1. 修改依赖
<!-- spring-boot-configuration 配置信息 ,加入此项可以提示 配置信息 --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-configuration-processor</artifactId> <optional>true</optional> </dependency> <java.cas.client.version>3.5.0</java.cas.client.version> <!-- cas 单点登录 客户端 拦截器 --> <dependency> <groupId>org.jasig.cas.client</groupId> <artifactId>cas-client-core</artifactId> <version>${java.cas.client.version}</version> </dependency>
2. 建立 配置类
package com.cjy.core.config.cas; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.annotation.Configuration; import org.springframework.lang.Nullable; /** * <p><b> * * </b></p> * <br/>创建时间: 2019/7/8 13:39 * * @author Zero */ @ConfigurationProperties(prefix = "cas") @Configuration public class CasClientProperties { /** * 是否开启单点登录 */ private boolean enable = true; /** * 单点登录需要访问的CAS SERVER URL入口 */ private String casServerLoginUrl; /** * 托管此应用的服务器名称,例如本机:http://localhost:8080 */ private String serverName; /** * 指定是否应将renew = true发送到CAS服务器 */ private boolean renew = false; /** * 指定是否应将gateway = true发送到CAS服务器 */ private boolean gateway = false; /** * cas服务器的开头 例如 http://localhost:8443/cas */ private String casServerUrlPrefix; /** * 是否将Assertion 存入到session中 * 如果不使用session(会话),tickets(票据)将每次请求时都需要tickets */ private boolean useSession = true; /** * 是否在票证验证后重定向到相同的URL,但在参数中没有票证 */ private boolean redirectAfterValidation = true; /** * 是否在tickets验证失败时抛出异常 */ private boolean exceptionOnValidationFailure = false; /** * 验证白名单,当请求路径匹配此表达式时,自动通过验证 */ @Nullable private String ignorePattern; /** * 白名单表达式的类型 * REGEX 正则表达式 默认的 * CONTAINS 包含匹配 * EXACT 精确匹配 */ @Nullable private String ignoreUrlPatternType; public boolean isEnable() { return enable; } public void setEnable(boolean enable) { this.enable = enable; } public String getCasServerLoginUrl() { return casServerLoginUrl; } public void setCasServerLoginUrl(String casServerLoginUrl) { this.casServerLoginUrl = casServerLoginUrl; } public String getServerName() { return serverName; } public void setServerName(String serverName) { this.serverName = serverName; } public boolean isRenew() { return renew; } public void setRenew(boolean renew) { this.renew = renew; } public boolean isGateway() { return gateway; } public void setGateway(boolean gateway) { this.gateway = gateway; } public String getCasServerUrlPrefix() { return casServerUrlPrefix; } public void setCasServerUrlPrefix(String casServerUrlPrefix) { this.casServerUrlPrefix = casServerUrlPrefix; } public boolean isUseSession() { return useSession; } public void setUseSession(boolean useSession) { this.useSession = useSession; } public boolean isRedirectAfterValidation() { return redirectAfterValidation; } public void setRedirectAfterValidation(boolean redirectAfterValidation) { this.redirectAfterValidation = redirectAfterValidation; } public boolean isExceptionOnValidationFailure() { return exceptionOnValidationFailure; } public void setExceptionOnValidationFailure(boolean exceptionOnValidationFailure) { this.exceptionOnValidationFailure = exceptionOnValidationFailure; } @Nullable public String getIgnorePattern() { return ignorePattern; } public void setIgnorePattern(@Nullable String ignorePattern) { this.ignorePattern = ignorePattern; } @Nullable public String getIgnoreUrlPatternType() { return ignoreUrlPatternType; } public void setIgnoreUrlPatternType(@Nullable String ignoreUrlPatternType) { this.ignoreUrlPatternType = ignoreUrlPatternType; } }
3. 建立 拦截器 bean
package com.cjy.core.config.cas; import org.jasig.cas.client.authentication.AuthenticationFilter; import org.jasig.cas.client.session.SingleSignOutFilter; import org.jasig.cas.client.session.SingleSignOutHttpSessionListener; import org.jasig.cas.client.util.AssertionThreadLocalFilter; import org.jasig.cas.client.util.HttpServletRequestWrapperFilter; import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.boot.web.servlet.ServletListenerRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; /** * <p><b> * * </b></p> * <br/>创建时间: 2019/7/8 13:37 * * @author Zero */ @Configuration public class CasFilterConfig { @Autowired private CasClientProperties casClientProperties; /** * 单点登出 * * @return */ @Bean public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() { ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listener = new ServletListenerRegistrationBean<>(); listener.setEnabled(casClientProperties.isEnable()); listener.setListener(new SingleSignOutHttpSessionListener()); listener.setOrder(1); return listener; } @Bean public FilterRegistrationBean singleSignOutFilter() { FilterRegistrationBean registrationBean = new FilterRegistrationBean(); registrationBean.setFilter(new SingleSignOutFilter()); registrationBean.addUrlPatterns("/*"); registrationBean.addInitParameter("casServerUrlPrefix", casClientProperties.getCasServerUrlPrefix()); registrationBean.setEnabled(casClientProperties.isEnable()); registrationBean.setOrder(2); return registrationBean; } /** * 认证过滤器 * 如果用户需要进行身份验证,则会将用户重定向到CAS服务器。 * * @return */ @Bean public FilterRegistrationBean authenticationFilter() { FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(); filterRegistrationBean.setFilter(new AuthenticationFilter()); filterRegistrationBean.setEnabled(casClientProperties.isEnable()); filterRegistrationBean.addUrlPatterns("/*"); filterRegistrationBean.addInitParameter("casServerLoginUrl", casClientProperties.getCasServerLoginUrl()); filterRegistrationBean.addInitParameter("serverName", casClientProperties.getServerName()); filterRegistrationBean.addInitParameter("gateway", String.valueOf(casClientProperties.isGateway())); filterRegistrationBean.addInitParameter("ignorePattern", String.valueOf(casClientProperties.getIgnorePattern())); // filterRegistrationBean.addInitParameter("renew", String.valueOf(casClientProperties.isRenew())); filterRegistrationBean.setOrder(3); return filterRegistrationBean; } /** * 使用 CAS 2.0 protocol. ticket校验工作 * Cas30ProxyReceivingTicketValidationFilter 使用cas3.0 protocol * Cas30JsonProxyReceivingTicketValidationFilter 过滤器能够接受CAS的验证响应,根据CAS协议规定的格式为JSON * * @return */ @Bean public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() { FilterRegistrationBean registrationBean = new FilterRegistrationBean(); registrationBean.setFilter(new Cas20ProxyReceivingTicketValidationFilter()); registrationBean.addUrlPatterns("/*"); registrationBean.addInitParameter("casServerUrlPrefix", casClientProperties.getCasServerUrlPrefix()); registrationBean.addInitParameter("serverName", casClientProperties.getServerName()); registrationBean.addInitParameter("useSession", String.valueOf(casClientProperties.isUseSession())); registrationBean.addInitParameter("exceptionOnValidationFailure", String.valueOf(casClientProperties.isExceptionOnValidationFailure())); registrationBean.addInitParameter("redirectAfterValidation", String.valueOf(casClientProperties.isRedirectAfterValidation())); registrationBean.setEnabled(casClientProperties.isEnable()); registrationBean.setOrder(4); return registrationBean; } /** * 将断言信息存放在ThreadLocal中,可以通过此类获取登录的用户信息 * 可以在任意地方获取到用户信息 AssertionHolder类是专门处理此信息类 * 但是此类无法访问 HttpServletRequest,因此无法调用 getRemoteUser() * * @return */ @Bean public FilterRegistrationBean assertionThreadLocalFilter() { FilterRegistrationBean registrationBean = new FilterRegistrationBean(); registrationBean.setEnabled(casClientProperties.isEnable()); registrationBean.setOrder(5); registrationBean.setFilter(new AssertionThreadLocalFilter()); return registrationBean; } /** * HttpServletRequest包装类 * 可以通过getRemoteUser()与getPrincipal()获取相应CAS的信息 * * @return */ @Bean public FilterRegistrationBean requestWrapperFilter() { FilterRegistrationBean registrationBean = new FilterRegistrationBean(); registrationBean.setEnabled(casClientProperties.isEnable()); registrationBean.setFilter(new HttpServletRequestWrapperFilter()); registrationBean.addUrlPatterns("/*"); registrationBean.setOrder(6); return registrationBean; } }