1. 修改依賴
<!-- spring-boot-configuration 配置信息 ,加入此項可以提示 配置信息 --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-configuration-processor</artifactId> <optional>true</optional> </dependency> <java.cas.client.version>3.5.0</java.cas.client.version> <!-- cas 單點登錄 客戶端 攔截器 --> <dependency> <groupId>org.jasig.cas.client</groupId> <artifactId>cas-client-core</artifactId> <version>${java.cas.client.version}</version> </dependency>
2. 建立 配置類
package com.cjy.core.config.cas; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.annotation.Configuration; import org.springframework.lang.Nullable; /** * <p><b> * * </b></p> * <br/>創建時間: 2019/7/8 13:39 * * @author Zero */ @ConfigurationProperties(prefix = "cas") @Configuration public class CasClientProperties { /** * 是否開啟單點登錄 */ private boolean enable = true; /** * 單點登錄需要訪問的CAS SERVER URL入口 */ private String casServerLoginUrl; /** * 托管此應用的服務器名稱,例如本機:http://localhost:8080 */ private String serverName; /** * 指定是否應將renew = true發送到CAS服務器 */ private boolean renew = false; /** * 指定是否應將gateway = true發送到CAS服務器 */ private boolean gateway = false; /** * cas服務器的開頭 例如 http://localhost:8443/cas */ private String casServerUrlPrefix; /** * 是否將Assertion 存入到session中 * 如果不使用session(會話),tickets(票據)將每次請求時都需要tickets */ private boolean useSession = true; /** * 是否在票證驗證后重定向到相同的URL,但在參數中沒有票證 */ private boolean redirectAfterValidation = true; /** * 是否在tickets驗證失敗時拋出異常 */ private boolean exceptionOnValidationFailure = false; /** * 驗證白名單,當請求路徑匹配此表達式時,自動通過驗證 */ @Nullable private String ignorePattern; /** * 白名單表達式的類型 * REGEX 正則表達式 默認的 * CONTAINS 包含匹配 * EXACT 精確匹配 */ @Nullable private String ignoreUrlPatternType; public boolean isEnable() { return enable; } public void setEnable(boolean enable) { this.enable = enable; } public String getCasServerLoginUrl() { return casServerLoginUrl; } public void setCasServerLoginUrl(String casServerLoginUrl) { this.casServerLoginUrl = casServerLoginUrl; } public String getServerName() { return serverName; } public void setServerName(String serverName) { this.serverName = serverName; } public boolean isRenew() { return renew; } public void setRenew(boolean renew) { this.renew = renew; } public boolean isGateway() { return gateway; } public void setGateway(boolean gateway) { this.gateway = gateway; } public String getCasServerUrlPrefix() { return casServerUrlPrefix; } public void setCasServerUrlPrefix(String casServerUrlPrefix) { this.casServerUrlPrefix = casServerUrlPrefix; } public boolean isUseSession() { return useSession; } public void setUseSession(boolean useSession) { this.useSession = useSession; } public boolean isRedirectAfterValidation() { return redirectAfterValidation; } public void setRedirectAfterValidation(boolean redirectAfterValidation) { this.redirectAfterValidation = redirectAfterValidation; } public boolean isExceptionOnValidationFailure() { return exceptionOnValidationFailure; } public void setExceptionOnValidationFailure(boolean exceptionOnValidationFailure) { this.exceptionOnValidationFailure = exceptionOnValidationFailure; } @Nullable public String getIgnorePattern() { return ignorePattern; } public void setIgnorePattern(@Nullable String ignorePattern) { this.ignorePattern = ignorePattern; } @Nullable public String getIgnoreUrlPatternType() { return ignoreUrlPatternType; } public void setIgnoreUrlPatternType(@Nullable String ignoreUrlPatternType) { this.ignoreUrlPatternType = ignoreUrlPatternType; } }
3. 建立 攔截器 bean
package com.cjy.core.config.cas; import org.jasig.cas.client.authentication.AuthenticationFilter; import org.jasig.cas.client.session.SingleSignOutFilter; import org.jasig.cas.client.session.SingleSignOutHttpSessionListener; import org.jasig.cas.client.util.AssertionThreadLocalFilter; import org.jasig.cas.client.util.HttpServletRequestWrapperFilter; import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.boot.web.servlet.ServletListenerRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; /** * <p><b> * * </b></p> * <br/>創建時間: 2019/7/8 13:37 * * @author Zero */ @Configuration public class CasFilterConfig { @Autowired private CasClientProperties casClientProperties; /** * 單點登出 * * @return */ @Bean public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() { ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listener = new ServletListenerRegistrationBean<>(); listener.setEnabled(casClientProperties.isEnable()); listener.setListener(new SingleSignOutHttpSessionListener()); listener.setOrder(1); return listener; } @Bean public FilterRegistrationBean singleSignOutFilter() { FilterRegistrationBean registrationBean = new FilterRegistrationBean(); registrationBean.setFilter(new SingleSignOutFilter()); registrationBean.addUrlPatterns("/*"); registrationBean.addInitParameter("casServerUrlPrefix", casClientProperties.getCasServerUrlPrefix()); registrationBean.setEnabled(casClientProperties.isEnable()); registrationBean.setOrder(2); return registrationBean; } /** * 認證過濾器 * 如果用戶需要進行身份驗證,則會將用戶重定向到CAS服務器。 * * @return */ @Bean public FilterRegistrationBean authenticationFilter() { FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(); filterRegistrationBean.setFilter(new AuthenticationFilter()); filterRegistrationBean.setEnabled(casClientProperties.isEnable()); filterRegistrationBean.addUrlPatterns("/*"); filterRegistrationBean.addInitParameter("casServerLoginUrl", casClientProperties.getCasServerLoginUrl()); filterRegistrationBean.addInitParameter("serverName", casClientProperties.getServerName()); filterRegistrationBean.addInitParameter("gateway", String.valueOf(casClientProperties.isGateway())); filterRegistrationBean.addInitParameter("ignorePattern", String.valueOf(casClientProperties.getIgnorePattern())); // filterRegistrationBean.addInitParameter("renew", String.valueOf(casClientProperties.isRenew())); filterRegistrationBean.setOrder(3); return filterRegistrationBean; } /** * 使用 CAS 2.0 protocol. ticket校驗工作 * Cas30ProxyReceivingTicketValidationFilter 使用cas3.0 protocol * Cas30JsonProxyReceivingTicketValidationFilter 過濾器能夠接受CAS的驗證響應,根據CAS協議規定的格式為JSON * * @return */ @Bean public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() { FilterRegistrationBean registrationBean = new FilterRegistrationBean(); registrationBean.setFilter(new Cas20ProxyReceivingTicketValidationFilter()); registrationBean.addUrlPatterns("/*"); registrationBean.addInitParameter("casServerUrlPrefix", casClientProperties.getCasServerUrlPrefix()); registrationBean.addInitParameter("serverName", casClientProperties.getServerName()); registrationBean.addInitParameter("useSession", String.valueOf(casClientProperties.isUseSession())); registrationBean.addInitParameter("exceptionOnValidationFailure", String.valueOf(casClientProperties.isExceptionOnValidationFailure())); registrationBean.addInitParameter("redirectAfterValidation", String.valueOf(casClientProperties.isRedirectAfterValidation())); registrationBean.setEnabled(casClientProperties.isEnable()); registrationBean.setOrder(4); return registrationBean; } /** * 將斷言信息存放在ThreadLocal中,可以通過此類獲取登錄的用戶信息 * 可以在任意地方獲取到用戶信息 AssertionHolder類是專門處理此信息類 * 但是此類無法訪問 HttpServletRequest,因此無法調用 getRemoteUser() * * @return */ @Bean public FilterRegistrationBean assertionThreadLocalFilter() { FilterRegistrationBean registrationBean = new FilterRegistrationBean(); registrationBean.setEnabled(casClientProperties.isEnable()); registrationBean.setOrder(5); registrationBean.setFilter(new AssertionThreadLocalFilter()); return registrationBean; } /** * HttpServletRequest包裝類 * 可以通過getRemoteUser()與getPrincipal()獲取相應CAS的信息 * * @return */ @Bean public FilterRegistrationBean requestWrapperFilter() { FilterRegistrationBean registrationBean = new FilterRegistrationBean(); registrationBean.setEnabled(casClientProperties.isEnable()); registrationBean.setFilter(new HttpServletRequestWrapperFilter()); registrationBean.addUrlPatterns("/*"); registrationBean.setOrder(6); return registrationBean; } }