2、部署cas服務器
(1)先從github下載cas服務端代碼,自己打包war
https://github.com/apereo/cas-management-overlay
注意:打包的時候修改propertyFileConfigurer.xml,文件裏面的文件路徑把casProperties放在相應的位置
<util:properties id="casProperties" location="file:c:\cas.properties" />`
(2)tomcat或者jetty部署
(3)如果需要設置https,以tomcat爲列
<Connector port="8080" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:\\keystore\\tomcat.keystore"
keystorePass="wang" />
keystoreFile 是加密的證書問價
keystorePass爲密碼
請參考
https://blog.csdn.net/u012970850/article/details/82533555
(4)訪問https://127.0.0.1:8080/cas/Login;默認用戶名密碼爲: 默認是 casuser:Mellon
3、客戶端的配置
我使用的springboot手動配置的方式,沒使用springboot自帶的
使用的jar包爲cas-client-core-3.1.10.jar
不同的jar代碼會有一下差異,但是不大
(1)配置參數
@Configuration
@Getter
@Setter
public class CasConfiguration {
//cas登錄路徑
@Value("${cas.casServerLoginUrl}")
private String casServerLoginUrl;
@Value("${cas.casServerLogoutUrl}")
private String casServerLogoutUrl;
//cas客戶端服務器
@Value("${cas.clientService}")
private String clientService;
//登錄成功地址
@Value("${cas.clientLoginSuccessUrl}")
private String clientLoginSuccessUrl;
//白名單
@Value("${cas.whiteList}")
private String whiteList;
//cas服務器
@Value("${cas.casServerUrlPrefix}")
private String casServerUrlPrefix;
//cas客戶端服務器根目錄
@Value("${cas.clientServerName}")
private String clientServerName;
}
(2)配置過濾器
@Configuration
public class CasFilter {
@Autowired
CasConfiguration casConfiguration;
/*
* @Description:退出登錄過濾器,需要放在最前面
* @Param:[]
* @Return: org.springframework.boot.web.servlet.FilterRegistrationBean
* @Throws:
* @Author: wangwei
* @Date:2020/3/31 15:44
*/
@Bean
public FilterRegistrationBean CasSingleSignOutFilter() {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
//配置攔截器參數map
Map<String, String> map = new HashMap<>(16);
SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
filterRegistrationBean.setFilter(singleSignOutFilter);
map.put("casServerUrlPrefix", casConfiguration.getCasServerUrlPrefix());
filterRegistrationBean.setInitParameters(map);
String url = "/*";
filterRegistrationBean.addUrlPatterns(url);
filterRegistrationBean.setName("CasSingleSignOutFilter");
filterRegistrationBean.setOrder(1);
return filterRegistrationBean;
}
//配置 SingleSignOutHttpSessionListener
@Bean
public ServletListenerRegistrationBean<org.jasig.cas.client.session.SingleSignOutHttpSessionListener> casListener() {
return new ServletListenerRegistrationBean<>(
new org.jasig.cas.client.session.SingleSignOutHttpSessionListener());
}
/*
* @Description:CAS認證filter casServerLoginUrl參數:表示CAS Server登錄URL,後面追加appResId參數,表明應用類型(公文系統暫時使用GONGWEN,備案系統使用BHXT)。
service參數:表示在通過CAS Server認證後的返回頁面。 localLoginUrl參數:本地登錄URL。 renew參數:請不要修改。
whiteList參數:不進行認證檢查的URI,使用分號進行分割。如果以/爲結尾,則表示該路徑下的所有URI均不進行認證檢查。
* @Param:[]
* @Return: org.springframework.boot.web.servlet.FilterRegistrationBean
* @Throws:
* @Author: wangwei
* @Date:2020/3/27 11:10
*/
@Bean
public FilterRegistrationBean CasAuthenticationFilter() {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
//配置攔截器參數map
Map<String, String> map = new HashMap<>(16);
AuthenticationFilter casAuthenticationFilter = new AuthenticationFilter();
filterRegistrationBean.setFilter(casAuthenticationFilter);
map.put("casServerLoginUrl", casConfiguration.getCasServerLoginUrl());
map.put("service", casConfiguration.getClientLoginSuccessUrl());
map.put("localLoginUrl", casConfiguration.getClientLoginSuccessUrl());
map.put("renew", "false");
map.put("whiteList", casConfiguration.getWhiteList());
filterRegistrationBean.setInitParameters(map);
String url = "/*";
filterRegistrationBean.addUrlPatterns(url);
filterRegistrationBean.setName("casAuthenticationFilter");
filterRegistrationBean.setOrder(2);
return filterRegistrationBean;
}
/*
* @Description:CAS驗證filter serverName參數:應用根路徑。 CAS Http請求Wrapper filter:在通過CAS認證或驗證通過後,將user id賦值到request中remoteUser中
* @Param:[]
* @Return: org.springframework.boot.web.servlet.FilterRegistrationBean
* @Throws:
* @Author: wangwei
* @Date:2020/3/27 11:10
*/
@Bean
public FilterRegistrationBean CasValidationFilter() {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
//配置攔截器參數map
Map<String, String> map = new HashMap<>(16);
CustomCas30ProxyReceivingTicketValidationFilter casValidationFilter = new CustomCas30ProxyReceivingTicketValidationFilter();
filterRegistrationBean.setFilter(casValidationFilter);
map.put("casServerUrlPrefix", casConfiguration.getCasServerUrlPrefix());
map.put("serverName", casConfiguration.getClientServerName());
filterRegistrationBean.setInitParameters(map);
String url = "/*";
filterRegistrationBean.addUrlPatterns(url);
filterRegistrationBean.setName("casValidationFilter");
filterRegistrationBean.setOrder(3);
return filterRegistrationBean;
}
@Bean
public FilterRegistrationBean CasHttpServletRequestFilter() {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
//配置攔截器參數map
HttpServletRequestWrapperFilter casHttpServletRequestFilter = new HttpServletRequestWrapperFilter();
filterRegistrationBean.setFilter(casHttpServletRequestFilter);
String url = "/*";
filterRegistrationBean.addUrlPatterns(url);
filterRegistrationBean.setName("casHttpServletRequestFilter");
filterRegistrationBean.setOrder(4);
return filterRegistrationBean;
}
}
(3)登錄成功,校驗成功後獲取登錄用戶信息
public class CustomCas30ProxyReceivingTicketValidationFilter extends Cas10TicketValidationFilter {
@Override
protected void onSuccessfulValidation(HttpServletRequest request, HttpServletResponse response, Assertion assertion) {
String dcpLoginInfo = (String) assertion.getPrincipal().getName();
javax.servlet.http.HttpSession session=request.getSession(false);
if(session!=null){
session.setAttribute("systemUser",dcpLoginInfo);
}
}
}
(4)配置信息
cas:
casServerLoginUrl: https://127.0.0.1:8080/cas/Login?appResId=BI
casServerLogoutUrl: https://127.0.0.1:8080/cas/logout?appResId=BI
clientService: https://cas01.example.org/BI
clientLoginSuccessUrl: https://cas01.example.org/BI/index.html
whiteList: /swagger-resources/**,/swagger-ui.html,/v2/api-docs
casServerUrlPrefix: https://127.0.0.1:8080/cas
clientServerName: https://cas01.example.org
4、注意事項
(1)、如果不做配置,客戶端需要使用域名,如果使用ip,token校驗通不過
(2)、客戶端使用http連接需要配置cas服務器,裏面的這個兩個文件
(3)、註銷後跳轉指定路徑需要配置cas服務器
(4)、客戶端可能會證書認證的錯誤,可以忽略證書
/**
* 忽略https證書
*/
private static void disableSslVerification() {
try
{
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}
};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
}
啓動的時候調用
5、客戶端訪問
登錄訪問路徑,會自動跳到cas登錄地址
https://cas01.example.org/BI/index.html
註銷路徑
https://127.0.0.1:8080/cas/logout?appResId=bjzdgc-BI&service=註銷後的路徑
6、對應的資源文件
(1)war包
https://download.csdn.net/download/weixin_40010498/12288839
(2)core包網上找有很多,已經有資源了不能上傳了
cas-client-core