JeeThink 配置cas客户端
一、
1:
先修改参数的配置文件(后台代码中需要使用的参数)
loginUrl:为登录时跳转的地址(即cas服务器的登录地址)
casUrl:为cas服务器的登录地址
Casprourl: 为登录成功后客户端需要拦截的地址(即进行验证的地址:/cas是自己在后台代码中定义的)
2:jar 包的增加
位置:
代码如下:
org.apache.shiro
shiro-cas
1.2.3
二、在文件中自定义casRealm 类(CasUserRealm)处理登录验证及权限赋值
文件位置,如下图:
代码如下:
package com.jeethink.framework.shiro.realm;
import java.net.URLDecoder;
import java.security.Principal;
import java.util.HashSet;
import java.util.Set;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cas.CasAuthenticationException;
import org.apache.shiro.cas.CasRealm;
import org.apache.shiro.cas.CasToken;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.TicketValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import com.jeethink.system.domain.SysUser;
import com.jeethink.system.service.ISysMenuService;
import com.jeethink.system.service.ISysRoleService;
import com.jeethink.system.service.ISysUserService;
/**
-
自定义casRealm 处理登录 权限
-
@author hbjxfm
*/
public class CasUserRealm extends CasRealm
{
private static final Logger log = LoggerFactory.getLogger(CasUserRealm.class);@Autowired private ISysMenuService menuService; @Autowired private ISysRoleService roleService; @Autowired private ISysUserService userService; /** * 授权 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { //SysUser user = ShiroUtils.getSysUser(); Principal principal = (Principal) getAvailablePrincipal(principals); SysUser user=userService.selectUserByLoginName(principal.getName()); // 角色列表 Set<String> roles = new HashSet<String>(); // 功能列表 Set<String> menus = new HashSet<String>(); SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); // 管理员拥有所有权限 if (user.isAdmin()) { info.addRole("admin"); info.addStringPermission("*:*:*"); } else { roles = roleService.selectRoleKeys(user.getUserId()); menus = menuService.selectPermsByUserId(user.getUserId()); // 角色加入AuthorizationInfo认证对象 info.setRoles(roles); // 权限加入AuthorizationInfo认证对象 info.setStringPermissions(menus); } return info; } /** * 登录认证 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { CasToken casToken = (CasToken) token; if (token == null) { return null; } //获取ticket String ticket = (String)casToken.getCredentials(); if (!org.apache.shiro.util.StringUtils.hasText(ticket)) { return null; } TicketValidator ticketValidator = ensureTicketValidator(); try { //回传ticket到服务端验证,验证通过就进入下一行,可以获取登录后的相关信息,否则直接抛异常,即验证不通过 Assertion casAssertion = ticketValidator.validate(ticket, getCasService()); AttributePrincipal casPrincipal = casAssertion.getPrincipal(); String userId = casPrincipal.getName(); //----------中文解码---------- userId = URLDecoder.decode(userId,"UTF-8"); SysUser user = userService.selectUserByLoginName(userId); if (user != null) { //Principal p = new Principal(user, false); PrincipalCollection principalCollection = new SimplePrincipalCollection(user, getName()); return new SimpleAuthenticationInfo(principalCollection, ticket); } else { return null; } } catch (Exception e) { throw new CasAuthenticationException("Unable to validate ticket [" + ticket + "]", e); } } /** * 清理缓存权限 */ public void clearCachedAuthorizationInfo() { this.clearCachedAuthorizationInfo(SecurityUtils.getSubject().getPrincipals()); }
}
三、修改shiro 的配置文件
文件的位置如下图:
1:增加使用的变量值:(与步骤一中变量名一致)
代码如下:
// cas登录地址
@Value("
s
h
i
r
o
.
u
s
e
r
.
c
a
s
U
r
l
"
)
p
r
i
v
a
t
e
S
t
r
i
n
g
c
a
s
U
r
l
;
/
/
c
a
s
客
户
端
验
证
的
拦
截
地
址
@
V
a
l
u
e
(
"
{shiro.user.casUrl}") private String casUrl; // cas 客户端验证的拦截地址 @Value("
shiro.user.casUrl")privateStringcasUrl;//cas客户端验证的拦截地址@Value("{shiro.user.casProUrl}")
private String casProUrl;
2:注入自定义的casrealm 类
代码如下:
@Bean
public CasUserRealm myShiroCasRealm() {
CasUserRealm myShiroCasRealm = new CasUserRealm();
// 设置cas登录服务器地址的前缀
myShiroCasRealm.setCasServerUrlPrefix(casUrl);
// 客户端回调地址,登录成功后的跳转的地址(自己的服务器)
myShiroCasRealm.setCasService(casProUrl);
return myShiroCasRealm;
}
3:自定义cas的拦截器
代码如下:
// 定义cas的拦截器
@Bean(name = “casFilter”)
public CasFilter getCasFilter() {
CasFilter filter = new CasFilter();
// 自动注入拦截器的名称
filter.setName(“casFilter”);
// 是否自动的将当前的拦截器进行注入
filter.setEnabled(true);
// 在登录失败之后,也就是shiro执行CasRealm的doGetAuthenticationInfo 方法向CasServer验证tiker
filter.setFailureUrl(loginUrl);//认证失败之后,重新登录
filter.setLoginUrl(loginUrl);
return filter;
}
修改realm调用的验证方法
在shiro 过滤器配置中,增加cas 验证拦截的地址命名