cas-server默认配置的单点退出并没有做到真正的单点退出(在一个客户端退出时,另一个已经登录的客户端还能访问)。
springboot下设置单点退出:
与spring设置单点退出相同,cas-server已经内置了此类功能,我们只需要加入一个拦截器与监听器就好。不过我发现FilterRegistrationBean中的setOrder设置拦截器顺序并不起作用,最后只能通过放置顺序控制拦截器的执行顺序。
SingleSignOutFilter拦截器设置,需要是第一个加载的拦截器。
@Bean public SingleSignOutFilter singleSignOutFilter(){ return new SingleSignOutFilter(); } @Bean public FilterRegistrationBean singleSignOutFilterBean(){ FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(); filterRegistrationBean.setFilter(singleSignOutFilter()); // filterRegistrationBean.addInitParameter("targetFilterLifecycle","true") filterRegistrationBean.setEnabled(true); filterRegistrationBean.addUrlPatterns("/*"); filterRegistrationBean.setOrder(1); filterRegistrationBean.setName("singleFilter"); System.out.println("================================singleFilter执行"); return filterRegistrationBean; }
public SingleSignOutHttpSessionListener singleSignOutHttpSessionListener(){ return new SingleSignOutHttpSessionListener(); } @Bean public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListenerBean(){ ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listenerRegistrationBean= new ServletListenerRegistrationBean<>(); listenerRegistrationBean.setEnabled(true); listenerRegistrationBean.setListener(singleSignOutHttpSessionListener()); listenerRegistrationBean.setOrder(3); listenerRegistrationBean.setName("singleListener"); System.out.println("================================singleListener执行"); return listenerRegistrationBean;