shiro 单点登录实现

shiro 单点登录实现

1.部署shiro cas server（实测有用博客）

 https://blog.csdn.net/mengmei16/article/details/52597468

2.实现登录数据可配化

参考博客
https://blog.csdn.net/c1481118216/article/details/80402622
实现shiro server  连接mysql 数据库

3创建XXX.properties并加载到xml文件中

xxx.properties :文件内容为：
shiro.loginUrl = https://localhost:8443/cas2/login（cas服务器login请求地址）? service=http://localhost:8080/struts3_layui/index（服务进主页的地址）
shiro.logoutUrl = https://localhost:8443/cas2/logout（cas服务器logout请求地址）?service=http://localhost:8080/struts3_layui/logout（服务器logout地址）
shiro.cas.serverUrlPrefix = https://localhost:8443/cas2
shiro.cas.service = http://localhost:8080/struts3_layui
shiro.failureUrl = /users/loginSuccess
shiro.successUrl = /index.action

5.在xml文件中bean修改为

<?xml version="1.0" encoding="UTF-8"?>

<!-- 加载shiro配置文件完成单点核心配置 -->
<!-- 定义缓存管理器 --> 

<!-- 继承自AuthorizingRealm的自定义Realm,即指定Shiro验证用户登录的类为自定义的ShiroDbRealm.java -->  
<bean id="rolePermissionResolver" class="org.ycxy.shiro.MyRolePermissionResolver"/>  

<!-- 配置权限认证 -->
<bean id="authorizer" class="org.apache.shiro.authz.ModularRealmAuthorizer">
		<property name="permissionResolver" ref="permissionResolver"></property>
		<property name="rolePermissionResolver" ref="rolePermissionResolver"></property>
</bean>
<!-- 配置权限管理器 -->
<bean id="jdbcRealm" class="org.apache.shiro.realm.jdbc.JdbcRealm"> 
	<property name="dataSource" ref="dataSource"></property>
</bean>

<!-- 这里主要是设置自定义的单Realm应用,若有多个Realm,可使用'realms'属性代替 -->  

<!-- Web应用中,Shiro可控制的Web请求必须经过Shiro主过滤器的拦截,Shiro对基于Spring的Web应用提供了完美的支持 -->  
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">  
    <!-- Shiro的核心安全接口,这个属性是必须的 -->  
    <property name="securityManager" ref="securityManager"/>  
     <property name="loginUrl"  value="${shiro.loginUrl}" />
    <!-- 要求登录时的链接(可根据项目的URL进行替换),非必须的属性,默认会自动寻找Web工程根目录下的"/login.jsp"页面 -->  
   <!--  <property name="loginUrl" value="/home/loginPage.action"/>   -->
    <!-- 登录成功后要跳转的连接(本例中此属性用不到,因为登录成功后的处理逻辑在LoginController里硬编码为main.jsp了) -->  
    <!-- <property name="successUrl" value="/system/main"/> -->  
    <!-- 用户访问未对其授权的资源时,所显示的连接 -->  
    <!-- 若想更明显的测试此属性可以修改它的值,如unauthor.jsp,然后用[玄玉]登录后访问/admin/listUser.jsp就看见浏览器会显示unauthor.jsp -->  
    <!-- <property name="unauthorizedUrl" value="/WEB-INF/home/unauth.jsp"/>   -->
    <!-- 添加项 配置casfilter -->
    <property name="filters">
		<map>
			<!-- 添加casFilter到shiroFilter -->
			<entry key="casFilter" value-ref="casFilter" />
			<entry key="logoutFilter" value-ref="logoutFilter" />
			
		</map>
	</property>
    <!-- Shiro连接约束配置,即过滤链的定义 -->  
    <!-- 此处可配合这篇文章来理解各个过滤连的作用http://blog.csdn.net/jadyer/article/details/12172839 -->  
    <!-- 下面value值的第一个'/'代表的路径是相对于HttpServletRequest.getContextPath()的值来的 -->  
    <!-- anon：它对应的过滤器里面是空的,什么都没做,这里.do和.jsp后面的*表示参数,比方说login.jsp?main这种 -->  
    <!-- authc：该过滤器下的页面必须验证后才能访问,它是Shiro内置的一个拦截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter -->  
    <property name="filterChainDefinitions">  
        <value>  
            /struts_layui=casFilter
            /logout = logoutFilter
			/users/** = user
            /index=anon
            /home/**=anon
            /static/**=anon  
            /static/css/**=anon  
            /static/images/**=anon 
            /static/js/**=anon  
            /admin/**=anon
            /sysuser/**=anon
            /**=authc
        </value>  
    </property>  
</bean>  
 <bean id="casFilter" class="org.apache.shiro.cas.CasFilter">
	<!-- 配置验证错误时的失败页面 -->
	<property name="failureUrl" value="${shiro.failureUrl}" />
	<property name="successUrl" value="${shiro.successUrl}" />
</bean>

<bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter">
	<!-- 配置验证错误时的失败页面 -->
	<property name="redirectUrl" value="${shiro.logoutUrl}" />
</bean>

 <bean id="casRealm" class="org.apache.shiro.cas.CasRealm">
    <property name="defaultRoles" value="ROLE_USER"/>
    <!-- cas服务端地址前缀 -->
    <property name="casServerUrlPrefix" value="${shiro.cas.serverUrlPrefix}"/>
    <!-- 应用服务地址，用来接收cas服务端票据 -->
    <property name="casService" value="${shiro.cas.service}"/>
</bean>
<!-- Shiro's main business-tier object for web-enabled applications -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
	<!-- <property name="sessionManager" ref="sessionManager" /> -->
	<property name="subjectFactory" ref="casSubjectFactory"></property>
	<property name="realm" ref="casRealm" />
	<property name="cacheManager" ref="cacheManager" />
</bean>

<bean id="casSubjectFactory" class="org.apache.shiro.cas.CasSubjectFactory"></bean>

<bean
	class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
	<property name="securityManager" ref="securityManager" />
</bean>

<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"></bean>

<bean
	class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
	     <property name="staticMethod" value="org.apache.shiro.SecurityUtils" />
	<property name="arguments" ref="securityManager"></property>
</bean>

- 修改web.xml文件
 1.添加web.xml文件为
 <?xml version="1.0" encoding="UTF-8"?>

<context-param>
	<param-name>contextConfigLocation</param-name>
	<param-value>/WEB-INF/config/spring-*.xml</param-value>
</context-param>

<listener>
	<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
	<filter-name>singleSignOutFilter</filter-name>
	<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
	<filter-name>singleSignOutFilter</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
	<filter-name>SpringEncodingFilter</filter-name>
	<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
	<init-param>
		<param-name>encoding</param-name>
		<param-value>UTF-8</param-value>
	</init-param>
</filter>
<filter-mapping>
	<filter-name>SpringEncodingFilter</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
	<filter-name>HttpMethodFilter</filter-name>
	<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>
<filter-mapping>
	<filter-name>HttpMethodFilter</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- <filter>
	<filter-name>CAS Validation Filter</filter-name>
	<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
	<init-param>
		<param-name>casServerUrlPrefix</param-name>
		<param-value>http://localhost:8443/cas</param-value>
	</init-param>
	<init-param>
		<param-name>serverName</param-name>
		<param-value>http://localhost:8080</param-value>
	</init-param>
</filter>
<filter-mapping>
	<filter-name>CAS Validation Filter</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>  -->

<!-- 封装request, 支持getUserPrincipal等方法 -->
<filter>
	<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
	<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
	<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>

<!-- 存放Assertion到ThreadLocal中 -->
<filter>
	<filter-name>CAS Assertion Thread Local Filter</filter-name>
	<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
	<filter-name>CAS Assertion Thread Local Filter</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 用来加载Spring的配置文件的监听器 -->
<listener>
	<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>


<!-- 配置log4j -->
<context-param>
	<param-name>log4jConfigLocation</param-name>
	<param-value>/WEB-INF/config/log4j.properties</param-value>
</context-param>

<context-param>
	<!-- 配置log4j的参数名 -->
	<param-name>log4jRefreshInterval</param-name>
	<param-value>60000</param-value>
</context-param>
<!-- 配置log4j的监听器 -->
<listener>
	<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<!--配置shiro的url过滤器 -->
<filter>
	<filter-name>shiroFilter</filter-name>
	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	<async-supported>true</async-supported>
	<init-param>
		<param-name>targetFilterLifecycle</param-name>
		<param-value>true</param-value>
	</init-param>
</filter>
<filter-mapping>
	<filter-name>shiroFilter</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 配置Struts2的过滤器 -->
<filter>
	<description>配置struts2的核心过滤器</description>
	<filter-name>struts2</filter-name>
	<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
	<init-param>
		<param-name>config</param-name>
		<param-value>struts-default.xml,struts-plugin.xml,../config/struts-main.xml</param-value>
	</init-param>
</filter>

<filter-mapping>
	<filter-name>struts2</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>

##5.再将cas server 和项目致于同个tomact 下启动即可

6.项目所需要添加的jar包

 cas-client-core-3.3.3.jar   来自于cas-client  中
 mysql-connector-java-5.1.6-bin.jar    server 连接mysql 数据库需要 
 还有shiro - cas-server 包下的 jdbc 包
 还有 shiro  spring   hibernate  Struts2 所需的 所有配置

• 完成上述步骤即可实行简单的单点 不含权限认证部分