1、配置
#cas
cas:
#定义服务端login url
serverLoginUrl: http://666.666.66.66:8888/login
#casServerUrlPrefix 定义uas服务端开始部分地址
casServerUrlPrefix: http://666.666.66.66:8888
#客户端:定义本项目服务地址
serverName: http://888.888.88.88:6666
redirectAfterValidation: true
useSession: true
gateway: false
renew: false
2、主代码
/**
* cas 统一认证 拦截配置 将mapper文件通过代码形式体现 mapper文件省略
代码里面需要引入的jar包,均为服务端需要提供的jar包。这里的代码是作为客户端去引用服务端统一认证拦截配置。
*/
@Configuration
@ConditionalOnProperty(prefix = "cas", value = "open", havingValue = "ture")
public class CasConfig {
@Autowired
CasProperties casProperties;
@ConfigurationProperties("cas")
@Bean
public CasProperties casProperties() {
CasProperties casProperties = new CasProperties();
return casProperties;
}
/**
* 1)单点监听
*/
@Bean
public ServletListenerRegistrationBean singleSignOutHttpSessionListener() {
ServletListenerRegistrationBean bean = new ServletListenerRegistrationBean();
bean.setListener(new SingleSignOutHttpSessionListener()); //该SingleSignOutHttpSessionListener包 暂不提供
bean.setEnabled(true);
bean.setOrder(1);
return bean;
}
/**
* 2)singleSignOutFilter 该单点退出配置,放在其他filter前
*/
@Bean
public FilterRegistrationBean singleSignOutFilter() {
FilterRegistrationBean bean = new FilterRegistrationBean();
bean.setFilter(new SingleSignOutFilter()); //该 SingleSignOutFilter 包 暂不提供
bean.addUrlPatterns("/*");//拦截所所有
bean.setEnabled(true);
bean.setOrder(2);
return bean;
}
/**
* 3)用户登录认证
//当出现跨域问题时,此处的Filter拦截器jar包需要自己写,然后引用。内容为放行不需要通过统一认证的路径。
*/
@Bean
public FilterRegistrationBean authenticationFilter() {
FilterRegistrationBean bean = new FilterRegistrationBean();
bean.setFilter(new AuthenticationFilter()); //该 AuthenticationFilter 包 暂不提供
bean.addUrlPatterns("/*");//拦截所所有
//服务端
bean.addInitParameter("casServerLoginUrl", casProperties.serverLoginUrl);//服务端地址
bean.addInitParameter("renew", casProperties.renew);
bean.addInitParameter("gateway", casProperties.gateway);
// 客户端(自己这边)
bean.addInitParameter("serverName", casProperties.serverName);
bean.setEnabled(true);
bean.setOrder(3);
return bean;
}
/**
* 4)Ticket校验
*/
@Bean
public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() {
FilterRegistrationBean bean = new FilterRegistrationBean();
bean.setFilter(new Cas20ProxyReceivingTicketValidationFilter()); //该 Cas20ProxyReceivingTicketValidationFilter 包 暂不提供
bean.addUrlPatterns("/*");//拦截所所有
//服务端
bean.addInitParameter("casServerUrlPrefix", casProperties.casServerUrlPrefix);
//定义本应用的地址信息,其IP和端口一定要与3)中serverName的IP和端口保持一致
bean.addInitParameter("serverName", casProperties.serverName);
//useSession: 固定值为ture,若为false则会一直认证。
bean.addInitParameter("useSession",casProperties.useSession);
bean.addInitParameter("redirectAfterValidation",casProperties.redirectAfterValidation);
bean.setEnabled(true);
bean.setOrder(4);
return bean;
}
/**
* 5)httpServletRequest进行包装,以便后续可从Request中获取信息。
*/
@Bean
public FilterRegistrationBean httpServletRequestWrapperFilter() {
FilterRegistrationBean bean = new FilterRegistrationBean();
bean.setFilter(new HttpServletRequestWrapperFilter()); //该 HttpServletRequestWrapperFilter 包 暂不提供
bean.addUrlPatterns("/*");//拦截所所有
bean.setEnabled(true);
bean.setOrder(5);
return bean;
}
/**
* 6)用户信息存放在ThreadLocal对象中
*/
@Bean
public FilterRegistrationBean assertionThreadLocalFilter() {
FilterRegistrationBean bean = new FilterRegistrationBean();
bean.setFilter(new AssertionThreadLocalFilter()); //该 AssertionThreadLocalFilter 包 暂不提供
bean.addUrlPatterns("/*");//拦截所所有
bean.setEnabled(true);
bean.setOrder(6);
return bean;
}
/**
* 7)自制项目统一认证开关,为了项目测试可以不走统一认证,方便测试 该方法可要可不要
*/
@Bean
public FilterRegistrationBean casFlayFilter() {
FilterRegistrationBean bean = new FilterRegistrationBean();
bean.setFilter( new CasFlayFilter()); //该 CasFlayFilter 包 暂不提供 需自己写
bean.addUrlPatterns("/*");//拦截所所有
bean.setEnabled(true);
bean.setOrder(7);
return bean;
}
}
3、CasFlayFilter类
/**
* 自制项目统一认证开关,为了项目测试可以不走统一认证,方便测试 该方法可要可不要
*/
public final class CasFlayFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
Filter.super.init(filterConfig);
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
request.setAttribute("cas_filter_flay","1");
filterChain.doFilter(request,response);
}
@Override
public void destroy() {
Filter.super.destroy();
}
}
4、写完以上步骤,还需要单独写一个统一认证登录接口。该接口目的是将从统一认证平台登陆的用户转化为客户端(自己这边)登录的用户,以便登录统一认证平台,就直接进入客户端,而不需要再登录一次客户端的登录页面。
至于具体如何转化用户,依据项目的客户端登录页面去写。各个项目有所不同。
package com.fin.kpl.admin.trans.commons.system.login;
// 客户端编写统一认证登录接口 (该接口与客户端原有的登录接口相似,但不一样。)
//项目接入了统一认证平台,那么该登录接口就可以替代客户端原登录接口的功能。直接登录统一认证登录页面,不再登录客户端原有登录页面。
@Component
public class M001006 extends PubTransbaseVerity<Request001006, Response001006> {
@Autowired
SysUserMapper sysUserMapper;
@Autowired
LoginServiceMapper loginServiceMapper;
@Autowired
VerifyCodeCache verifyCodeCache;
@Autowired
WorkflowGrantLogMapper workflowGrantLogMapper;
@Autowired
SysParamService sysParamService;
public M001006() {
}
protected void validation(Request001006 request, Response001006 response) throws Exception {
this.log.info("user_name:" + request.getUserInfo().getLoginUserName());
}
protected Response001006 doBusi(Request001006 request, Response001006 response) throws Exception {
Map<String, Object> User = this.chkSysUserPwd(request);
UserInfoBean userinfo = new UserInfoBean();
BeanUtils.copyProperties(User, userinfo);
request.setUserInfo(userinfo);
String user_id = (String)User.get("user_id");
String org_id = (String)User.get("org_id");
String org_level = (String)User.get("org_level");
String user_name = (String)User.get("user_name");
String dept_id = (String)User.get("dept_id");
LoginUserBean loginUser = new LoginUserBean();
loginUser.setUserId((String)User.get("user_id"));
loginUser.setLoginName((String)User.get("login_name"));
loginUser.setUserName((String)User.get("user_name"));
loginUser.setMobileNo((String)User.get("mobile_no"));
loginUser.setEmails((String)User.get("emails"));
loginUser.setIdType((String)User.get("id_type"));
loginUser.setIdCode((String)User.get("id_code"));
loginUser.setOrgId((String)User.get("org_id"));
loginUser.setOrgName((String)User.get("org_name"));
loginUser.setDeptId((String)User.get("dept_id"));
loginUser.setDeptName((String)User.get("dept_name"));
loginUser.setOrgLevel((String)User.get("org_level"));
loginUser.setRoleId((String)User.get("role_id"));
loginUser.setRoleName((String)User.get("role_name"));
loginUser.setRoleType((String)User.get("role_type"));
loginUser.setLastLoginTime((String)User.get("last_login_time"));
loginUser.setPwdResetTime(User.get("pwd_reset_time") == null ? null : User.get("pwd_reset_time").toString());
loginUser.setIsFirstLogin((String)User.get("is_first_login"));
List<Map<String, Object>> role_node = this.loginServiceMapper.selectRoleNode(User.get("role_id").toString(), request.getHeadSystemId(), request.getHeadChannelId());
List<NodeIdsBean> nodeIds = new ArrayList();
for(int i = 0; i < role_node.size(); ++i) {
NodeIdsBean nodeIdsBean = new NodeIdsBean();
nodeIdsBean.setNodeId(((Map)role_node.get(i)).get("NODE_ID").toString());
nodeIdsBean.setOpType(((Map)role_node.get(i)).get("OP_TYPE").toString());
nodeIdsBean.setName(((Map)role_node.get(i)).get("NODE_ID").toString());
nodeIdsBean.setNodeRoute(((Map)role_node.get(i)).get("NODE_ROUTE").toString());
nodeIdsBean.setParentNodeId(((Map)role_node.get(i)).get("PARENT_NODE_ID").toString());
nodeIds.add(nodeIdsBean);
}
loginUser.setNodeIds(nodeIds);
SysUserExample userExample = new SysUserExample();
userExample.createCriteria().andUserIdEqualTo(user_id);
SysUser sysUser = new SysUser();
sysUser.setLastLoginTime(CalendarUtil.getNowDateTime());
this.sysUserMapper.updateByExampleSelective(sysUser, userExample);
response.setLoginUser(loginUser);
return response;
}
public Map<String, Object> chkSysUserPwd(Request001006 request) throws Exception {
new HashMap(16);
List<Map<String, Object>> userList = this.loginServiceMapper.selectUserLogin(request.getHeadSystemId(), request.getHeadChannelId(), request.getUserInfo().getLoginUserId(), "4", "2");
if (userList != null && userList.size() != 0) {
Map<String, Object> userInfo = DataUtil.transformMapUpperCase((Map)userList.get(0));
return userInfo;
} else {
throw new ErrorException(EnumSysRespMsg.LOGIN_USER_NOT_EXIST.getRespCode(), EnumSysRespMsg.LOGIN_USER_NOT_EXIST.getRespMsg());
}
}
public void updateAdminStatus(List<WorkflowGrantLog> workflowGrantLogs, Request001006 request) {
Iterator var3 = workflowGrantLogs.iterator();
while(var3.hasNext()) {
WorkflowGrantLog w = (WorkflowGrantLog)var3.next();
if ("11".equals(w.getGrantBusiType())) {
SysUser sysUser = new SysUser();
sysUser.setUserStatus("1");
SysUserExample sysUserExample = new SysUserExample();
sysUserExample.createCriteria().andLoginNameEqualTo(request.getUserInfo().getLoginUserName());
this.sysUserMapper.updateByExampleSelective(sysUser, sysUserExample);
}
}
}
}
需自我体会,谢谢!