CAS - SpringSecurity整合CAS

一、引入pom依賴

<!-- spring-security -->
<dependency>
	<groupId>org.springframework.security</groupId>
	<artifactId>spring-security-web</artifactId>
	<version>5.0.1.RELEASE</version>
</dependency>
<dependency>
	<groupId>org.springframework.security</groupId>
	<artifactId>spring-security-config</artifactId>
	<version>5.0.1.RELEASE</version>
</dependency>
<dependency>
	<groupId>org.springframework.security</groupId>
	<artifactId>spring-security-taglibs</artifactId>
	<version>5.0.1.RELEASE</version>
</dependency>
<!-- Spring集成Cas單點登錄 -->
<dependency>
	<groupId>org.springframework.security</groupId>
	<artifactId>spring-security-cas</artifactId>
	<version>5.0.1.RELEASE</version>
</dependency>
<!-- cas -->
<dependency>
	<groupId>org.jasig.cas.client</groupId>
	<artifactId>cas-client-core</artifactId>
	<version>3.3.3</version>
	<!-- 排除log4j包衝突 -->
	<exclusions>
		<exclusion>
			<groupId>org.slf4j</groupId>
			<artifactId>log4j-over-slf4j</artifactId>
		</exclusion>
	</exclusions>
</dependency>

二、配置web.xml，添加SpringSecurity配置

<!--SpringSecurity-->
<context-param>
  <param-name>contextConfigLocation</param-name>
  <param-value>classpath:spring/spring-security.xml</param-value>
</context-param>
<listener>
  <listener-class>
      org.springframework.web.context.ContextLoaderListener
  </listener-class>
</listener>

<filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

三、配置SpringSecurity配置文件

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
						http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

    <!-- 放行靜態資源-->
    <http pattern="/css/**" security="none"></http>
    <http pattern="/img/**" security="none"></http>
    <http pattern="/js/**" security="none"></http>
    <http pattern="/plugins/**" security="none"></http>
    <http pattern="/fonts/**" security="none"></http>
    <http pattern="/index.html" security="none"></http>
    <http pattern="/search.html" security="none"></http>
    <http pattern="/cart.html" security="none"></http>
    <!--放行一些請求-->
    <http pattern="/content/findByCategoryId.do" security="none"/>

    <!--   entry-point-ref  入口點引用 開始 -->
    <http use-expressions="false" entry-point-ref="casProcessingFilterEntryPoint">
        <!-- 匿名角色 IS_AUTHENTICATED_ANONYMOUSLY -->
        <intercept-url pattern="/cart/*.do" access="IS_AUTHENTICATED_ANONYMOUSLY"></intercept-url>
        <intercept-url pattern="/itemSearch/*.do" access="IS_AUTHENTICATED_ANONYMOUSLY"></intercept-url>
        <intercept-url pattern="/user/*.do" access="IS_AUTHENTICATED_ANONYMOUSLY"></intercept-url>
        <intercept-url pattern="/content/*.do" access="IS_AUTHENTICATED_ANONYMOUSLY"></intercept-url>
        <!--配置攔截器, 攔截所有請求, 應該具有ROLE_USER的權限纔可以訪問我們系統-->
        <intercept-url pattern="/**" access="ROLE_USER"/>
        <csrf disabled="true"/>
        <!-- 過濾器面，custom-filter爲過濾器，
        position 表示將過濾器放在指定的位置上，
        before表示放在指定位置之前  ，
        after表示放在指定的位置之後  -->
        <custom-filter ref="casAuthenticationFilter"  position="CAS_FILTER" />
        <!-- 本地登出的過濾器 -->
        <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
        <!-- CAS登出的過濾器 -->
        <custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
    </http>
	<!--   entry-point-ref  入口點引用 結束 -->

    <!-- CAS入口點 開始 -->
    <beans:bean id="casProcessingFilterEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
        <!-- 單點登錄服務器登錄URL -->
        <beans:property name="loginUrl" value="http://10.30.35.88:9100/cas/login"/>
        <!-- service相關屬性 -->
        <beans:property name="serviceProperties" ref="serviceProperties"/>
    </beans:bean>
    <beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
        <!--service 配置自身工程的根地址+/login/cas - 這裏是固定寫法   -->
        <beans:property name="service" value="http://localhost:8084/login/cas"/>
    </beans:bean>
	<!-- CAS入口點 結束 -->
	
    <!-- 認證過濾器 開始 -->
    <beans:bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
        <beans:property name="authenticationManager" ref="authenticationManager"/>
    </beans:bean>
    <!-- 認證管理器 -->
    <authentication-manager alias="authenticationManager">
        <authentication-provider  ref="casAuthenticationProvider"></authentication-provider>
    </authentication-manager>
    <!-- 認證提供者 -->
    <beans:bean id="casAuthenticationProvider"
                class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
        <beans:property name="authenticationUserDetailsService">
            <beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
                <beans:constructor-arg ref="userDetailsService" />
            </beans:bean>
        </beans:property>
        <beans:property name="serviceProperties" ref="serviceProperties"/>
        <!-- ticketValidator 爲票據驗證器 -->
        <beans:property name="ticketValidator">
            <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                <beans:constructor-arg index="0" value="http://10.30.35.88:9100/cas"/>
            </beans:bean>
        </beans:property>
        <beans:property name="key" value="an_id_for_this_auth_provider_only"/>
    </beans:bean>
    <!-- 認證類 - 這個認證類是來做權限的，認證其實是交給cas來做的 -->
    <beans:bean id="userDetailsService" class="pers.liuchengyin.core.service.UserDetailServiceImpl"/>
	<!-- 認證過濾器 結束 -->

    <!-- 單點登出  開始  -->
    <beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
    <!-- 經過此配置，當用戶在地址欄輸入本地工程 /logout/cas  -->
    <beans:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
        <!-- CAS服務端登出及跳轉 -->
        <beans:constructor-arg value="http://10.30.35.88:9100/cas/logout?service=http://localhost:8084"/>
        <beans:constructor-arg>
            <beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
        </beans:constructor-arg>
        <beans:property name="filterProcessesUrl" value="/logout/cas"/>
    </beans:bean>
	<!-- 單點登出  結束  -->

</beans:beans>

四、創建認證類UserDetailServiceImpl

/**
 * 自定義認證類:
 * 在之前這裏負責用戶名密碼的校驗工作, 並給給當前用戶賦予對應的訪問權限
 * 現在cas和springSecurity集成, 集成後, 用戶名密碼的校驗工作交給cas完成, 所以能夠進入到
 * 這裏類的方法中的都是已經成功認證的用戶, 這裏只需要給登錄過的用戶賦予對應的訪問權限就可以
 */
public class UserDetailServiceImpl implements UserDetailsService {
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        List<GrantedAuthority> authorityList = new ArrayList<>();
        //向權限集合中加入訪問權限
        authorityList.add(new SimpleGrantedAuthority("ROLE_USER"));
        return new User(username, "", authorityList);
    }
}

五、前端可以通過a標籤等進行請求登錄

<!-- 直接通過html -->
<a href="/login.html">登錄</a>
<!-- 通過請求 -->
<a href="/login/cas">登錄</a>

六、前端可以通過a標籤進行註銷

<!-- 註銷 -->
<a href="/logout/cas">註銷</a>

七、門戶頁面(index.html)無需登錄可以訪問的，具體怎麼配置我也不太清楚

我這裏的做法是弄個login.html頁面進行中轉，因爲認證之後它會跳轉到login.html頁面來，如果後面有更好的方法再更新吧。

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
<script>
    location.href="index.html";
</script>
</body>
</html>