2.服務端
2.1 下載下傳
cas不建議直接在源碼上修改,提供了一個模闆項目,在模闆項目上做擴充
2.2 部署
項目拉下來之後,導入idea進行編譯打包
或者直接使用
mvn clean package
打成war包 部署到tomcat下
啟動Tomcat cas服務端就部署好了
3.用戶端
3.1簡單接入
- 增加依賴
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<artifactId>spring-boot-test</artifactId>
<groupId>net.unicon.cas</groupId>
<artifactId>cas-client-autoconfig-support</artifactId>
</dependencies>
- 配置過濾器
package com.zhangyao.cas.config;
import org.apache.tomcat.util.net.openssl.ciphers.Authentication;
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.AssertionThreadLocalFilter;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
/**
* @author: zhangyao
* @create:2020-05-08 22:52
**/
@Configuration
public class CasConfig {
@Bean
public SingleSignOutHttpSessionListener singleSignOutHttpSessionListener(){
return new SingleSignOutHttpSessionListener();
}
/**
* 監聽退出
* @return
*/
public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListenerServletListenerRegistrationBean(){
ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listenerServletListenerRegistrationBean = new ServletListenerRegistrationBean<>();
listenerServletListenerRegistrationBean.setEnabled(true);
listenerServletListenerRegistrationBean.setListener(singleSignOutHttpSessionListener());
listenerServletListenerRegistrationBean.setOrder(1);
return listenerServletListenerRegistrationBean;
* 登出攔截器
public FilterRegistrationBean<SingleSignOutFilter> singleSignOutFilterBean(){
FilterRegistrationBean<SingleSignOutFilter> filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setFilter(new SingleSignOutFilter());
filterRegistrationBean.setEnabled(true);
filterRegistrationBean.addUrlPatterns("/*");
filterRegistrationBean.setOrder(1);
HashMap<String,String> map = new HashMap<>();
map.put("casServerUrlPrefix","http://127.0.0.1:8085/cas_overlay_template_war/");
filterRegistrationBean.setInitParameters(map);
return filterRegistrationBean;
* 授權
public FilterRegistrationBean filterRegistrationBean(){
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new AuthenticationFilter());
registrationBean.addUrlPatterns("/*");
map.put("casServerLoginUrl","http://127.0.0.1:8085/cas_overlay_template_war/login");
map.put("serverName", "http://127.0.0.1:8086");
map.put("ignorePattern", "/index");
registrationBean.setInitParameters(map);
registrationBean.setOrder(2);
return registrationBean;
* 驗證票據
public FilterRegistrationBean validationFilter(){
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setFilter(new Cas30ProxyReceivingTicketValidationFilter());
map.put("ignorePattern", "/cas_overlay_template_war/*,/index");
// 取使用者資訊
public FilterRegistrationBean casHttpServletRequestWrapperFilter() {
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new HttpServletRequestWrapperFilter());
authenticationFilter.setOrder(1);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 設定比對的url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
public FilterRegistrationBean casAssertionThreadLocalFilter() {
authenticationFilter.setFilter(new AssertionThreadLocalFilter());
}
- 開啟注解
@SpringBootApplication
@EnableCasClient
public class TestApplication {
public static void main(String[] args) {
SpringApplication.run(TestApplication.class, args);
4.單點登出
實作的效果是: 每一個用戶端登出的時候,cas服務端也需要登出,進而達到一端登出,多端登出的效果
實作方法: 用戶端發送登出請求時,背景跳轉cas服務端登出路徑
package com.zhangyao.cas.controller;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.client.RestTemplate;
import javax.servlet.http.HttpSession;
* @create:2020-05-08 22:58
@Controller
@RequestMapping("")
public class LoginController {
@Autowired
RestTemplate restTemplate;
@GetMapping("/loginOut")
public String test(HttpSession session){
session.invalidate();
// String forObject = restTemplate.getForObject("http://127.0.0.1:8085/cas_overlay_template_war/logout", String.class);
return "redirect:http://127.0.0.1:8085/cas_overlay_template_war/logout?service=http://127.0.0.1:8086/index";
5.cas服務端overlays 打包方式
上文中說到下載下傳後直接mvn clean package即可打包部署,但是當我們想要對服務端進行一些擴充,比如修改預設登入頁,修改登入的驗證方式等
有兩種方法:
- 在package後的war包中直接修改對應的檔案,部署後可直接生效 缺點是每次重新打包修改的檔案都會被覆寫
- 使用cas官方提供的cas_overlay_template項目,也就是我們上文中下載下傳的項目,使用maven 的overlay方式進行合并打包
具體分析overlays
pom.xml中的配置
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>2.6</version>
<configuration>
<warName>cas</warName>
<failOnMissingWebXml>false</failOnMissingWebXml>
<recompressZippedFiles>false</recompressZippedFiles>
<archive>
<compress>false</compress>
<manifestFile>${manifestFileToUse}</manifestFile>
</archive>
<overlays>
<overlay>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp${app.server}</artifactId>
</overlay>
</overlays>
</configuration>
</plugin>
這裡的overlay配置的意思是使用我們主項目中的同名同路徑檔案覆寫cas-server-webapp${app.server}下的檔案