}
public final void setLoginUrl(final String loginUrl) {
this.loginUrl = loginUrl;
}
public final void setServiceProperties(final ServiceProperties serviceProperties) {
this.serviceProperties = serviceProperties;
}
/**
* Sets whether to encode the service url with the session id or not.
*
* @param encodeServiceUrlWithSessionId whether to encode the service url with the session id or
* not.
*/
public final void setEncodeServiceUrlWithSessionId(
final boolean encodeServiceUrlWithSessionId) {
this.encodeServiceUrlWithSessionId = encodeServiceUrlWithSessionId;
}
/**
* Sets whether to encode the service url with the session id or not.
*
* @return whether to encode the service url with the session id or not.
*/
protected boolean getEncodeServiceUrlWithSessionId() {
return this.encodeServiceUrlWithSessionId;
}
}
SecurityConfig里的该方法记得改掉即可,如果直接改源码就不需要,像我这种复制一个出来的就需要重新改掉
直接改写返回重定向不由后台处理,指定特殊的code,让前端统一拦截,例如遇到code=1前端去跳转即可
logout不能直接用了
需要前端获取退出接口,然后页面会跳转登录页面,回调到上面的 / 首页,首页在重定向到前端的首页即可
2455
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
