一、前期介紹
前篇有介紹過了cas server的相關搭建及簡單配置,但是整個的單點登錄功能並未就此完結。除了服務端還需要接入相應需要單點登錄的客戶端,即我們的應用系統。下面介紹相關的客戶端配置,以springboot項目為例介紹。
二、客戶端配置
1、添加依賴
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.5.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
2、配置屬性值獲取類,用戶獲取springboot屬性配置文件中的特定屬性值。
package com.example.configure; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.stereotype.Component; /** * Description:casclient屬性實體類 * Package:com.example.configure * * @author lightbc * @version 1.0 */ @Component @ConfigurationProperties(prefix = "spring.cas.client") public class CasClientProperties { private String serverLoginUrl; private String serverUrlPrefix; private String serverName; private boolean redirectAfterValidation; private boolean useSession; public String getServerLoginUrl() { return serverLoginUrl; } public void setServerLoginUrl(String serverLoginUrl) { this.serverLoginUrl = serverLoginUrl; } public String getServerUrlPrefix() { return serverUrlPrefix; } public void setServerUrlPrefix(String serverUrlPrefix) { this.serverUrlPrefix = serverUrlPrefix; } public String getServerName() { return serverName; } public void setServerName(String serverName) { this.serverName = serverName; } public boolean isRedirectAfterValidation() { return redirectAfterValidation; } public void setRedirectAfterValidation(boolean redirectAfterValidation) { this.redirectAfterValidation = redirectAfterValidation; } public boolean isUseSession() { return useSession; } public void setUseSession(boolean useSession) { this.useSession = useSession; } }
3、springboot中因為沒有web.xml配置文件,所以需要通過編程的方式進行配置,以下為相關配置類。
package com.example.configure; import org.jasig.cas.client.authentication.AuthenticationFilter; import org.jasig.cas.client.session.SingleSignOutHttpSessionListener; import org.jasig.cas.client.util.AssertionThreadLocalFilter; import org.jasig.cas.client.util.HttpServletRequestWrapperFilter; import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.boot.web.servlet.ServletListenerRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; /** * Description:casclient相關配置類 * Package:com.example.configure * * @author lightbc * @version 1.0 */ @Configuration public class CasClientConfigure { @Autowired private CasClientProperties properties; @Bean public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener(){ ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listener=new ServletListenerRegistrationBean<>(); listener.setEnabled(true); listener.setListener(new SingleSignOutHttpSessionListener()); listener.setOrder(1); return listener; } @Bean public FilterRegistrationBean authenticationFilter() { FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); filterRegistration.setFilter(new AuthenticationFilter()); filterRegistration.setEnabled(true); filterRegistration.addUrlPatterns("/*"); filterRegistration.addInitParameter("casServerLoginUrl", properties.getServerLoginUrl()); filterRegistration.addInitParameter("serverName",properties.getServerName()); filterRegistration.addInitParameter("useSession", properties.isUseSession()?"true":"false"); filterRegistration.addInitParameter("redirectAfterValidation", properties.isRedirectAfterValidation()?"true":"false"); filterRegistration.setOrder(3); return filterRegistration; } @Bean public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() { FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); filterRegistration.setFilter(new Cas20ProxyReceivingTicketValidationFilter()); filterRegistration.setEnabled(true); filterRegistration.addUrlPatterns("/*"); filterRegistration.addInitParameter("casServerUrlPrefix", properties.getServerUrlPrefix()); filterRegistration.addInitParameter("serverName", properties.getServerName()); filterRegistration.setOrder(4); return filterRegistration; } @Bean public FilterRegistrationBean httpServletRequestWrapperFilter() { FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); filterRegistration.setFilter(new HttpServletRequestWrapperFilter()); filterRegistration.setEnabled(true); filterRegistration.addUrlPatterns("/*"); filterRegistration.setOrder(5); return filterRegistration; } @Bean public FilterRegistrationBean assertionThreadLocalFilter() { FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); filterRegistration.setFilter(new AssertionThreadLocalFilter()); filterRegistration.setEnabled(true); filterRegistration.addUrlPatterns("/*"); filterRegistration.setOrder(6); return filterRegistration; } }
4、屬性文件中添加相關屬性。
# cas client spring.cas.client.serverLoginUrl=http://server.sso.com:8088/login spring.cas.client.serverUrlPrefix=http://server.sso.com:8088/ spring.cas.client.redirectAfterValidation=true spring.cas.client.useSession=true spring.cas.client.serverName=http://client.sso.com:8080
三、效果展示
1、啟動cas server,再啟動cas client。效果如下,未登錄會跳轉到單點登錄的登錄界面:
2、過程中可能遇到如下所示問題。
此時需修改cas server的services下的HTTPSandIMAPS-10000001.json文件。
再修改application.properties文件,添加如下內容:
cas.tgc.secure=false cas.serviceRegistry.initFromJson=true
四、補充說明
1、以上示例中用到的類似域名配置需要修改C:\Windows\System32\drivers\etc下的hosts文件。文件最后添加以下內容,並保存。
127.0.0.1 server.sso.com 127.0.0.1 client.sso.com
2、如果項目中含有web.xml配置文件,請參照這里。