单点cas环境的搭建,以及原理

1、请参考cas单点登录,登录,注销逻辑时序图

2、部署cas服务器
(1)先从github下载cas服务端代码,自己打包war
https://github.com/apereo/cas-management-overlay
注意:打包的时候修改propertyFileConfigurer.xml,文件里面的文件路径把casProperties放在相应的位置

<util:properties id="casProperties" location="file:c:\cas.properties" />`

(2)tomcat或者jetty部署
(3)如果需要设置https,以tomcat为列

<Connector port="8080" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="D:\\keystore\\tomcat.keystore"
           keystorePass="wang" />

keystoreFile 是加密的证书问价
keystorePass为密码
请参考
https://blog.csdn.net/u012970850/article/details/82533555
(4)访问https://127.0.0.1:8080/cas/Login;默认用户名密码为: 默认是 casuser:Mellon
3、客户端的配置
我使用的springboot手动配置的方式,没使用springboot自带的
使用的jar包为cas-client-core-3.1.10.jar
不同的jar代码会有一下差异,但是不大
(1)配置参数

@Configuration
@Getter
@Setter
public  class CasConfiguration {
    //cas登录路径
    @Value("${cas.casServerLoginUrl}")
    private String casServerLoginUrl;


    @Value("${cas.casServerLogoutUrl}")
    private String casServerLogoutUrl;

    //cas客户端服务器
    @Value("${cas.clientService}")
    private String clientService;

    //登录成功地址
    @Value("${cas.clientLoginSuccessUrl}")
    private String clientLoginSuccessUrl;

    //白名单
    @Value("${cas.whiteList}")
    private String whiteList;

    //cas服务器
    @Value("${cas.casServerUrlPrefix}")
    private String casServerUrlPrefix;

    //cas客户端服务器根目录
    @Value("${cas.clientServerName}")
    private String clientServerName;

}

(2)配置过滤器

@Configuration
public class CasFilter {
    @Autowired
    CasConfiguration casConfiguration;


    /*
      * @Description:退出登录过滤器,需要放在最前面
      * @Param:[]
      * @Return: org.springframework.boot.web.servlet.FilterRegistrationBean
      * @Throws:
      * @Author: wangwei
      * @Date:2020/3/31 15:44
      */
    @Bean
    public FilterRegistrationBean CasSingleSignOutFilter() {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        //配置拦截器参数map
        Map<String, String> map = new HashMap<>(16);
        SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
        filterRegistrationBean.setFilter(singleSignOutFilter);
        map.put("casServerUrlPrefix", casConfiguration.getCasServerUrlPrefix());
        filterRegistrationBean.setInitParameters(map);
        String url = "/*";
        filterRegistrationBean.addUrlPatterns(url);
        filterRegistrationBean.setName("CasSingleSignOutFilter");
        filterRegistrationBean.setOrder(1);
        return filterRegistrationBean;
    }


    //配置 SingleSignOutHttpSessionListener
    @Bean
    public ServletListenerRegistrationBean<org.jasig.cas.client.session.SingleSignOutHttpSessionListener> casListener() {
        return new ServletListenerRegistrationBean<>(
                new org.jasig.cas.client.session.SingleSignOutHttpSessionListener());
    }
    /*
      * @Description:CAS认证filter casServerLoginUrl参数:表示CAS Server登录URL,后面追加appResId参数,表明应用类型(公文系统暂时使用GONGWEN,备案系统使用BHXT)。
		             service参数:表示在通过CAS Server认证后的返回页面。 localLoginUrl参数:本地登录URL。 renew参数:请不要修改。
		             whiteList参数:不进行认证检查的URI,使用分号进行分割。如果以/为结尾,则表示该路径下的所有URI均不进行认证检查。
      * @Param:[]
      * @Return: org.springframework.boot.web.servlet.FilterRegistrationBean
      * @Throws:
      * @Author: wangwei
      * @Date:2020/3/27 11:10
      */
    @Bean
    public FilterRegistrationBean CasAuthenticationFilter() {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        //配置拦截器参数map
        Map<String, String> map = new HashMap<>(16);
        AuthenticationFilter  casAuthenticationFilter = new  AuthenticationFilter();
        filterRegistrationBean.setFilter(casAuthenticationFilter);
        map.put("casServerLoginUrl", casConfiguration.getCasServerLoginUrl());
        map.put("service", casConfiguration.getClientLoginSuccessUrl());
        map.put("localLoginUrl", casConfiguration.getClientLoginSuccessUrl());
        map.put("renew", "false");
        map.put("whiteList", casConfiguration.getWhiteList());
        filterRegistrationBean.setInitParameters(map);
        String url = "/*";
        filterRegistrationBean.addUrlPatterns(url);
        filterRegistrationBean.setName("casAuthenticationFilter");
        filterRegistrationBean.setOrder(2);
        return filterRegistrationBean;
    }


    /*
      * @Description:CAS验证filter serverName参数:应用根路径。 CAS Http请求Wrapper filter:在通过CAS认证或验证通过后,将user id赋值到request中remoteUser中
      * @Param:[] 
      * @Return: org.springframework.boot.web.servlet.FilterRegistrationBean
      * @Throws:
      * @Author: wangwei
      * @Date:2020/3/27 11:10
      */
    @Bean
    public FilterRegistrationBean CasValidationFilter() {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        //配置拦截器参数map
        Map<String, String> map = new HashMap<>(16);
        CustomCas30ProxyReceivingTicketValidationFilter casValidationFilter = new CustomCas30ProxyReceivingTicketValidationFilter();
        filterRegistrationBean.setFilter(casValidationFilter);
        map.put("casServerUrlPrefix", casConfiguration.getCasServerUrlPrefix());
        map.put("serverName", casConfiguration.getClientServerName());
        filterRegistrationBean.setInitParameters(map);
        String url = "/*";
        filterRegistrationBean.addUrlPatterns(url);
        filterRegistrationBean.setName("casValidationFilter");
        filterRegistrationBean.setOrder(3);
        return filterRegistrationBean;
    }


    @Bean
    public FilterRegistrationBean CasHttpServletRequestFilter() {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        //配置拦截器参数map
        HttpServletRequestWrapperFilter casHttpServletRequestFilter = new HttpServletRequestWrapperFilter();
        filterRegistrationBean.setFilter(casHttpServletRequestFilter);
        String url = "/*";
        filterRegistrationBean.addUrlPatterns(url);
        filterRegistrationBean.setName("casHttpServletRequestFilter");
        filterRegistrationBean.setOrder(4);
        return filterRegistrationBean;
    }

}

(3)登录成功,校验成功后获取登录用户信息

public class CustomCas30ProxyReceivingTicketValidationFilter extends Cas10TicketValidationFilter {


    @Override
    protected void onSuccessfulValidation(HttpServletRequest request, HttpServletResponse response, Assertion assertion) {
        String dcpLoginInfo = (String) assertion.getPrincipal().getName();
        javax.servlet.http.HttpSession session=request.getSession(false);
        if(session!=null){
            session.setAttribute("systemUser",dcpLoginInfo);
        }
    }


}

(4)配置信息

cas:
  casServerLoginUrl: https://127.0.0.1:8080/cas/Login?appResId=BI
  casServerLogoutUrl: https://127.0.0.1:8080/cas/logout?appResId=BI
  clientService: https://cas01.example.org/BI
  clientLoginSuccessUrl: https://cas01.example.org/BI/index.html
  whiteList: /swagger-resources/**,/swagger-ui.html,/v2/api-docs
  casServerUrlPrefix: https://127.0.0.1:8080/cas
  clientServerName: https://cas01.example.org

4、注意事项
(1)、如果不做配置,客户端需要使用域名,如果使用ip,token校验通不过
(2)、客户端使用http连接需要配置cas服务器,里面的这个两个文件
在这里插入图片描述
(3)、注销后跳转指定路径需要配置cas服务器
在这里插入图片描述
(4)、客户端可能会证书认证的错误,可以忽略证书

  /**
     * 忽略https证书
     */
    private static void disableSslVerification() {
        try
        {
            // Create a trust manager that does not validate certificate chains
            TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {
                @Override
                public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {

                }

                @Override
                public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {

                }

                @Override
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            }
            };

            // Install the all-trusting trust manager
            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

            // Create all-trusting host name verifier
            HostnameVerifier allHostsValid = new HostnameVerifier() {
                @Override
                public boolean verify(String hostname, SSLSession session) {
                    return true;
                }
            };

            // Install the all-trusting host verifier
            HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        }
    }

启动的时候调用
在这里插入图片描述
5、客户端访问
登录访问路径,会自动跳到cas登录地址
https://cas01.example.org/BI/index.html
注销路径
https://127.0.0.1:8080/cas/logout?appResId=bjzdgc-BI&service=注销后的路径
6、对应的资源文件
(1)war包
https://download.csdn.net/download/weixin_40010498/12288839
(2)core包网上找有很多,已经有资源了不能上传了
cas-client-core

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值