一、搭建CAS5.2服务端
1.1、cas服务端搭建
可以参考文档【别人整理好的不必重复整理】:https://blog.csdn.net/oumuv/article/details/84306361
但是需要注意的是连接数据库时需要在cas5.2服务端的pom.xml文件中导入如下两个依赖:
<dependencies>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-jdbc</artifactId>
<version>5.2.0</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.24</version>
</dependency>
</dependencies>
重新maven clean package
在windows环境下build.cmd run 运行cas服务端
二、后端配置
2.1导入cas客户端依赖
在springboot项目pom.xml文件加入依赖
<dependency>
<groupId>net.unicon.cas</groupId>
<artifactId>cas-client-autoconfig-support</artifactId>
<version>2.3.0-GA</version>
</dependency>
在resources目录下的yml文件中添加配置
cas:
server-url-prefix: http://172.19.25.113:8080/cas
server-login-url: http://172.19.25.113:8080/cas/login
client-host-url: http://172.19.25.113:1010
validation-type: cas
use-session: true
authentication-url-patterns:
/auth
记录我们项目中的配置
cas:
server-url-prefix: "http://cas.server.com:8443/cas"
server-login-url: "http://cas.server.com:8443/cas/login"
client-host-url: "http://cas.client1.com:8080"
validation-type: cas
use-session: true
validation-type:cas
casClientLogoutUrl: "http://cas.server.com:8443/cas/logout?service=http"//cas.client1.com:8081/logout/sucess"
而前端请求的cas登录地址是
http://cas.server.com:8443/cas/login?service=http://cas.client1.com:8080/caslogin
这里配置了nginx代理
server{
listen 8080;
location /restful{
proxy_pass http:127.0.0.1:8081;后端请求地址
client_max_body_size 40m;
}
location /resource{
proxy_pass http:127.0.0.1:8081/resource;
}
location / {
proxy_pass http:127.0.0.1:8079;前端请求地址
client_max_body_size 40m;
}
location /caslogin{
proxy_pass http:127.0.0.1:8081/caslogin;
}
location /casjump{
proxy_pass http:127.0.0.1:8081/casjump;
}
}
sprinbgoot后端配置,添加开启客户端注解
@EnableCasClient
@SpringBootApplication
public class SpringbootCasDemoApplication {
public static void main(String[] args) {
SpringApplication.run(SpringbootCasDemoApplication.class, args);
}
}
之所以项目中采用client-host-url端口号是8080而springboot服务端是8081是因为nginx配置了代理
相当于前端请求http://cas.server.com:8443/cas/login?service=http://cas.client1.com:8080/caslogin会代理到
http://cas.server.com:8443/cas/login?service=http://cas.client1.com:8081/caslogin而cas认证成功之后
请求controller /caslogin进行重定向到前端页面http:/127.0.0.1:8079/#/jump,然后前端发送请求请求 /casjump执行shiro的认证流程
@Controller
public class CASController extends AbstractRestController{
@Autowired
private RoleService roleService;
@Autowired
private PermissionService permissionService;
@Autowired
private ISysOrganizationRepository sysOrganizationRepository;
@Autowired
private ISysUserRepository sysUserRepository;
@Value("${casClientLogoutUrl}")
private String cilentLogoutUrl;
@RequestMapping("/caslogin")
public String UserLogin(HttpServletRequest request ,Model model){
sout(request.getUserPrincipal().getName());//拿到登录的用户名
return "redirect:http://cas.client1.com:8080/#/jump";
}
@RequestMapping("/casjump")
public @ResponseBody ResponseEntity<GetLoginWebResponse> UserJump(HttpServletRequest request){
String policeNo = request.getUserPrincipal().getName();
//查询数据库获取用户信息,此处代表CAS已经认证通过
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken ("用户名","密码");
//执行shiro认证
subject.login(token)
.......
}
}
@Configuration
public class CASAutoConfig{
@Value("${cas.server-url-prefix}")
private String serverUrlPrefix;
@Value("${cas.server-login-url}")
private String serverLoginUrl;
@Value("${cas.client-host-url}")
private String clientHostUrl;
//授权过滤器
@Bean
public FilterRegistrationBean filterAuthenticationRegistration(){
FilterRegistrationBean reg = new FilterRegistrationBean ();
reg.setFilter(new AuthenticationFilter());
//设定匹配路径
reg.addUrlPatterns("/*");
Map<String,String> init = new HashMap<~>();
init.put("casServerLoginUrl",serverUrlPrefix);
init.put("serverName",clientHostUrl);
//忽略url,"|"分隔多个url
init.put("ignorePattern","/logout/success|/index|/12345|/restful/*");
reg.setInitParameters(init);
//设定加载顺序
reg.setOrder(1);
return reg;
}
}
总结:最后效果是既能用shiro认证登录又可以用CAS统一登录