服务器之家

服务器之家 > 正文

详解Spring Boot 使用Spring security 集成CAS

时间:2020-10-28 15:21     来源/作者:成立_ChengLi

1.创建工程

创建Maven工程:springboot-security-cas

2.加入依赖

创建工程后,打开pom.xml,在pom.xml中加入以下内容:

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.4.3.RELEASE</version>
  </parent>
  <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <java.version>1.8</java.version>
  </properties>
  <dependencies>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter</artifactId>
    </dependency>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <!-- security starter Poms -->
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <!-- security 对CAS支持 -->
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-cas</artifactId>
    </dependency>
    <!-- security taglibs -->
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-taglibs</artifactId>
    </dependency>
    <!-- 热加载 -->
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-devtools</artifactId>
      <optional>true</optional>
    </dependency>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-configuration-processor</artifactId>
      <optional>true</optional>
    </dependency>
  </dependencies>
  <build>
    <plugins>
      <plugin>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-maven-plugin</artifactId>
      </plugin>
    </plugins>
  </build>

3.创建application.properties

创建application.properties文件,加入以下内容:

?
1
2
3
4
5
6
7
8
9
10
11
12
#CAS服务地址
cas.server.host.url=http://localhost:8081/cas
#CAS服务登录地址
cas.server.host.login_url=${cas.server.host.url}/login
#CAS服务登出地址
cas.server.host.logout_url=${cas.server.host.url}/logout?service=${app.server.host.url}
#应用访问地址
app.server.host.url=http://localhost:8080
#应用登录地址
app.login.url=/login
#应用登出地址
app.logout.url=/logout

4.创建入口启动类(MainConfig)

创建入口启动类MainConfig,完整代码如下:

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
package com.chengli.springboot;
 
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
 
@RestController
@SpringBootApplication
public class MainConfig {
  public static void main(String[] args) {
    SpringApplication.run(MainConfig.class, args);
  }
 
  @RequestMapping("/")
  public String index() {
    return "访问了首页哦";
  }
 
  @RequestMapping("/hello")
  public String hello() {
    return "不验证哦";
  }
 
  @PreAuthorize("hasAuthority('TEST')")//有TEST权限的才能访问
  @RequestMapping("/security")
  public String security() {
    return "hello world security";
  }
 
  @PreAuthorize("hasAuthority('ADMIN')")//必须要有ADMIN权限的才能访问
  @RequestMapping("/authorize")
  public String authorize() {
    return "有权限访问";
  }
   
  /**这里注意的是,TEST与ADMIN只是权限编码,可以自己定义一套规则,根据实际情况即可*/
}

5.创建Security配置类(SecurityConfig)

创建Security配置类SecurityConfig,完整代码如下:

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
package com.chengli.springboot.security;
 
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
 
import com.chengli.springboot.custom.CustomUserDetailsService;
import com.chengli.springboot.properties.CasProperties;
 
@Configuration
@EnableWebSecurity //启用web权限
@EnableGlobalMethodSecurity(prePostEnabled = true) //启用方法验证
public class SecurityConfig extends WebSecurityConfigurerAdapter {
  @Autowired
  private CasProperties casProperties;
   
  /**定义认证用户信息获取来源,密码校验规则等*/
  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    super.configure(auth);
    auth.authenticationProvider(casAuthenticationProvider());
    //inMemoryAuthentication 从内存中获取
    //auth.inMemoryAuthentication().withUser("chengli").password("123456").roles("USER")
    //.and().withUser("admin").password("123456").roles("ADMIN");
     
    //jdbcAuthentication从数据库中获取,但是默认是以security提供的表结构
    //usersByUsernameQuery 指定查询用户SQL
    //authoritiesByUsernameQuery 指定查询权限SQL
    //auth.jdbcAuthentication().dataSource(dataSource).usersByUsernameQuery(query).authoritiesByUsernameQuery(query);
     
    //注入userDetailsService,需要实现userDetailsService接口
    //auth.userDetailsService(userDetailsService);
  }
   
  /**定义安全策略*/
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()//配置安全策略
      //.antMatchers("/","/hello").permitAll()//定义/请求不需要验证
      .anyRequest().authenticated()//其余的所有请求都需要验证
      .and()
    .logout()
      .permitAll()//定义logout不需要验证
      .and()
    .formLogin();//使用form表单登录
     
    http.exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint())
      .and()
      .addFilter(casAuthenticationFilter())
      .addFilterBefore(casLogoutFilter(), LogoutFilter.class)
      .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class);
     
    //http.csrf().disable(); //禁用CSRF
  }
   
  /**认证的入口*/
  @Bean
  public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
    CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
    casAuthenticationEntryPoint.setLoginUrl(casProperties.getCasServerLoginUrl());
    casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
    return casAuthenticationEntryPoint;
  }
   
  /**指定service相关信息*/
  @Bean
  public ServiceProperties serviceProperties() {
    ServiceProperties serviceProperties = new ServiceProperties();
    serviceProperties.setService(casProperties.getAppServerUrl() + casProperties.getAppLoginUrl());
    serviceProperties.setAuthenticateAllArtifacts(true);
    return serviceProperties;
  }
   
  /**CAS认证过滤器*/
  @Bean
  public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
    CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
    casAuthenticationFilter.setAuthenticationManager(authenticationManager());
    casAuthenticationFilter.setFilterProcessesUrl(casProperties.getAppLoginUrl());
    return casAuthenticationFilter;
  }
   
  /**cas 认证 Provider*/
  @Bean
  public CasAuthenticationProvider casAuthenticationProvider() {
    CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
    casAuthenticationProvider.setAuthenticationUserDetailsService(customUserDetailsService());
    //casAuthenticationProvider.setUserDetailsService(customUserDetailsService()); //这里只是接口类型,实现的接口不一样,都可以的。
    casAuthenticationProvider.setServiceProperties(serviceProperties());
    casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
    casAuthenticationProvider.setKey("casAuthenticationProviderKey");
    return casAuthenticationProvider;
  }
   
  /*@Bean
  public UserDetailsService customUserDetailsService(){
    return new CustomUserDetailsService();
  }*/
   
  /**用户自定义的AuthenticationUserDetailsService*/
  @Bean
  public AuthenticationUserDetailsService<CasAssertionAuthenticationToken> customUserDetailsService(){
    return new CustomUserDetailsService();
  }
   
  @Bean
  public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
    return new Cas20ServiceTicketValidator(casProperties.getCasServerUrl());
  }
   
  /**单点登出过滤器*/
  @Bean
  public SingleSignOutFilter singleSignOutFilter() {
    SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
    singleSignOutFilter.setCasServerUrlPrefix(casProperties.getCasServerUrl());
    singleSignOutFilter.setIgnoreInitConfiguration(true);
    return singleSignOutFilter;
  }
   
  /**请求单点退出过滤器*/
  @Bean
  public LogoutFilter casLogoutFilter() {
    LogoutFilter logoutFilter = new LogoutFilter(casProperties.getCasServerLogoutUrl(), new SecurityContextLogoutHandler());
    logoutFilter.setFilterProcessesUrl(casProperties.getAppLogoutUrl());
    return logoutFilter;
  }
}

6.用户自定义类

(1)定义CasProperties,用于将properties文件指定的内容注入以方便使用,这里不注入也是可以的,可以获取Spring 当前的环境,代码如下:

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
package com.chengli.springboot.properties;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
 
/**
 * CAS的配置参数
 * @author ChengLi
 */
@Component
public class CasProperties {
  @Value("${cas.server.host.url}")
  private String casServerUrl;
 
  @Value("${cas.server.host.login_url}")
  private String casServerLoginUrl;
 
  @Value("${cas.server.host.logout_url}")
  private String casServerLogoutUrl;
 
  @Value("${app.server.host.url}")
  private String appServerUrl;
 
  @Value("${app.login.url}")
  private String appLoginUrl;
 
  @Value("${app.logout.url}")
  private String appLogoutUrl;
......省略 getters setters 方法
}

(2)定义CustomUserDetailsService类,代码如下:

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package com.chengli.springboot.custom;
 
import java.util.HashSet;
import java.util.Set;
 
import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
/**
 * 用于加载用户信息 实现UserDetailsService接口,或者实现AuthenticationUserDetailsService接口
 * @author ChengLi
 *
 */
public class CustomUserDetailsService /*
  //实现UserDetailsService接口,实现loadUserByUsername方法
  implements UserDetailsService {
  @Override
  public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    System.out.println("当前的用户名是:"+username);
    //这里我为了方便,就直接返回一个用户信息,实际当中这里修改为查询数据库或者调用服务什么的来获取用户信息
    UserInfo userInfo = new UserInfo();
    userInfo.setUsername("admin");
    userInfo.setName("admin");
    Set<AuthorityInfo> authorities = new HashSet<AuthorityInfo>();
    AuthorityInfo authorityInfo = new AuthorityInfo("TEST");
    authorities.add(authorityInfo);
    userInfo.setAuthorities(authorities);
    return userInfo;
  }*/
   
   
  //实现AuthenticationUserDetailsService,实现loadUserDetails方法
  implements AuthenticationUserDetailsService<CasAssertionAuthenticationToken> {
 
  @Override
  public UserDetails loadUserDetails(CasAssertionAuthenticationToken token) throws UsernameNotFoundException {
    System.out.println("当前的用户名是:"+token.getName());
    /*这里我为了方便,就直接返回一个用户信息,实际当中这里修改为查询数据库或者调用服务什么的来获取用户信息*/
    UserInfo userInfo = new UserInfo();
    userInfo.setUsername("admin");
    userInfo.setName("admin");
    Set<AuthorityInfo> authorities = new HashSet<AuthorityInfo>();
    AuthorityInfo authorityInfo = new AuthorityInfo("TEST");
    authorities.add(authorityInfo);
    userInfo.setAuthorities(authorities);
    return userInfo;
  }
 
}

(3)定义AuthorityInfo类,用于加载当前登录用户的权限信息,实现GrantedAuthority接口,代码如下:

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
package com.chengli.springboot.custom;
 
import org.springframework.security.core.GrantedAuthority;
 
/**
 * 权限信息
 *
 * @author ChengLi
 *
 */
public class AuthorityInfo implements GrantedAuthority {
  private static final long serialVersionUID = -175781100474818800L;
 
  /**
   * 权限CODE
   */
  private String authority;
 
  public AuthorityInfo(String authority) {
    this.authority = authority;
  }
 
  @Override
  public String getAuthority() {
    return authority;
  }
 
  public void setAuthority(String authority) {
    this.authority = authority;
  }
 
}

(4)定义UserInfo类,用于加载当前用户信息,实现UserDetails接口,代码如下:

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
package com.chengli.springboot.custom;
 
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
 
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
 
/**
 * 用户信息
 * @、这里我写了几个较为常用的字段,id,name,username,password,可以根据实际的情况自己增加
 * @author ChengLi
 *
 */
public class UserInfo implements UserDetails {
  private static final long serialVersionUID = -1041327031937199938L;
 
  /**
   * 用户ID
   */
  private Long id;
 
  /**
   * 用户名称
   */
  private String name;
 
  /**
   * 登录名称
   */
  private String username;
 
  /**
   * 登录密码
   */
  private String password;
 
  private boolean isAccountNonExpired = true;
 
  private boolean isAccountNonLocked = true;
 
  private boolean isCredentialsNonExpired = true;
 
  private boolean isEnabled = true;
 
  private Set<AuthorityInfo> authorities = new HashSet<AuthorityInfo>();
....省略getters setters 方法
}

到这里基本就已经完成了,运行CAS Server ,将以上的application.properties文件中的地址修改为实际的地址即可运行。

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持服务器之家。

原文链接:http://blog.csdn.net/cl_andywin/article/details/53998986

相关文章

热门资讯

2020微信伤感网名听哭了 让对方看到心疼的伤感网名大全
2020微信伤感网名听哭了 让对方看到心疼的伤感网名大全 2019-12-26
Intellij idea2020永久破解,亲测可用!!!
Intellij idea2020永久破解,亲测可用!!! 2020-07-29
歪歪漫画vip账号共享2020_yy漫画免费账号密码共享
歪歪漫画vip账号共享2020_yy漫画免费账号密码共享 2020-04-07
电视剧《琉璃》全集在线观看 琉璃美人煞1-59集免费观看地址
电视剧《琉璃》全集在线观看 琉璃美人煞1-59集免费观看地址 2020-08-12
最新idea2020注册码永久激活(激活到2100年)
最新idea2020注册码永久激活(激活到2100年) 2020-07-29
返回顶部