1、jeesite使用shrio來進項權限和認證處理。
2、創建自己的認證系統,將cas認證加載進來
import java.net.URLDecoder;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cas.CasAuthenticationException;
import org.apache.shiro.cas.CasRealm;
import org.apache.shiro.cas.CasToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.TicketValidationException;
import org.jasig.cas.client.validation.TicketValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.thinkgem.jeesite.common.config.Global;
import com.thinkgem.jeesite.common.utils.SpringContextHolder;
import com.thinkgem.jeesite.common.web.Servlets;
import com.thinkgem.jeesite.modules.sys.entity.Menu;
import com.thinkgem.jeesite.modules.sys.entity.Role;
import com.thinkgem.jeesite.modules.sys.entity.User;
import com.thinkgem.jeesite.modules.sys.security.SystemAuthorizingRealm.Principal;
import com.thinkgem.jeesite.modules.sys.service.SystemService;
import com.thinkgem.jeesite.modules.sys.utils.LogUtils;
import com.thinkgem.jeesite.modules.sys.utils.UserUtils;
public class CasLoginRealm extends CasRealm {
private Logger logger = LoggerFactory.getLogger(getClass());
private SystemService systemService;
/**
*
* @MethodName: doGetAuthenticationInfo
* @Description: 認證
* @param @param token
* @param @return
* @param @throws AuthenticationException
* @author
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken token) throws AuthenticationException {
CasToken casToken = (CasToken) token;
if (token == null) {
return null;
}
String ticket = (String)casToken.getCredentials();
if (!org.apache.shiro.util.StringUtils.hasText(ticket)) {
return null;
}
TicketValidator ticketValidator = ensureTicketValidator();
try {
// contact CAS server to validate service ticket
Assertion casAssertion = ticketValidator.validate(ticket, getCasService());
// get principal, user id and attributes
AttributePrincipal casPrincipal = casAssertion.getPrincipal();
String username = casPrincipal.getName();
logger.debug("Validate ticket : {} in CAS server : {} to retrieve user : {}", new Object[]{
ticket, getCasServerUrlPrefix(), username
});
User user = getSystemService().getUserByLoginName(username);
// refresh authentication token (user id + remember me)
casToken.setUserId(username);
// create simple authentication info
// PrincipalCollection principalCollection = new SimplePrincipalCollection(new SimplePrincipalCollection(new Principal(user, false), getName()), getName());
return new SimpleAuthenticationInfo(new SimplePrincipalCollection(new Principal(user, false), getName()), ticket);
} catch (TicketValidationException e) {
throw new CasAuthenticationException("Unable to validate ticket [" + ticket + "]", e);
}
}
/**
* 授權方案
*
*
* 在驗證之後的授權信息
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
PrincipalCollection principals) {
Principal principal = (Principal) getAvailablePrincipal(principals);
// 獲取當前已登錄的用戶
if (!Global.TRUE.equals(Global.getConfig("user.multiAccountLogin"))){
Collection<Session> sessions = getSystemService().getSessionDao().getActiveSessions(true, principal, UserUtils.getSession());
if (sessions.size() > 0){
// 如果是登錄進來的,則踢出已在線用戶
if (UserUtils.getSubject().isAuthenticated()){
for (Session session : sessions){
getSystemService().getSessionDao().delete(session);
}
}
// 記住我進來的,並且當前用戶已登錄,則退出當前用戶提示信息。
else{
UserUtils.getSubject().logout();
throw new AuthenticationException("msg:賬號已在其它地方登錄,請重新登錄。");
}
}
}
User user = getSystemService().getUserByLoginName(principal.getLoginName());
if (user != null) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
List<Menu> list = UserUtils.getMenuList();
for (Menu menu : list){
if (StringUtils.isNotBlank(menu.getPermission())){
// 添加基於Permission的權限信息
for (String permission : StringUtils.split(menu.getPermission(),",")){
info.addStringPermission(permission);
}
}
}
// 添加用戶權限
info.addStringPermission("user");
// 添加用戶角色信息
for (Role role : user.getRoleList()){
info.addRole(role.getEnname());
}
// 更新登錄IP和時間
getSystemService().updateUserLoginInfo(user);
// 記錄登錄日誌
LogUtils.saveLog(Servlets.getRequest(), "系統登錄");
return info;
} else {
return null;
}
}
/**
* 獲取系統業務對象
*/
public SystemService getSystemService() {
if (systemService == null){
systemService = SpringContextHolder.getBean(SystemService.class);
}
return systemService;
}
/**
* 未使用客戶端jar包 需要手動解析
*/
public Map<String,String> getSsoUserInfo(String str){
Map<String,String> map = new HashMap<String, String>();
String str2 = str.replaceAll(" ", "").replaceAll("\t|\n", "").replace("=[",",").replace("]", "").replace("{", "").replace("}", "");
String[] strs = str2.split(",");
try {
for (String strl : strs) {
if(strl.startsWith("NAME") && strl.length()>4){
map.put("NAME", URLDecoder.decode(strl.replace("NAME", ""), "UTF-8"));
}
if(strl.startsWith("LOGINNAME") && strl.length()>9){
map.put("LOGINNAME", URLDecoder.decode(strl.replace("LOGINNAME", ""), "UTF-8"));
}
}
} catch (Exception e) {
// TODO: handle exception
}
return map;
}
}
3、修改配置spring-context-shiro.xml
4、修改完成後我們直接訪問項目首頁,會跳轉到cas登錄入口,此時輸入用戶名和密碼登錄。
5、這個時候並不能完成登錄,我們默認的用戶名casuser,這是認證服務器的用戶名,那這個用戶名如何登錄我們的系統呢?從代碼中我們可以看到,cas認證通過的信息根據用戶名,與系統中用戶的登錄名匹配,來加載用戶信息。那麼我們要改一下cas的登錄名稱,修改後再登錄,便可使用該用戶進入到系統。