單點登入(二)__CAS與Security的結合
阿新 • • 發佈:2018-11-16
security和CAS本質上都是一堆過濾器,只需要正確的配置這些過濾器就可以
第一步:導包
匯入spring相關包,匯入spring-security包,匯入CAS客戶端包
<properties> <spring.version>4.2.4.RELEASE</spring.version> </properties> <artifactId>client3_security</artifactId> <packaging>war</packaging> <dependencies> <!-- Spring --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-beans</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-jdbc</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aspects</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context-support</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <version>${spring.version}</version> </dependency> <!--測試包--> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.12</version> </dependency> <dependency> <groupId>javassist</groupId> <artifactId>javassist</artifactId> <version>3.4.GA</version> </dependency> <dependency> <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> <version>1.5</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>2.5</version> <scope>provided</scope> </dependency> <!--spring:security--> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${spring.version}</version> </dependency> <!--引入依賴,security和cas的結合包--> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-cas</artifactId> <version>4.1.0.RELEASE</version> </dependency> <dependency> <groupId>org.jasig.cas.client</groupId> <artifactId>cas-client-core</artifactId> <version>3.3.3</version> <exclusions> <exclusion> <groupId>org.slf4j</groupId> <artifactId>log4j-over-slf4j</artifactId> </exclusion> </exclusions> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.apache.tomcat.maven</groupId> <artifactId>tomcat7-maven-plugin</artifactId> <version>2.2</version> <configuration> <!-- 指定埠 --> <port>9003</port> <!-- 請求路徑 --> <path>/</path> </configuration> </plugin> </plugins> </build>
第二步: web.xml配置檔案
tomcat啟動之後過濾器會先執行,我們配置的是過濾器鏈,然後監聽器檢測到content有變動,所以會載入其他的配置檔案
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<!-- 解決post亂碼 -->
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--使用者通過瀏覽器訪問,所以需要有dispatcher-->
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/springmvc.xml</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<!--將springsecurity匯入進來-->
<!--監聽器-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/spring-security.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!--過濾器部分-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>第三步:配置spiring-security.xml
tomcat只要一啟動通過xml的監聽器檢測到content容器變化,然後就載入spring-security.xml
spring-security.xml 中的http標籤就載入了xml中的過濾器
1 http 開始呼叫cas切入點,切入點過濾器就載入cas伺服器地址和載入自身工程的根地址
2 http開始呼叫認證過濾器
3 http開始呼叫登出過濾器
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!--設定匿名訪問-->
<http pattern="index2.jsp" security="none"></http>
<!--總呼叫,呼叫切入點-->
<http use-expressions="false" entry-point-ref="casProcessingFilterEntryPoint">
<!--攔截所有路徑,通過需要有ROLE_USER許可權才可以訪問-->
<intercept-url pattern="/**" access="ROLE_USER"/>
<!--此處設定過濾器,position表示指定位置,befor表示指定位置前,atter指定位置後-->
<!--1 呼叫認證過濾器-->
<custom-filter ref="casAuthenticationFilter" position="CAS_FILTER"/>
<!--2 呼叫登出過濾器:CAS提供-->
<custom-filter ref="singleLogoutFilter" after="CAS_FILTER"/>
<!--3 呼叫登出過濾器:spring框架提供,請求登出-->
<custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
</http>
<!--==================一:以下是CAS切入點的二個bean:spring框架提供============================-->
<!--1 CAS切入口bean-->
<beans:bean id="casProcessingFilterEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<!--單擊登入伺服器登入url-->
<beans:property name="loginUrl" value="http://localhost:9100/cas/login"/>
<beans:property name="serviceProperties" ref="serviceProperties"/>
</beans:bean>
<!--2 使用者自身工程配置類-->
<beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<!--配置自身工程的根地址-->
<beans:property name="service" value="http://localhost:9003/login/cas"/>
</beans:bean>
<!--CAS切入點結束-->
<!--==================二:以下是認證過濾器的bean==都是spring框架提供的==========================-->
<!--解釋: 第一個bean:認證過濾器找=====>第二個bean認證管理器=====>找第三個bean:認證提供者-->
<!--認證過濾器-->
<beans:bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
</beans:bean>
<!--認證管理類-->
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthenticationProvider">
</authentication-provider>
</authentication-manager>
<!--認證提供者-->
<beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<!--1 認證類:spring框架提供-->
<beans:property name="authenticationUserDetailsService">
<beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:constructor-arg ref="userDetailsService"/>
</beans:bean>
</beans:property>
<!--2 票據驗證器類:CAS提供-->
<beans:property name="ticketValidator">
<beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<!--cas伺服器地址,客戶端拿票據驗證的地址-->
<beans:constructor-arg index="0" value="http://localhost:9100/cas"/>
</beans:bean>
</beans:property>
<!--3 使用者自身工程配置類-->
<beans:property name="serviceProperties" ref="serviceProperties"/>
<!--4 固定寫法-->
<beans:property name="key" value="an_id_for_this_auth_provider_only"/>
</beans:bean>
<!-- 認證類,使用者自己定義的類,上面的bean引用此處,spring框架-->
<beans:bean id="userDetailsService" class="cn.itcast.demo.service.UserDetailsServiceImpl"/>
<!--==========================以下是單擊登出2個bean====================================-->
<!--1 登出過濾器,CAS提供-->
<beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
<!--2 請求登出過濾器,spring框架提供-->
<beans:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg value="http://localhost:9100/cas/logout?service=http://www.baidu.com"/>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/logout/cas"/>
</beans:bean>
</beans:beans>第四步:建立認證類
上面成配置檔案中需要配置使用者自定義認證類,所以這個就是配置的使用者自定義認證類,注意這個不用加標籤,實現介面就可以
package cn.itcast.demo.service;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.core.userdetails.UserDetailsService;
import java.util.ArrayList;
import java.util.List;
//使用者自定義認證類
public class UserDetailsServiceImpl implements UserDetailsService{
//構建角色集合,正常開放從資料庫獲取角色許可權
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
List<GrantedAuthority> authorityList=new ArrayList();
authorityList.add(new SimpleGrantedAuthority("ROLE_USER"));
//返回使用者名稱,密碼,和許可權
//spring-security和cas結合之後,分工,使用者名稱密碼驗證交給了cas,許可權控制交給了security
return new User(username,"",authorityList);
}
}
第五步:測試
瀏覽器直接訪問本專案的地址,就會跳轉到登入頁面,直接登入後另外兩個專案都可以直接進入,而不用登入