一、引入pom依賴
<!-- spring-security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>5.0.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.0.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>5.0.1.RELEASE</version>
</dependency>
<!-- Spring集成Cas單點登錄 -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
<version>5.0.1.RELEASE</version>
</dependency>
<!-- cas -->
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.3.3</version>
<!-- 排除log4j包衝突 -->
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency>
二、配置web.xml,添加SpringSecurity配置
<!--SpringSecurity-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/spring-security.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
三、配置SpringSecurity配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- 放行靜態資源-->
<http pattern="/css/**" security="none"></http>
<http pattern="/img/**" security="none"></http>
<http pattern="/js/**" security="none"></http>
<http pattern="/plugins/**" security="none"></http>
<http pattern="/fonts/**" security="none"></http>
<http pattern="/index.html" security="none"></http>
<http pattern="/search.html" security="none"></http>
<http pattern="/cart.html" security="none"></http>
<!--放行一些請求-->
<http pattern="/content/findByCategoryId.do" security="none"/>
<!-- entry-point-ref 入口點引用 開始 -->
<http use-expressions="false" entry-point-ref="casProcessingFilterEntryPoint">
<!-- 匿名角色 IS_AUTHENTICATED_ANONYMOUSLY -->
<intercept-url pattern="/cart/*.do" access="IS_AUTHENTICATED_ANONYMOUSLY"></intercept-url>
<intercept-url pattern="/itemSearch/*.do" access="IS_AUTHENTICATED_ANONYMOUSLY"></intercept-url>
<intercept-url pattern="/user/*.do" access="IS_AUTHENTICATED_ANONYMOUSLY"></intercept-url>
<intercept-url pattern="/content/*.do" access="IS_AUTHENTICATED_ANONYMOUSLY"></intercept-url>
<!--配置攔截器, 攔截所有請求, 應該具有ROLE_USER的權限纔可以訪問我們系統-->
<intercept-url pattern="/**" access="ROLE_USER"/>
<csrf disabled="true"/>
<!-- 過濾器面,custom-filter爲過濾器,
position 表示將過濾器放在指定的位置上,
before表示放在指定位置之前 ,
after表示放在指定的位置之後 -->
<custom-filter ref="casAuthenticationFilter" position="CAS_FILTER" />
<!-- 本地登出的過濾器 -->
<custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
<!-- CAS登出的過濾器 -->
<custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
</http>
<!-- entry-point-ref 入口點引用 結束 -->
<!-- CAS入口點 開始 -->
<beans:bean id="casProcessingFilterEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<!-- 單點登錄服務器登錄URL -->
<beans:property name="loginUrl" value="http://10.30.35.88:9100/cas/login"/>
<!-- service相關屬性 -->
<beans:property name="serviceProperties" ref="serviceProperties"/>
</beans:bean>
<beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<!--service 配置自身工程的根地址+/login/cas - 這裏是固定寫法 -->
<beans:property name="service" value="http://localhost:8084/login/cas"/>
</beans:bean>
<!-- CAS入口點 結束 -->
<!-- 認證過濾器 開始 -->
<beans:bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
</beans:bean>
<!-- 認證管理器 -->
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthenticationProvider"></authentication-provider>
</authentication-manager>
<!-- 認證提供者 -->
<beans:bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<beans:property name="authenticationUserDetailsService">
<beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:constructor-arg ref="userDetailsService" />
</beans:bean>
</beans:property>
<beans:property name="serviceProperties" ref="serviceProperties"/>
<!-- ticketValidator 爲票據驗證器 -->
<beans:property name="ticketValidator">
<beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<beans:constructor-arg index="0" value="http://10.30.35.88:9100/cas"/>
</beans:bean>
</beans:property>
<beans:property name="key" value="an_id_for_this_auth_provider_only"/>
</beans:bean>
<!-- 認證類 - 這個認證類是來做權限的,認證其實是交給cas來做的 -->
<beans:bean id="userDetailsService" class="pers.liuchengyin.core.service.UserDetailServiceImpl"/>
<!-- 認證過濾器 結束 -->
<!-- 單點登出 開始 -->
<beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
<!-- 經過此配置,當用戶在地址欄輸入本地工程 /logout/cas -->
<beans:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<!-- CAS服務端登出及跳轉 -->
<beans:constructor-arg value="http://10.30.35.88:9100/cas/logout?service=http://localhost:8084"/>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/logout/cas"/>
</beans:bean>
<!-- 單點登出 結束 -->
</beans:beans>
四、創建認證類UserDetailServiceImpl
/**
* 自定義認證類:
* 在之前這裏負責用戶名密碼的校驗工作, 並給給當前用戶賦予對應的訪問權限
* 現在cas和springSecurity集成, 集成後, 用戶名密碼的校驗工作交給cas完成, 所以能夠進入到
* 這裏類的方法中的都是已經成功認證的用戶, 這裏只需要給登錄過的用戶賦予對應的訪問權限就可以
*/
public class UserDetailServiceImpl implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
List<GrantedAuthority> authorityList = new ArrayList<>();
//向權限集合中加入訪問權限
authorityList.add(new SimpleGrantedAuthority("ROLE_USER"));
return new User(username, "", authorityList);
}
}
五、前端可以通過a標籤等進行請求登錄
<!-- 直接通過html -->
<a href="/login.html">登錄</a>
<!-- 通過請求 -->
<a href="/login/cas">登錄</a>
六、前端可以通過a標籤進行註銷
<!-- 註銷 -->
<a href="/logout/cas">註銷</a>
七、門戶頁面(index.html)無需登錄可以訪問的,具體怎麼配置我也不太清楚
我這裏的做法是弄個login.html頁面進行中轉,因爲認證之後它會跳轉到login.html頁面來,如果後面有更好的方法再更新吧。
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<script>
location.href="index.html";
</script>
</body>
</html>