Springboot前后端分离实现CAS单点登录

最新推荐文章于 2024-06-04 17:24:14 发布

JasonWangQB

最新推荐文章于 2024-06-04 17:24:14 发布

阅读量1.3w

点赞数 8

分类专栏： CAS SpringBoot

本文链接：https://blog.csdn.net/weixin_44294381/article/details/104990143

版权

本文详细介绍了在Springboot应用中实现前后端分离的CAS单点登录过程，包括CAS服务端war包部署、配置修改，客户端构建涉及的pom依赖、yml配置、后端代码以及页面设置。在问题记录部分，作者针对前后端分离下AuthenticationFilter重定向导致的跨域问题、CORS配置以及Ticket票据验证失败等常见问题给出了解决方案和实现步骤。

摘要由CSDN通过智能技术生成

1.CAS服务端构建

1.1war包部署

cas5.3版本
https://github.com/apereo/cas-overlay-template
构建完成后将war包部署到tomcat即可
在这里插入图片描述

1.2配置文件修改

支持http协议
修改apache-tomcat-8.5.53\webapps\cas\WEB-INF\classes\services目录下的HTTPSandIMAPS-10000001.json，在serviceId中添加http即可

{
   
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^(https|http|imaps)://.*",
  "name" : "HTTPS and IMAPS",
  "id" : 10000001,
  "description" : "This service definition authorizes all application urls that support HTTPS and IMAPS protocols.",
  "evaluationOrder" : 10000
}

在apache-tomcat-8.5.53\webapps\cas\WEB-INF\classes下application.properties添加配置

cas.tgc.secure=false
cas.serviceRegistry.initFromJson=true

配置默认登录用户名密码及登出重定向
修改apache-tomcat-8.5.53\webapps\cas\WEB-INF\classes下application.properties配置

cas.authn.accept.users=admin::admin

#配置允许登出后跳转到指定页面
cas.logout.followServiceRedirects=true

1.3启动

在这里插入图片描述

1.客户端构建

1.1pom依赖

<dependency>
    <groupId>net.unicon.cas</groupId>
    <artifactId>cas-client-autoconfig-support</artifactId>
    <version>2.3.0-GA</version>
</dependency>

1.2yml配置

client-host-url配置的地址和前端ajax调用的地址必须一致，统一使用ip:port或hostname:port；如果本地后端配置localhost，前端使用ip，会造成Ticket验证失败

cas:
  server-url-prefix: http://172.19.25.113:8080/cas
  server-login-url: http://172.19.25.113:8080/cas/login
  client-host-url: http://172.19.25.113:1010
  validation-type: cas
  use-session: true
  authentication-url-patterns:
    /auth

1.3后端代码

启动类添加@EnableCasClient注解

@EnableCasClient
@SpringBootApplication
public class SpringbootCasDemoApplication {
   

    public static void main(String[] args) {
   
        SpringApplication.run(SpringbootCasDemoApplication.class, args);
    }
}

自定义AuthenticationFilter重定向策略

public class CustomAuthRedirectStrategy implements AuthenticationRedirectStrategy {
   

    @Override
    public void redirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String s) throws IOException {
   
        httpServletResponse.setCharacterEncoding("utf-8");
        httpServletResponse.setContentType("application/json; charset=utf-8");
        PrintWriter out = httpServletResponse.getWriter();
        out.write("401");
    }
}

Cors及CasClient相关filter初始化参数配置

@Configuration
public class CasAuthConfig extends CasClientConfigurerAdapter {
   

    @Override
    public void configureAuthenticationFilter(FilterRegistrationBean authenticationFilter) {
   
        Map<String, String> initParameters = authenticationFilter.getInitParameters();
        initParameters.put("authenticationRedirectStrategyClass", "cc.jasonwang.springbootcasdemo.config.CustomAuthRedirectStrategy");
    }

    @Override
    public void configureValidationFilter(FilterRegistrationBean validationFilter) {
   
        Map<String, String> initParameters = validationFilter.getInitParameters();
        initParameters.put("encodeServiceUrl", "false");
    }

    @Bean
    public FilterRegistrationBean corsFilter() {
   
        UrlBasedCorsConfigurationSource source = new