CAS 身份认证登录

最新推荐文章于 2024-10-11 17:30:36 发布
最新推荐文章于 2024-10-11 17:30:36 发布
阅读量822 收藏 14
点赞数 24
文章标签: java 前端 服务器
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_68338449/article/details/141959934
版权 
public class UserInfo {
    /**
     * 用户姓名
     */
    private String userName = null;

    /**
     * 用户账户
     */
    private String userAccount = null;

    /**
     * 返回的其他用户属性
     */
    private Map<String,Object> attributes;

    public String getUserName () {
        return userName;
    }

    public void setUserName (String userName) {
        this.userName = userName;
    }

    public String getUserAccount () {
        return userAccount;
    }

    public void setUserAccount (String userAccount) {
        this.userAccount = userAccount;
    }

    public Map<String, Object> getAttributes () {
        return attributes;
    }

    public void setAttributes (Map<String, Object> attributes) {
        this.attributes = attributes;
    }
package com.ls.cas.config;

import org.jasig.cas.client.authentication.DefaultGatewayResolverImpl;
import org.jasig.cas.client.authentication.GatewayResolver;
import org.jasig.cas.client.util.AbstractCasFilter;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.validation.Assertion;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

@Order(1)
@WebFilter(filterName = "AuthenticationFilter", urlPatterns = { "/cas/*" })
public class AuthenticationFilter extends AbstractCasFilter {

   @Value("${cas.appUrl}")
   private String serverName ;

   @Value("${cas.url}")
   private String loginServer ;

    private boolean renew = false;
    private boolean gateway = false;

    private GatewayResolver gatewayStorage = new DefaultGatewayResolverImpl();

    @Override
    protected void initInternal(FilterConfig filterConfig) throws ServletException {
       if (!isIgnoreInitConfiguration()) {
            super.initInternal(filterConfig);

            setCasServerLoginUrl(loginServer+"/login");

            if(serverName!=null){
               super.setServerName(serverName);
            }

            final String gatewayStorageClass = getPropertyFromInitParams(filterConfig, "gatewayStorageClass", null);

            if (gatewayStorageClass != null) {
                try {
                    this.gatewayStorage = (GatewayResolver) Class.forName(gatewayStorageClass).newInstance();
                } catch (final Exception e) {
                    log.error(e,e);
                    throw new ServletException(e);
                }
            }
        }
    }

   @Override
   public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
         throws IOException, ServletException {
       HttpServletRequest request = (HttpServletRequest)servletRequest;
       HttpServletResponse response = (HttpServletResponse)servletResponse;

       final HttpSession session = request.getSession(false);
        final Assertion assertion = session != null ? (Assertion) session.getAttribute(CONST_CAS_ASSERTION) : null;
        if (assertion != null) {
            filterChain.doFilter(request, response);
            return;
        }

        final String serviceUrl = constructServiceUrl(request, response);
        final String ticket = CommonUtils.safeGetParameter(request,getArtifactParameterName());
        final boolean wasGatewayed = this.gatewayStorage.hasGatewayedAlready(request, serviceUrl);

        if (CommonUtils.isNotBlank(ticket) || wasGatewayed) {
            filterChain.doFilter(request, response);
            return;
        }

        final String modifiedServiceUrl;

        log.debug("no ticket and no assertion found");
        if (this.gateway) {
            log.debug("setting gateway attribute in session");
            modifiedServiceUrl = this.gatewayStorage.storeGatewayInformation(request, serviceUrl);
        } else {
            modifiedServiceUrl = serviceUrl;
        }

        if (log.isDebugEnabled()) {
            log.debug("Constructed service url: " + modifiedServiceUrl);
        }

        final String urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), modifiedServiceUrl, this.renew, this.gateway);

        if (log.isDebugEnabled()) {
            log.debug("redirecting to \"" + urlToRedirectTo + "\"");
        }

        response.sendRedirect(urlToRedirectTo);

   }

    /**
     * The URL to the CAS Server login.
     */
    private String casServerLoginUrl;
    public final void setCasServerLoginUrl(final String casServerLoginUrl) {
        this.casServerLoginUrl = casServerLoginUrl;
    }

    public final void setGatewayStorage(final GatewayResolver gatewayStorage) {
       this.gatewayStorage = gatewayStorage;
    }

}
package com.ls.cas.config;

import org.jasig.cas.client.proxy.*;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.util.ReflectUtils;
import org.jasig.cas.client.validation.*;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.*;

@Order(2)
@Component
@WebFilter(filterName = "Cas20ProxyReceivingTicketValidationFilter", urlPatterns = { "/cas/*" })
public class Cas20ProxyReceivingTicketValidationFilter extends AbstractTicketValidationFilter {

    @Value("${cas.appUrl}")
   private String serverName ;

    @Value("${cas.url}")
   private String validateServer ;

    private static final String[] RESERVED_INIT_PARAMS = new String[] {"proxyGrantingTicketStorageClass", "proxyReceptorUrl", "acceptAnyProxy", "allowedProxyChains", "casServerUrlPrefix", "proxyCallbackUrl", "renew", "exceptionOnValidationFailure", "redirectAfterValidation", "useSession", "service", "artifactParameterName", "serviceParameterName", "encodeServiceUrl", "millisBetweenCleanUps", "hostnameVerifier", "encoding", "config"};

    private static final int DEFAULT_MILLIS_BETWEEN_CLEANUPS = 60 * 1000;

    /**
     * The URL to send to the CAS server as the URL that will process proxying requests on the CAS client. 
     */
    private String proxyReceptorUrl;

    private Timer timer;

    private TimerTask timerTask;

    private int millisBetweenCleanUps;
    
    private ProxyGrantingTicketStorage proxyGrantingTicketStorage = new ProxyGrantingTicketStorageImpl();

   @Override
    protected void initInternal(final FilterConfig filterConfig) throws ServletException {

       super.setServerName(serverName);
       
        setProxyReceptorUrl(getPropertyFromInitParams(filterConfig, "proxyReceptorUrl", null));

        final String proxyGrantingTicketStorageClass = getPropertyFromInitParams(filterConfig, "proxyGrantingTicketStorageClass", null);

        if (proxyGrantingTicketStorageClass != null) {
            this.proxyGrantingTicketStorage = ReflectUtils.newInstance(proxyGrantingTicketStorageClass);

            if (this.proxyGrantingTicketStorage instanceof AbstractEncryptedProxyGrantingTicketStorageImpl) {
                final AbstractEncryptedProxyGrantingTicketStorageImpl p = (AbstractEncryptedProxyGrantingTicketStorageImpl) this.proxyGrantingTicketStorage;
                final String cipherAlgorithm = getPropertyFromInitParams(filterConfig, "cipherAlgorithm", AbstractEncryptedProxyGrantingTicketStorageImpl.DEFAULT_ENCRYPTION_ALGORITHM);
                final String secretKey = getPropertyFromInitParams(filterConfig, "secretKey", null);

                p.setCipherAlgorithm(cipherAlgorithm);

                try {
                    if (secretKey != null) {
                        p.setSecretKey(secretKey);
                    }
                } catch (final Exception e) {
                    throw new RuntimeException(e);
                }
            }
        }

        log.trace("Setting proxyReceptorUrl parameter: " + this.proxyReceptorUrl);
        this.millisBetweenCleanUps = Integer.parseInt(getPropertyFromInitParams(filterConfig, "millisBetweenCleanUps", Integer.toString(DEFAULT_MILLIS_BETWEEN_CLEANUPS)));
        super.initInternal(filterConfig);
    }

    @Override
    public void init() {
        super.init();
        CommonUtils.assertNotNull(this.proxyGrantingTicketStorage, "proxyGrantingTicketStorage cannot be null.");

        if (this.timer == null) {
            this.timer = new Timer(true);
        }

        if (this.timerTask == null) {
            this.timerTask = new CleanUpTimerTask(this.proxyGrantingTicketStorage);
        }
        this.timer.schedule(this.timerTask, this.millisBetweenCleanUps, this.millisBetweenCleanUps);
    }

    /**
     * Constructs a Cas20ServiceTicketValidator or a Cas20ProxyTicketValidator based on supplied parameters.
     *
     * @param filterConfig the Filter Configuration object.
     * @return a fully constructed TicketValidator.
     */
    @Override
    protected final TicketValidator getTicketValidator(final FilterConfig filterConfig) {
        final String allowAnyProxy = getPropertyFromInitParams(filterConfig, "acceptAnyProxy", null);
        final String allowedProxyChains = getPropertyFromInitParams(filterConfig, "allowedProxyChains", null);
        final String casServerUrlPrefix = validateServer ;
        
        final Cas20ServiceTicketValidator validator;

        if (CommonUtils.isNotBlank(allowAnyProxy) || CommonUtils.isNotBlank(allowedProxyChains)) {
            final Cas20ProxyTicketValidator v = new Cas20ProxyTicketValidator(casServerUrlPrefix);
            v.setAcceptAnyProxy(parseBoolean(allowAnyProxy));
            v.setAllowedProxyChains(CommonUtils.createProxyList(allowedProxyChains));
            validator = v;
        } else {
            validator = new Cas20ServiceTicketValidator(casServerUrlPrefix);
        }
        validator.setProxyCallbackUrl(getPropertyFromInitParams(filterConfig, "proxyCallbackUrl", null));
        validator.setProxyGrantingTicketStorage(this.proxyGrantingTicketStorage);
        validator.setProxyRetriever(new Cas20ProxyRetriever(casServerUrlPrefix, getPropertyFromInitParams(filterConfig, "encoding", null)));
        validator.setRenew(parseBoolean(getPropertyFromInitParams(filterConfig, "renew", "false")));
        validator.setEncoding(getPropertyFromInitParams(filterConfig, "encoding", "UTF-8"));

        final Map<String, String> additionalParameters = new HashMap<String, String>();
        final List<String> params = Arrays.asList(RESERVED_INIT_PARAMS);

        for (final Enumeration<?> e = filterConfig.getInitParameterNames(); e.hasMoreElements();) {
            final String s = (String) e.nextElement();
            if (!params.contains(s)) {
               additionalParameters.put(s, filterConfig.getInitParameter(s));
            }
        }

        validator.setCustomParameters(additionalParameters);
        validator.setHostnameVerifier(getHostnameVerifier(filterConfig));

        return validator;
    }

    @Override
    public void destroy() {
        super.destroy();
        this.timer.cancel();
    }

    /**
     * This processes the ProxyReceptor request before the ticket validation code executes.
     */
    @Override
    protected final boolean preFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
        final HttpServletRequest request = (HttpServletRequest) servletRequest;
        final HttpServletResponse response = (HttpServletResponse) servletResponse;
        final String requestUri = request.getRequestURI();

        if (CommonUtils.isEmpty(this.proxyReceptorUrl) || !requestUri.endsWith(this.proxyReceptorUrl)) {
            return true;
        }

        try {
            CommonUtils.readAndRespondToProxyReceptorRequest(request, response, this.proxyGrantingTicketStorage);
        } catch (final RuntimeException e) {
            log.error(e.getMessage(), e);
            throw e;
        }

        return false;
    }

    public final void setProxyReceptorUrl(final String proxyReceptorUrl) {
        this.proxyReceptorUrl = proxyReceptorUrl;
    }

    public void setProxyGrantingTicketStorage(final ProxyGrantingTicketStorage storage) {
        this.proxyGrantingTicketStorage = storage;
    }

    public void setTimer(final Timer timer) {
        this.timer = timer;
    }

    public void setTimerTask(final TimerTask timerTask) {
        this.timerTask = timerTask;
    }

    public void setMillisBetweenCleanUps(final int millisBetweenCleanUps) {
        this.millisBetweenCleanUps = millisBetweenCleanUps;
    }
    
    @Override
    protected void onSuccessfulValidation(HttpServletRequest request, HttpServletResponse response,
                                          Assertion assertion) {
    }
    
}


/**
 * @author xfc
 * @date 2024年07月29日 10:02
 * @Description: cas身份认证
 */
@RestController
@Slf4j
public class CasController {

    @Autowired
    private ISysUserService sysUserService;
    @Autowired
    private ISysDeptService sysDeptService;
    @Autowired
    private SysPermissionService permissionService;
    @Autowired
    private SysLoginService sysLoginService;

//    @Value("${casServer.url}")
//    private String prefixUrl;


    @RequestMapping(value = "/getUserInfo",
            produces = { "application/json" },
            method = RequestMethod.GET)
    public UserInfo getLoginUserInfo(HttpServletRequest request){
        return CasUtil.getUserInfoFromCas(request);
    }

    /**
     * cas 单点登录  门户
     * xfc
     * @param request 请求头https://ids.ctgu.edu.cn/authserver?service=http://210.42.43.235/prod-api/cas/ascLogin
     * @return
     */
    @GetMapping("/cas/ascLogin")
    public void loginByNameAndCardNo(HttpServletRequest request, HttpServletResponse response) {
        Assertion assertion = (Assertion) request.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
        String loginName = null;
        if (assertion != null) {
            AttributePrincipal principal = assertion.getPrincipal();
            loginName = principal.getName();
            System.out.println("访问者:" + loginName);
        }
        SysUser user = new SysUser();
        user.setUserName(loginName);
        SysUser sysUser = sysUserService.selectUserByUserName(user.getUserName());
        if (null == sysUser){
            throw new RuntimeException("当前用户" + loginName + "在系统中不存在");
        }
        // 校验用户信息并返回
        String token = sysLoginService.ssoLogin(sysUser.getUserName(), sysUser.getPassword(), null, null);
        log.info("token--------------" + token);
        if (ObjectUtil.isNotEmpty(sysUser) && token !=null){
            try {
                String  portal = CacheUtils.get(SYS_CONFIG, "sys.config.portal");
                response.sendRedirect(portal + token);
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }

portal  是自己配置的路径也就是跳转路径

无遇696
关注
CAS5.3+windows AD域实现单点登录身份认证.docx
05-17
使用 CAS 和 Windows AD 实现单点登录身份认证可以提高用户体验和系统安全,减少身份验证步骤,提高工作效率。同时,CAS 和 Windows AD 都是开源的解决方案,降低了系统成本和维护难度。 结论 使用 CAS 和 ...
CAS+windows AD域实现单点登录身份认证.docx
11-29
cas集成window AD 域实现免身份认证单点登录cas部署为centos系统,window server 2012 R2
CAS登录认证
Admans的专栏
07-15 2897
CAS最基本的协议过程: 名词解释 Ticket Grangting Ticket(TGT) : TGT是CAS为用户签发的登录票据,拥有了TGT,用户就可以证明自己在CAS成功登录过。TGT封装了Cookie值以及此Cookie值对应的用户信息。用户在CAS认证成功后,CAS生成cookie(叫TGC),写入浏览器,同时生成一个TGT对象,放入自己的缓存,TGT对象的ID就是cookie的值。当HTTP再次请求到来时,如果传过来的有CAS生成的cookie,则CAS以此cookie值为key
单点登录CAS
ronshi的博客
09-06 377
单点登录CAS
cas单点登录认证原理
Lordinloft的专栏
03-03 1029
讲述CAS认证原理
统一身份认证服务(CAS)系统实现SSO认识
企业实战系列集 ●●● https://ximenjianxue.blog.csdn.net
08-26 1301
CAS(Central Authentication Service)即中央认证服务,是 Yale 大学发起的一个企业级开源项目,旨在为Web 应用系统提供一种可靠的 SSO 解决方案,它是一个企业级的开源单点认证登录解决方案,采用java语言编写,使用Apache-2.0协议,主要用于为Web应用程序创建和维护单点登录会话。它提供了一个安全可靠的方式来验证用户的身份,并且可以集成到各种Web应用程序中。CAS提供了多种认证机制,包括基于令牌的认证、基于密码的认证和多因素认证等。
SpringBoot 实现CAS Server统一登录认证
LiuCJ_20000的博客
11-21 4604
CAS(Central Authentication Service)中心授权服务,是一个开源项目,目的在于为Web应用系统提供一种可靠的单点登录。​ 在整个认证的流程中的整个流程大概是:首先由CAS Client(我们的客户端应用)发起请求,CAS Client 会重定向到CAS Server进行登录CAS Server进行账户校验且多个CAS Client 之间可以共享登录的 session ,。​ 从结构上看,CAS 包含两个部分:和。
Vue 接入 CAS统一认证登录
dongwuming的专栏
07-11 3435
CAS(Central Authentication Service)是一种单点登录协议,可以实现多个应用程序之间的用户身份认证和授权。在 Vue 中接入 CAS 统一认证,可以实现用户在一个应用程序中登录后,在其他应用程序中无需再次登录,提高用户体验。以下是在 Vue 中接入 CAS 统一认证的一般步骤:安装库在main.js中引入库其中,是 CAS 服务器的 URL 前缀,是 Vue 应用程序的 URL。在需要进行认证的组件中使用方法进行登录login() {在需要进行认证的路由中添加属性在。
ruoyi对接CAS统一身份认证
我惠依旧的博客
03-09 3063
7.修改com.ruoyi.framework.shiro.service.SysLoginService。6.新建com.ruoyi.framework.shiro.realm.CasRealm。4.增加com.ruoyi.framework.config.Pac4jConfig。5.com.ruoyi.framework.config.ShiroConfig修改。输入ruoyi项目地址会自动跳转cas认证,登录完毕之后又会跳转回ruoyi项目。然后先启动cas 服务端,然后再启动ruoyi项目。
CAS单点登录原理及改造
u012477420的博客
03-16 1528
假设此时另一个业务系统bussiness.test.com也进入了CAS,在浏览器首次打开bussiness.test.com时,由于当前域名下没有存储token,则也会跳转到CAS中,url为cas.test.com/login?3) CAS校验用户名密码,校验成功,则根据用户信息生成TGT、TGC,并将TGC写入到浏览 器的cookie中,同时根据TGT生成ST,再重定向到mail.test.com?1) TGT: 票据,或称大令牌,在登录成功之后生成,其中包含了用户信息
CAS自定义登录验证
Danio的专栏
03-04 4606
CAS实现单点登录自定义登录验证方法
cas:Laravel 5-8的简单CAS身份验证
05-01
Laravel 6-8.x的简单CAS身份验证。 此版本的CAS或中央身份验证服务旨在与需要实施SSO的Laravel 6-8项目集成。 较旧版本的Laravel可能有效,但未经测试。 该软件包是根据我的需要而构建的,但是可以轻松用于Laravel ...
集成cas实现单点登录认证.zip
12-19
5. CAS协议与SAML2.0:CAS协议是CAS服务的默认认证协议,而SAML2.0是一种更复杂的身份验证标准,支持更丰富的属性传递和更灵活的授权策略。根据需求,你可以在CAS服务器上启用SAML2.0支持,以与其他支持SAML的系统...
django-cas:通过CAS服务器进行身份验证
05-15
django_cas是Django的CAS 1.0和CAS 2.0身份验证后端。 它允许您在添加对CAS的支持的同时使用Django的内置身份验证机制和用户模型。 它还包括一个中间件,该中间件拦截对原始登录和注销页面的调用,并将其转发到...
JAVA开源】基于Vue和SpringBoot的高校学科竞赛平台
杨荧的CSDN博客
10-10 1388
教师功能有个人中心,题目类型管理,竞赛题库管理,竞赛类型管理,竞赛信息管理,报名信息管理,竞赛评分管理,参赛名单管理,晋级名单管理,获奖名单管理,竞赛总结管理,报销清单管理,成绩申诉管理,参赛信息管理,参赛信息管理,往年成绩管理,获奖情况管理。
JDK1.0主要特性
FoolRabbit的专栏
10-06 757
JDK1.0主要特性。
Backend - Java 基础
最新发布
是萝卜干呀的博客
10-11 439
知识量决定了未来能走多远
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值