在前一篇博客中,主要是CAS Server環境搭建,其中遇到了各種問題。現在把客戶端搭建過程記錄一下,cas客戶端這裏採用SpringBoot+CAS Client搭建。修改hosts文件配置cas server和cas客戶端cas-client1,cas-client2的域名:
127.0.0.1 cas.server.com
127.0.0.1 cas.client1.com
127.0.0.1 cas.client2.com
注意:cas server的cas.properties中的一下配置要修改,這樣登出的時候纔會按照傳的地址跳轉
cas.logout.followServiceRedirects=false
1、新建一個maven父模塊cas-demo,然後新建兩個客戶端應用cas-client1,cas-client2(實際可以通過讀取不同的配置)。
2、父模塊pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.5.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.cas</groupId>
<artifactId>cas-demo</artifactId>
<packaging>pom</packaging>
<version>1.0-SNAPSHOT</version>
<modules>
<module>cas-client1</module>
<module>cas-client2</module>
</modules>
</project>
3、另個cas-client的pom.xml一樣
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>cas-demo</artifactId>
<groupId>com.cas</groupId>
<version>1.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>cas-client1</artifactId>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>net.unicon.cas</groupId>
<artifactId>cas-client-autoconfig-support</artifactId>
<version>1.5.0-GA</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
4、cas-client1的application.properties配置:
#項目端口
server.port=8088
#填CAS服務器的前綴
cas.server-url-prefix=https://cas.server.com:8443/cas
#填CAS服務器的登錄地址
cas.server-login-url=https://cas.server.com:8443/cas/login
#填客戶端的訪問前綴 www.crm.com是在host文件中配置的映射,映射到127.0.0.1
cas.client-host-url=http://cas.client1.com:8088
cas.use-session=true
cas.validation-type=cas
#自定義的退出url,退出成功後跳轉到 http://cas.client1.com:9002/logout/success
casClientLogoutUrl=https://cas.server.com:8443/cas/logout?service=http://cas.client1.com:8088/logout/success
#CAS驗證白名單
udf.ignorePattern=/logout/success|/index
#自定義驗證類型自定義UrlPatternMatcherStrategy
udf.ignoreUrlPatternType=
5、cas-client2的application.properties配置:
#項目端口
server.port=8089
#填CAS服務器的前綴
cas.server-url-prefix=https://cas.server.com:8443/cas
#填CAS服務器的登錄地址
cas.server-login-url=https://cas.server.com:8443/cas/login
#填客戶端的訪問前綴 www.crm.com是在host文件中配置的映射,映射到127.0.0.1
cas.client-host-url=http://cas.client2.com:8089
cas.use-session=true
cas.validation-type=cas
#自定義的退出url,退出成功後跳轉到 http://cas.client1.com:9002/logout/success
casClientLogoutUrl=https://cas.server.com:8443/cas/logout?service=http://cas.client2.com:8089/logout/success
#CAS驗證白名單
udf.ignorePattern=/logout/success|/index
#自定義驗證類型自定義UrlPatternMatcherStrategy
udf.ignoreUrlPatternType=
6、新建cas的配置類,配置登出攔截器,權限校驗攔截器
package com.example.casclient.config;
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.EventListener;
import java.util.HashMap;
import java.util.Map;
@Configuration
public class CASAutoConfig {
@Value("${cas.server-url-prefix}")
private String serverUrlPrefix;
@Value("${cas.server-login-url}")
private String serverLoginUrl;
@Value("${cas.client-host-url}")
private String clientHostUrl;
@Value("${udf.ignorePattern}")
private String ignorePattern;
@Value("${udf.ignoreUrlPatternType}")
private String ignoreUrlPatternType;
/**
* 配置登出過濾器(過濾器順序有要求,先登出-》授權過濾器-》配置過濾驗證器-》wraper過濾器)
* @return
*/
@Bean
public FilterRegistrationBean filterSingleRegistration() {
final FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new SingleSignOutFilter());
// 設定匹配的路徑
registration.addUrlPatterns("/*");
Map<String,String> initParameters = new HashMap<String, String>();
initParameters.put("casServerUrlPrefix", serverUrlPrefix);
registration.setInitParameters(initParameters);
// 設定加載的順序
registration.setOrder(1);
return registration;
}
/**
* 配置授權過濾器
* @return
*/
@Bean
public FilterRegistrationBean filterAuthenticationRegistration() {
final FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new AuthenticationFilter());
// 設定匹配的路徑
registration.addUrlPatterns("/*");
Map<String,String> initParameters = new HashMap<String, String>();
initParameters.put("casServerLoginUrl", serverLoginUrl);
initParameters.put("serverName", clientHostUrl);
if(ignorePattern != null && !"".equals(ignorePattern)){
initParameters.put("ignorePattern", ignorePattern);
}
//自定義UrlPatternMatcherStrategy 驗證規則
if(ignoreUrlPatternType != null && !"".equals(ignoreUrlPatternType)){
initParameters.put("ignoreUrlPatternType", ignoreUrlPatternType);
}
registration.setInitParameters(initParameters);
// 設定加載的順序
registration.setOrder(2);
return registration;
}
/**
* 配置過濾驗證器 這裏用的是Cas30ProxyReceivingTicketValidationFilter
* @return
*/
@Bean
public FilterRegistrationBean filterValidationRegistration() {
final FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new Cas30ProxyReceivingTicketValidationFilter());
// 設定匹配的路徑
registration.addUrlPatterns("/*");
Map<String,String> initParameters = new HashMap<String, String>();
initParameters.put("casServerUrlPrefix", serverUrlPrefix);
initParameters.put("serverName", clientHostUrl);
initParameters.put("useSession", "true");
registration.setInitParameters(initParameters);
// 設定加載的順序
registration.setOrder(3);
return registration;
}
/**
* request wraper過濾器
* @return
*/
@Bean
public FilterRegistrationBean filterWrapperRegistration() {
final FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new HttpServletRequestWrapperFilter());
// 設定匹配的路徑
registration.addUrlPatterns("/*");
// 設定加載的順序
registration.setOrder(4);
return registration;
}
/**
* 添加監聽器
* @return
*/
@Bean
public ServletListenerRegistrationBean<EventListener> singleSignOutListenerRegistration() {
ServletListenerRegistrationBean<EventListener> registrationBean = new ServletListenerRegistrationBean<EventListener>();
registrationBean.setListener(new SingleSignOutHttpSessionListener());
registrationBean.setOrder(1);
return registrationBean;
}
}
7、修改啓動類
@SpringBootApplication
@EnableCasClient
public class CasClientDemoApplication {
public static void main(String[] args) {
SpringApplication.run(CasClientDemoApplication.class, args);
}
}
8、在template下新建hello.html,index.html,logoutsuccess.html
hello.html:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h1>This is cas clientB</h1>
<a href="/index">back to index</a><br/>
<a href="/logout">logout</a>
</body>
</html>
index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h2>this is cas client B </h2>
<a href="/hello">clien B</a>
</body>
</html>
logoutsuccess.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h1>Client B Logout success!</h1>
<a href="/index">back to index</a>
</body>
</html>
9、啓動cas server,cas-client1,cas-client2。發現cas-client1和cas-client2已經實現了單點登錄,單點退出。
備註說明:
我自己在搭建客戶端的時候遇到了一下問題:
1、報證書問題,sun.security.validator.ValidatorException: PKIX path building failed。
這是因爲證書沒有導入到JDK,搭建cas server的時候沒有到成功。jdk的證書默認密碼爲changeit
keytool -import -trustcacerts -alias cascer -file cascer.cer -keystore “D:\tools\java\jre1.8.0_25\jre\lib\security\cacerts”
2、域名找不到,生成證書的時候,用戶名和形式直接填寫:cas.server.com
3、單點登出問題,因爲兩個應用,兩個域名。發現其中一個推出之後,另一個應用並沒有推出。這是因爲要配置登出過濾器,默認是沒有配置的。
4、注意過濾器的順序,最開始授權的過濾器的order設置爲3,導致白名單配置失效。
參考博客:
https://blog.csdn.net/oumuv/article/details/84317757
https://blog.csdn.net/c_kkl213/article/details/81781731