1.项目要接入cas服务,记录下这周的过程以及遇到的坑
1.配置CasRealem和AuthorizingRealm的区别
由于上个服务 自己用的springboot+shiro 而没有整合cas,上个服务是登录后直接去库里面查询,那么何时去加载这个Ream。 我刚开始是实现了AuthorizingRealm而不是CasRealem,之后交给spring管理,结果发现怎么都进入不到自己的ream里面。最后发现是配置的问题
package com.sq.unionmanage.gateway.api;
import com.sq.unionmanage.gateway.service.common.datasource.DataSourceConfig;
import com.sq.unionmanage.gateway.service.shiro.PlatformShiroFilterFactoryBean;
import com.sq.unionmanage.gateway.service.shiro.cache.RedisCacheManager;
import com.sq.unionmanage.gateway.service.shiro.filter.ShiroFormAuthenticationFilter;
import com.sq.unionmanage.gateway.service.shiro.filter.SqUserFilter;
import com.sq.unionmanage.gateway.service.shiro.realm.ShiroRealm;
import com.sq.unionmanage.gateway.service.shiro.session.RedisSessionDAO;
import com.sq.unionmanage.gateway.service.shiro.session.UuIdSessionIdGenerator;
import com.sq.unionmanage.gateway.service.util.DESUtil;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.web.filter.DelegatingFilterProxy;
import javax.annotation.Resource;
import javax.servlet.Filter;
import java.util.Base64;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;/**
* @Author:
* @Date:2020/03/21
* @Description:*/@Configuration
@AutoConfigureAfter(DataSourceConfig.class)public classShiroConfiguration {
@Value(value= "${cms.login.url}")privateString cmsLoginUrl;
@Value(value= "${homepage.url}")privateString homePageUrl;
@Value(value= "${service.des.secret}")privateString serviceDesSecret;
@Value(value= "${sso.server.url}")privateString ssoServerUrl;
@Value(value= "${sso.login.url}")privateString ssoLoginUrl;
@Value(value= "${cms.server.url}")privateString cmsServerUrl;// @Resource(name="scosSerRedisTemplate")privateRedisTemplate scosSerRedisTemplate;
@Value("${cms.login.url}")private String localLoginUrl; //本地客户端的认证回调地址
@Value("${service.des.secret}")private String desSecret; //本地客户端的认证回调地址 的DES加密密钥
@BeanpublicShiroRealm shiroRealm(){
ShiroRealm shiroRealm= newShiroRealm();///* shiroRealm.setDefaultRoles("ROLE_USER");
shiroRealm.setCasServerUrlPrefix(ssoServerUrl);//casServic的作用是 登录成功后向客户端回调
shiroRealm.setCasService(cmsLoginUrl);returnshiroRealm;
}
@Bean(name="sessionIdGenerator")publicUuIdSessionIdGenerator sessionIdGenerator(){
UuIdSessionIdGenerator sessionIdGenerator= newUuIdSessionIdGenerator();returnsessionIdGenerator;
}
@Bean(name= "sessionDAO")publicRedisSessionDAO sessionDAO(UuIdSessionIdGenerator sessionIdGenerator){
RedisSessionDAO sessionDAO= newRedisSessionDAO();
sessionDAO.setActiveSessionsCacheName("shiro-activeSessionCache");
sessionDAO.setSessionIdGenerator(sessionIdGenerator);
sessionDAO.setRedisTemplate(scosSerRedisTemplate);returnsessionDAO;
}
@Bean(name= "sessionIdCookie")publicSimpleCookie sessionIdCookie(){
SimpleCookie sessionIdCookie= new SimpleCookie("unsid");
sessionIdCookie.setHttpOnly(true);
sessionIdCookie.setMaxAge(-1);returnsessionIdCookie;
}