Pac4j 簡介
Pac4j與Shiro,Spring Security一樣都是權限架構,并且提供了OAuth - SAML - CAS - OpenID Connect - HTTP - OpenID - Google App Engine - Kerberos (SPNEGO) 的認證內建。且可以和shiro,security等權限架構內建。
Pac4j CAS認證流程
代碼 關鍵部分
說明: pac4j-cas與shiro的內建是通過過濾器完成cas認證,提供相應的Pac4jRealm來與shiro內建。代碼過多就不一一列出了,詳細的請下載下傳附件,附件中代碼屏蔽了公司相關代碼。自身項目需要保持CAS與非CAS并存是以把CAS登入固定到指定路徑了。
POM
<!--cas認證 -->
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-cas</artifactId>
<version>3.8.3</version>
</dependency>
<!-- pac4j與shiro內建-->
<dependency>
<groupId>io.buji</groupId>
<artifactId>buji-pac4j</artifactId>
<version>4.1.1</version>
</dependency> JAVA配置
//Pac4jConfig.java 配置中
@Bean
public CasConfiguration casConfig() {
final CasConfiguration configuration = new CasConfiguration();
//CAS server登入位址
configuration.setLoginUrl(casServerUrl + "/login");
configuration.setAcceptAnyProxy(true);
configuration.setPrefixUrl(casServerUrl + "/");
//監控CAS服務端登出,登出後銷毀本地session實作雙向登出
DefaultLogoutHandler logoutHandler = new DefaultLogoutHandler();
logoutHandler.setDestroySession(true);
configuration.setLogoutHandler(logoutHandler);
return configuration;
}
//ShiroConfig.java 中
//shiro 過濾器配置中增加SecurityFilter,CallbackFilter ,LogoutFilter
@Bean("shiroFilter")
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//擷取filters
Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();
filters.put("authc", new MySystemFilter());
// cas 資源認證攔截器
SecurityFilter securityFilter = new SecurityFilter();
securityFilter.setConfig(exPac4jConfig);
securityFilter.setClients(clientName);
filters.put("securityFilter", securityFilter);
//cas 認證後回調攔截器
CallbackFilter callbackFilter = new CallbackFilter();
callbackFilter.setConfig(exPac4jConfig);
filters.put("callbackFilter", callbackFilter);
shiroFilterFactoryBean.setFilters(filters);
// 本地登出同步登出CAS伺服器
LogoutFilter pac4jCentralLogout = new LogoutFilter();
pac4jCentralLogout.setConfig(exPac4jConfig);
pac4jCentralLogout.setCentralLogout(true);
pac4jCentralLogout.setLocalLogout(true);
filters.put("pac4jCentralLogout", pac4jCentralLogout);
//攔截器.
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/pac4jCentralLogout", "pac4jCentralLogout");
filterChainDefinitionMap.put("/cas", "securityFilter");
filterChainDefinitionMap.put("/callback", "callbackFilter");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setSuccessUrl("index");
shiroFilterFactoryBean.setUnauthorizedUrl("/error/403");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setAuthenticator(exModularRealmAuthenticator());
List<Realm> realms = new ArrayList<>();
realms.add(exSystemRealm());
// casRealm繼承Pac4jRealm 與shiro的Realm使用方法相同
realms.add(casRealm);
securityManager.setRealms(realms);
securityManager.setCacheManager(redisCacheManager());
//增加pac4jSubjectFactory
securityManager.setSubjectFactory(pac4jSubjectFactory);
securityManager.setRememberMeManager(cookieRememberMeManager());
securityManager.setSessionManager(sessionManager());
return securityManager;
} 問題
- 預設配置不支援CAS登出本地項目退出
重寫ShiroSessionStore見ExShiroSessionStore.java
附件:連結:
https://pan.baidu.com/s/1E-6uTYpOFn2ldAxd_k0XvQ提取碼: 8nhx
![Java小案例——随機數猜測随機數猜測[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)