快捷導(dǎo)航

springboot前后端分離集成CAS單點(diǎn)登錄(統(tǒng)一認(rèn)證)

更新時間：2024年09月02日 10:02:56 作者：編程2年半的程序員

單點(diǎn)登錄是一種身份認(rèn)證和授權(quán)技術(shù),允許用戶在多個應(yīng)用系統(tǒng)中使用同一套用戶名和密碼進(jìn)行登錄,本文主要介紹了springboot前后端分離集成CAS單點(diǎn)登錄,具有一定的參考價值,感興趣的可以了解一下

最近公司接了一個項(xiàng)目，甲方需要集成到金智系統(tǒng)登錄,他們的數(shù)據(jù)在那邊，然后需要使用cas來完成，網(wǎng)上了解了一下大概就是通過cas系統(tǒng)來攔截請求驗(yàn)票，重定向到指定url登錄以后再調(diào)回來處理請求接口

大致流程如下

1. 在Maven項(xiàng)目中引入CAS（Central Authentication Service）客戶端核心庫。CAS是一個開源的企業(yè)級單點(diǎn)登錄解決方案，用于實(shí)現(xiàn)Web應(yīng)用程序的集中認(rèn)證和授權(quán)。

        <dependency>
            <groupId>org.jasig.cas.client</groupId>
            <artifactId>cas-client-core</artifactId>
            <version>3.5.0</version>
        </dependency>

2.yml配置cas

3.cas配置類

@Configuration
@Slf4j
@ConditionalOnProperty(value = "cas.loginType", havingValue = "cas")
public class CasFilterConfig {

    /**
     * 需要走cas攔截的地址（/* 所有地址都攔截）
     */
    @Value("${cas.urlPattern:/*}")
    private String filterUrl;

    /**
     * 默認(rèn)的cas地址，防止通過 配置信息獲取不到
     */
    @Value("${cas.server-url-prefix}")
    private String casServerUrl;

    /**
     * 應(yīng)用訪問地址（這個地址需要在cas服務(wù)端進(jìn)行配置）
     */
    @Value("${cas.authentication-url}")
    private String authenticationUrl;

    /**
     * 應(yīng)用訪問地址（這個地址需要在cas服務(wù)端進(jìn)行配置）
     */
    @Value("${cas.client-host-url}")
    private String appServerUrl;

    @Bean
    public ServletListenerRegistrationBean servletListenerRegistrationBean() {
        log.info(" \n cas 單點(diǎn)登錄配置 \n appServerUrl = " + appServerUrl + "\n casServerUrl = " + casServerUrl);
        log.info(" servletListenerRegistrationBean ");
        ServletListenerRegistrationBean listenerRegistrationBean = new ServletListenerRegistrationBean();
        listenerRegistrationBean.setListener(new SingleSignOutHttpSessionListener());
        listenerRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
        return listenerRegistrationBean;
    }

    /**
     * 單點(diǎn)登錄退出
     *
     * @return
     */
    @Bean
    public FilterRegistrationBean singleSignOutFilter() {
        log.info(" servletListenerRegistrationBean ");
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        registrationBean.setFilter(new SingleSignOutFilter());
        registrationBean.addUrlPatterns(filterUrl);
        registrationBean.addInitParameter("casServerUrlPrefix", casServerUrl);
        registrationBean.setName("CAS Single Sign Out Filter");
        registrationBean.setOrder(1);
        return registrationBean;
    }

    /**
     * 單點(diǎn)登錄認(rèn)證
     *
     * @return
     */
    @Bean
    public FilterRegistrationBean AuthenticationFilter() {
        log.info(" AuthenticationFilter ");
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        registrationBean.setFilter(new AuthenticationFilter());
        registrationBean.addUrlPatterns(filterUrl);
        registrationBean.setName("CAS Filter");
        registrationBean.addInitParameter("casServerLoginUrl", casServerUrl);
        registrationBean.addInitParameter("serverName", appServerUrl);
        registrationBean.setOrder(1);
        return registrationBean;
    }

    /**
     * 單點(diǎn)登錄校驗(yàn)
     *
     * @return
     */
    @Bean
    public FilterRegistrationBean Cas30ProxyReceivingTicketValidationFilter() {
        log.info(" Cas30ProxyReceivingTicketValidationFilter ");
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        registrationBean.setFilter(new Cas30ProxyReceivingTicketValidationFilter());
        registrationBean.addUrlPatterns(filterUrl);
        registrationBean.setName("CAS Validation Filter");
        registrationBean.addInitParameter("casServerUrlPrefix", authenticationUrl);
        registrationBean.addInitParameter("serverName", appServerUrl);
        registrationBean.setOrder(1);
        return registrationBean;
    }

    /**
     * 單點(diǎn)登錄請求包裝
     *
     * @return
     */
    @Bean
    public FilterRegistrationBean httpServletRequestWrapperFilter() {
        log.info(" httpServletRequestWrapperFilter ");
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        registrationBean.setFilter(new HttpServletRequestWrapperFilter());
        registrationBean.addUrlPatterns(filterUrl);
        registrationBean.setName("CAS HttpServletRequest Wrapper Filter");
        registrationBean.setOrder(1);
        return registrationBean;
    }

}

4.對接cas統(tǒng)一認(rèn)證后接受的用戶信息對象

/**
 * @Author:
 * @Date:
 * @Description: 使用cas對接封裝的cas返回的用戶信息的對象
 */
public class CasUtil {

    private static final Logger LOGGER = LoggerFactory.getLogger(CasUtil.class);
    /**
     * cas client 默認(rèn)的session key
     */
    public final static String CAS = "_const_cas_assertion_";

    /**
     * 封裝CasUserInfo
     *
     * @param request
     * @return
     */
    public static CasUserInfo getCasUserInfoFromCas(HttpServletRequest request) {
        Object object = request.getSession().getAttribute(CAS);
        if (null == object) {
            return null;
        }
        Assertion assertion = (Assertion) object;
        return buildCasUserInfoByCas(assertion);
    }

    /**
     * 構(gòu)建CasUserInfo
     *
     * @param assertion
     * @return
     */
    private static CasUserInfo buildCasUserInfoByCas(Assertion assertion) {
        if (null == assertion) {
            LOGGER.error(" Cas沒有獲取到用戶 ");
            return null;
        }
        CasUserInfo casUserInfo = new CasUserInfo();
        String userName = assertion.getPrincipal().getName();
        LOGGER.info(" cas對接登錄用戶= " + userName);
        casUserInfo.setUserAccount(userName);
        //獲取屬性值
        Map<String, Object> attributes = assertion.getPrincipal().getAttributes();
        Object name = attributes.get("cn");
        casUserInfo.setUserName(name == null ? userName : name.toString());
        casUserInfo.setAttributes(attributes);
        return casUserInfo;
    }

5.用戶信息實(shí)體

/**
 * @Author:
 * @Date:
 * @Description: 返回的用戶信息
 */
@Setter
@Getter
public class CasUserInfo {

    /** 用戶名 */
    private String userName;
    /** 用戶 */
    private String userAccount;
    /** 用戶信息 */
    private Map<String, Object> attributes;

}

6.驗(yàn)證統(tǒng)一認(rèn)證登錄后跳回來的處理

    /**
     * 統(tǒng)一認(rèn)證成功后跳轉(zhuǎn)
     *
     * @return
     */
    @GetMapping(value = "/index")
    public ResponseVo<String> index(HttpServletRequest request) {
        CasUserInfo userInfo = CasUtil.getCasUserInfoFromCas(request);
        log.info("userInfo = " + JSONObject.toJSON(userInfo));
       
    }

統(tǒng)一認(rèn)證登錄成功以后，回來再根據(jù)用戶信息校驗(yàn)用戶，生成對應(yīng)token

7.退出

  /**
     * 統(tǒng)一退出接口
     *
     * @return
     */
    @GetMapping(value = "/logout")
    public RedirectView logout(HttpServletRequest request) {
        // 清理緩存
          
        //        return "redirect:https://********/logout"; cas的退出
        return new RedirectView("https://************/logout");
    }

最后跳轉(zhuǎn)回來的時候因?yàn)閡rl里面帶了;被攔截報錯
The request was rejected because the URL contained a potentially malicious String ";"
最后在網(wǎng)上搜了一下相關(guān)錯誤
解決辦法在yml配置server加了以下配置

  servlet:
    session:
      tracking-modes: cookie

到此這篇關(guān)于springboot前后端分離集成CAS單點(diǎn)登錄(統(tǒng)一認(rèn)證)的文章就介紹到這了,更多相關(guān)springboot CAS單點(diǎn)登錄內(nèi)容請搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家！

您可能感興趣的文章: