快捷導(dǎo)航

詳解spring boot配置單點(diǎn)登錄

更新時(shí)間：2017年03月23日 16:40:50 作者：趙武靈王

本篇文章主要介紹了詳解spring boot配置單點(diǎn)登錄，常用的安全框架有spring security和apache shiro。shiro的配置和使用相對(duì)簡(jiǎn)單，本文使用shrio對(duì)接CAS服務(wù)。

概述

企業(yè)內(nèi)部一般都有一套單點(diǎn)登錄系統(tǒng)（常用的實(shí)現(xiàn)有apereo cas），所有的內(nèi)部系統(tǒng)的登錄認(rèn)證都對(duì)接它。本文介紹spring boot的程序如何對(duì)接CAS服務(wù)。

常用的安全框架有spring security和apache shiro。shiro的配置和使用相對(duì)簡(jiǎn)單，本文使用shrio對(duì)接CAS服務(wù)。

配置

新增依賴

pom.xml新增：

<properties>
  <shiro.version>1.2.4</shiro.version>
 </properties>
<dependencies>
<!--Apache Shiro -->
  <dependency>
   <groupId>org.apache.shiro</groupId>
   <artifactId>shiro-spring</artifactId>
   <version>${shiro.version}</version>
  </dependency>
  <dependency>
   <groupId>org.apache.shiro</groupId>
   <artifactId>shiro-ehcache</artifactId>
   <version>${shiro.version}</version>
  </dependency>
  <dependency>
   <groupId>org.apache.shiro</groupId>
   <artifactId>shiro-cas</artifactId>
   <version>${shiro.version}</version>
  </dependency>
</dependencies>

spring boot配置

application.properties

shiro.cas=https://cas.xxx.com # 這是CAS服務(wù)的地址
shiro.server=http://127.0.0.1:8080 # 自己應(yīng)用的地址，測(cè)試使用127即可

應(yīng)用配置

初始化shiro bean，將文件放到任意子包下即可，比如xxx.config，spring boot會(huì)自動(dòng)掃描加載

@Configuration
public class ShiroCasConfiguration {
 private static final String casFilterUrlPattern = "/shiro-cas";

 @Bean
 public FilterRegistrationBean filterRegistrationBean() {
  FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
  filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter"));
  filterRegistration.addInitParameter("targetFilterLifecycle", "true");
  filterRegistration.setEnabled(true);
  filterRegistration.addUrlPatterns("/*");
  return filterRegistration;
 }

 @Bean(name = "lifecycleBeanPostProcessor")
 public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
  return new LifecycleBeanPostProcessor();
 }

 @Bean(name = "securityManager")
 public DefaultWebSecurityManager getDefaultWebSecurityManager(@Value("${shiro.cas}") String casServerUrlPrefix,
                 @Value("${shiro.server}") String shiroServerUrlPrefix) {
  DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
  CasRealm casRealm = new CasRealm();
  casRealm.setDefaultRoles("ROLE_USER");
  casRealm.setCasServerUrlPrefix(casServerUrlPrefix);
  casRealm.setCasService(shiroServerUrlPrefix + casFilterUrlPattern);
  securityManager.setRealm(casRealm);
  securityManager.setCacheManager(new MemoryConstrainedCacheManager());
  securityManager.setSubjectFactory(new CasSubjectFactory());
  return securityManager;
 }

 private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean) {
  Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();

  filterChainDefinitionMap.put(casFilterUrlPattern, "casFilter");
  filterChainDefinitionMap.put("/login", "anon");
  filterChainDefinitionMap.put("/bower_components/**", "anon");//可以將不需要攔截的靜態(tài)文件目錄加進(jìn)去
  filterChainDefinitionMap.put("/logout","logout");
  filterChainDefinitionMap.put("/**", "authc");
  shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
 }

 /**
  * CAS Filter
  */
 @Bean(name = "casFilter")
 public CasFilter getCasFilter(@Value("${shiro.cas}") String casServerUrlPrefix,
         @Value("${shiro.server}") String shiroServerUrlPrefix) {
  CasFilter casFilter = new CasFilter();
  casFilter.setName("casFilter");
  casFilter.setEnabled(true);
  String loginUrl = casServerUrlPrefix + "/login?service=" + shiroServerUrlPrefix + casFilterUrlPattern;
  casFilter.setFailureUrl(loginUrl);
  return casFilter;
 }

 @Bean(name = "shiroFilter")
 public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager,
               CasFilter casFilter,
               @Value("${shiro.cas}") String casServerUrlPrefix,
               @Value("${shiro.server}") String shiroServerUrlPrefix) {
  ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
  shiroFilterFactoryBean.setSecurityManager(securityManager);
  String loginUrl = casServerUrlPrefix + "/login?service=" + shiroServerUrlPrefix + casFilterUrlPattern;
  shiroFilterFactoryBean.setLoginUrl(loginUrl);
  shiroFilterFactoryBean.setSuccessUrl("/");
  Map<String, Filter> filters = new HashMap<>();
  filters.put("casFilter", casFilter);
  LogoutFilter logoutFilter = new LogoutFilter();
  logoutFilter.setRedirectUrl(casServerUrlPrefix + "/logout?service=" + shiroServerUrlPrefix);
  filters.put("logout",logoutFilter);
  shiroFilterFactoryBean.setFilters(filters);

  loadShiroFilterChain(shiroFilterFactoryBean);
  return shiroFilterFactoryBean;
 }
}

程序中獲取登錄的用戶名

上述配置完成后，就可以找程序中獲取登錄用戶的名字了

public String getUsername() {
  Subject subject = SecurityUtils.getSubject();
  if (subject == null || subject.getPrincipals() == null) {
   return DEFAULTUSER;
  }
  return (String) subject.getPrincipals().getPrimaryPrincipal();
 }

總結(jié)

shiro使用還是比較簡(jiǎn)單的，使用的時(shí)候只需要修改application.properties即可

以上就是本文的全部?jī)?nèi)容，希望對(duì)大家的學(xué)習(xí)有所幫助，也希望大家多多支持腳本之家。

您可能感興趣的文章: