CAS單點登錄學習筆記--SpringBoot+CAS Client 單點退出（二）

在前一篇博客中，主要是CAS Server環境搭建，其中遇到了各種問題。現在把客戶端搭建過程記錄一下，cas客戶端這裏採用SpringBoot+CAS Client搭建。修改hosts文件配置cas server和cas客戶端cas-client1，cas-client2的域名：

127.0.0.1 cas.server.com
127.0.0.1 cas.client1.com
127.0.0.1 cas.client2.com

注意：cas server的cas.properties中的一下配置要修改，這樣登出的時候纔會按照傳的地址跳轉

cas.logout.followServiceRedirects=false

1、新建一個maven父模塊cas-demo，然後新建兩個客戶端應用cas-client1，cas-client2（實際可以通過讀取不同的配置）。

2、父模塊pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.1.5.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

    <groupId>com.cas</groupId>
    <artifactId>cas-demo</artifactId>
    <packaging>pom</packaging>
    <version>1.0-SNAPSHOT</version>
    <modules>
        <module>cas-client1</module>
        <module>cas-client2</module>
    </modules>


</project>

3、另個cas-client的pom.xml一樣

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <parent>
        <artifactId>cas-demo</artifactId>
        <groupId>com.cas</groupId>
        <version>1.0-SNAPSHOT</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>

    <artifactId>cas-client1</artifactId>

    <properties>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>net.unicon.cas</groupId>
            <artifactId>cas-client-autoconfig-support</artifactId>
            <version>1.5.0-GA</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>
</project>

4、cas-client1的application.properties配置：

#項目端口
server.port=8088
#填CAS服務器的前綴
cas.server-url-prefix=https://cas.server.com:8443/cas
#填CAS服務器的登錄地址
cas.server-login-url=https://cas.server.com:8443/cas/login
#填客戶端的訪問前綴 www.crm.com是在host文件中配置的映射,映射到127.0.0.1
cas.client-host-url=http://cas.client1.com:8088
cas.use-session=true
cas.validation-type=cas
#自定義的退出url，退出成功後跳轉到 http://cas.client1.com:9002/logout/success
casClientLogoutUrl=https://cas.server.com:8443/cas/logout?service=http://cas.client1.com:8088/logout/success
#CAS驗證白名單
udf.ignorePattern=/logout/success|/index
#自定義驗證類型自定義UrlPatternMatcherStrategy
udf.ignoreUrlPatternType=

5、cas-client2的application.properties配置：

#項目端口
server.port=8089
#填CAS服務器的前綴
cas.server-url-prefix=https://cas.server.com:8443/cas
#填CAS服務器的登錄地址
cas.server-login-url=https://cas.server.com:8443/cas/login
#填客戶端的訪問前綴 www.crm.com是在host文件中配置的映射,映射到127.0.0.1
cas.client-host-url=http://cas.client2.com:8089
cas.use-session=true
cas.validation-type=cas
#自定義的退出url，退出成功後跳轉到 http://cas.client1.com:9002/logout/success
casClientLogoutUrl=https://cas.server.com:8443/cas/logout?service=http://cas.client2.com:8089/logout/success
#CAS驗證白名單
udf.ignorePattern=/logout/success|/index
#自定義驗證類型自定義UrlPatternMatcherStrategy
udf.ignoreUrlPatternType=

6、新建cas的配置類，配置登出攔截器，權限校驗攔截器

package com.example.casclient.config;

import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.EventListener;
import java.util.HashMap;
import java.util.Map;

@Configuration
public class CASAutoConfig {
    @Value("${cas.server-url-prefix}")
    private String serverUrlPrefix;
    @Value("${cas.server-login-url}")
    private String serverLoginUrl;
    @Value("${cas.client-host-url}")
    private String clientHostUrl;
    @Value("${udf.ignorePattern}")
    private String ignorePattern;
    @Value("${udf.ignoreUrlPatternType}")
    private String ignoreUrlPatternType;


    /**
     * 配置登出過濾器(過濾器順序有要求，先登出-》授權過濾器-》配置過濾驗證器-》wraper過濾器)
     * @return
     */
    @Bean
    public FilterRegistrationBean filterSingleRegistration() {
        final FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(new SingleSignOutFilter());
        // 設定匹配的路徑
        registration.addUrlPatterns("/*");
        Map<String,String>  initParameters = new HashMap<String, String>();
        initParameters.put("casServerUrlPrefix", serverUrlPrefix);
        registration.setInitParameters(initParameters);
        // 設定加載的順序
        registration.setOrder(1);
        return registration;
    }

    /**
     * 配置授權過濾器
     * @return
     */
    @Bean
    public FilterRegistrationBean filterAuthenticationRegistration() {
        final FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(new AuthenticationFilter());
        // 設定匹配的路徑
        registration.addUrlPatterns("/*");
        Map<String,String>  initParameters = new HashMap<String, String>();
        initParameters.put("casServerLoginUrl", serverLoginUrl);
        initParameters.put("serverName", clientHostUrl);

        if(ignorePattern != null && !"".equals(ignorePattern)){
            initParameters.put("ignorePattern", ignorePattern);
        }

        //自定義UrlPatternMatcherStrategy 驗證規則
        if(ignoreUrlPatternType != null && !"".equals(ignoreUrlPatternType)){
            initParameters.put("ignoreUrlPatternType", ignoreUrlPatternType);
        }

        registration.setInitParameters(initParameters);
        // 設定加載的順序
        registration.setOrder(2);
        return registration;
    }

    /**
     * 配置過濾驗證器 這裏用的是Cas30ProxyReceivingTicketValidationFilter
     * @return
     */
    @Bean
    public FilterRegistrationBean filterValidationRegistration() {
        final FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(new Cas30ProxyReceivingTicketValidationFilter());
        // 設定匹配的路徑
        registration.addUrlPatterns("/*");
        Map<String,String> initParameters = new HashMap<String, String>();
        initParameters.put("casServerUrlPrefix", serverUrlPrefix);
        initParameters.put("serverName", clientHostUrl);
        initParameters.put("useSession", "true");
        registration.setInitParameters(initParameters);
        // 設定加載的順序
        registration.setOrder(3);
        return registration;
    }

    /**
     * request wraper過濾器
     * @return
     */
    @Bean
    public FilterRegistrationBean filterWrapperRegistration() {
        final FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(new HttpServletRequestWrapperFilter());
        // 設定匹配的路徑
        registration.addUrlPatterns("/*");
        // 設定加載的順序
        registration.setOrder(4);
        return registration;
    }

    /**
     * 添加監聽器
     * @return
     */
    @Bean
    public ServletListenerRegistrationBean<EventListener> singleSignOutListenerRegistration() {
        ServletListenerRegistrationBean<EventListener> registrationBean = new ServletListenerRegistrationBean<EventListener>();
        registrationBean.setListener(new SingleSignOutHttpSessionListener());
        registrationBean.setOrder(1);
        return registrationBean;
    }

}

7、修改啓動類

@SpringBootApplication
@EnableCasClient
public class CasClientDemoApplication {

    public static void main(String[] args) {
        SpringApplication.run(CasClientDemoApplication.class, args);
    }

}

8、在template下新建hello.html，index.html，logoutsuccess.html
hello.html:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
<h1>This is cas clientB</h1>
<a href="/index">back to index</a><br/>
<a href="/logout">logout</a>
</body>
</html>

index.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
<h2>this is cas client B </h2>
<a href="/hello">clien B</a>
</body>
</html>

logoutsuccess.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
<h1>Client B Logout success！</h1>
<a href="/index">back to index</a>
</body>
</html>

9、啓動cas server，cas-client1,cas-client2。發現cas-client1和cas-client2已經實現了單點登錄，單點退出。
備註說明：
我自己在搭建客戶端的時候遇到了一下問題：
1、報證書問題，sun.security.validator.ValidatorException: PKIX path building failed。
這是因爲證書沒有導入到JDK，搭建cas server的時候沒有到成功。jdk的證書默認密碼爲changeit
keytool -import -trustcacerts -alias cascer -file cascer.cer -keystore “D:\tools\java\jre1.8.0_25\jre\lib\security\cacerts”
2、域名找不到，生成證書的時候，用戶名和形式直接填寫：cas.server.com
3、單點登出問題，因爲兩個應用，兩個域名。發現其中一個推出之後，另一個應用並沒有推出。這是因爲要配置登出過濾器，默認是沒有配置的。
4、注意過濾器的順序，最開始授權的過濾器的order設置爲3，導致白名單配置失效。

參考博客：
https://blog.csdn.net/oumuv/article/details/84317757
https://blog.csdn.net/c_kkl213/article/details/81781731