当前位置: 首页 > 编程笔记 >

详解Spring Boot 使用Spring security 集成CAS

胡泓
2023-03-14
本文向大家介绍详解Spring Boot 使用Spring security 集成CAS,包括了详解Spring Boot 使用Spring security 集成CAS的使用技巧和注意事项,需要的朋友参考一下

1.创建工程

创建Maven工程:springboot-security-cas

2.加入依赖

创建工程后,打开pom.xml,在pom.xml中加入以下内容:

<parent> 
    <groupId>org.springframework.boot</groupId> 
    <artifactId>spring-boot-starter-parent</artifactId> 
    <version>1.4.3.RELEASE</version> 
  </parent> 
  <properties> 
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> 
    <java.version>1.8</java.version> 
  </properties> 
  <dependencies> 
    <dependency> 
      <groupId>org.springframework.boot</groupId> 
      <artifactId>spring-boot-starter</artifactId> 
    </dependency> 
    <dependency> 
      <groupId>org.springframework.boot</groupId> 
      <artifactId>spring-boot-starter-web</artifactId> 
    </dependency> 
    <!-- security starter Poms --> 
    <dependency> 
      <groupId>org.springframework.boot</groupId> 
      <artifactId>spring-boot-starter-security</artifactId> 
    </dependency> 
    <!-- security 对CAS支持 --> 
    <dependency> 
      <groupId>org.springframework.security</groupId> 
      <artifactId>spring-security-cas</artifactId> 
    </dependency> 
    <!-- security taglibs --> 
    <dependency> 
      <groupId>org.springframework.security</groupId> 
      <artifactId>spring-security-taglibs</artifactId> 
    </dependency> 
    <!-- 热加载 --> 
    <dependency> 
      <groupId>org.springframework.boot</groupId> 
      <artifactId>spring-boot-devtools</artifactId> 
      <optional>true</optional> 
    </dependency> 
    <dependency> 
      <groupId>org.springframework.boot</groupId> 
      <artifactId>spring-boot-configuration-processor</artifactId> 
      <optional>true</optional> 
    </dependency> 
  </dependencies> 
  <build> 
    <plugins> 
      <plugin> 
        <groupId>org.springframework.boot</groupId> 
        <artifactId>spring-boot-maven-plugin</artifactId> 
      </plugin> 
    </plugins> 
  </build> 

3.创建application.properties

创建application.properties文件,加入以下内容:

#CAS服务地址 
cas.server.host.url=http://localhost:8081/cas 
#CAS服务登录地址 
cas.server.host.login_url=${cas.server.host.url}/login 
#CAS服务登出地址 
cas.server.host.logout_url=${cas.server.host.url}/logout?service=${app.server.host.url} 
#应用访问地址 
app.server.host.url=http://localhost:8080 
#应用登录地址 
app.login.url=/login 
#应用登出地址 
app.logout.url=/logout 

4.创建入口启动类(MainConfig)

创建入口启动类MainConfig,完整代码如下:

package com.chengli.springboot; 
 
import org.springframework.boot.SpringApplication; 
import org.springframework.boot.autoconfigure.SpringBootApplication; 
import org.springframework.security.access.prepost.PreAuthorize; 
import org.springframework.web.bind.annotation.RequestMapping; 
import org.springframework.web.bind.annotation.RestController; 
 
@RestController 
@SpringBootApplication 
public class MainConfig { 
  public static void main(String[] args) { 
    SpringApplication.run(MainConfig.class, args); 
  } 
 
  @RequestMapping("/") 
  public String index() { 
    return "访问了首页哦"; 
  } 
 
  @RequestMapping("/hello") 
  public String hello() { 
    return "不验证哦"; 
  } 
 
  @PreAuthorize("hasAuthority('TEST')")//有TEST权限的才能访问 
  @RequestMapping("/security") 
  public String security() { 
    return "hello world security"; 
  } 
 
  @PreAuthorize("hasAuthority('ADMIN')")//必须要有ADMIN权限的才能访问 
  @RequestMapping("/authorize") 
  public String authorize() { 
    return "有权限访问"; 
  } 
   
  /**这里注意的是,TEST与ADMIN只是权限编码,可以自己定义一套规则,根据实际情况即可*/ 
} 

5.创建Security配置类(SecurityConfig)

创建Security配置类SecurityConfig,完整代码如下:

package com.chengli.springboot.security; 
 
import org.jasig.cas.client.session.SingleSignOutFilter; 
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator; 
import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.context.annotation.Bean; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.security.cas.ServiceProperties; 
import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken; 
import org.springframework.security.cas.authentication.CasAuthenticationProvider; 
import org.springframework.security.cas.web.CasAuthenticationEntryPoint; 
import org.springframework.security.cas.web.CasAuthenticationFilter; 
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService; 
import org.springframework.security.web.authentication.logout.LogoutFilter; 
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler; 
 
import com.chengli.springboot.custom.CustomUserDetailsService; 
import com.chengli.springboot.properties.CasProperties; 
 
@Configuration 
@EnableWebSecurity //启用web权限 
@EnableGlobalMethodSecurity(prePostEnabled = true) //启用方法验证 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 
  @Autowired 
  private CasProperties casProperties; 
   
  /**定义认证用户信息获取来源,密码校验规则等*/ 
  @Override 
  protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
    super.configure(auth); 
    auth.authenticationProvider(casAuthenticationProvider()); 
    //inMemoryAuthentication 从内存中获取 
    //auth.inMemoryAuthentication().withUser("chengli").password("123456").roles("USER") 
    //.and().withUser("admin").password("123456").roles("ADMIN"); 
     
    //jdbcAuthentication从数据库中获取,但是默认是以security提供的表结构 
    //usersByUsernameQuery 指定查询用户SQL 
    //authoritiesByUsernameQuery 指定查询权限SQL 
    //auth.jdbcAuthentication().dataSource(dataSource).usersByUsernameQuery(query).authoritiesByUsernameQuery(query); 
     
    //注入userDetailsService,需要实现userDetailsService接口 
    //auth.userDetailsService(userDetailsService); 
  } 
   
  /**定义安全策略*/ 
  @Override 
  protected void configure(HttpSecurity http) throws Exception { 
    http.authorizeRequests()//配置安全策略 
      //.antMatchers("/","/hello").permitAll()//定义/请求不需要验证 
      .anyRequest().authenticated()//其余的所有请求都需要验证 
      .and() 
    .logout() 
      .permitAll()//定义logout不需要验证 
      .and() 
    .formLogin();//使用form表单登录 
     
    http.exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint()) 
      .and() 
      .addFilter(casAuthenticationFilter()) 
      .addFilterBefore(casLogoutFilter(), LogoutFilter.class) 
      .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class); 
     
    //http.csrf().disable(); //禁用CSRF 
  } 
   
  /**认证的入口*/ 
  @Bean 
  public CasAuthenticationEntryPoint casAuthenticationEntryPoint() { 
    CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint(); 
    casAuthenticationEntryPoint.setLoginUrl(casProperties.getCasServerLoginUrl()); 
    casAuthenticationEntryPoint.setServiceProperties(serviceProperties()); 
    return casAuthenticationEntryPoint; 
  } 
   
  /**指定service相关信息*/ 
  @Bean 
  public ServiceProperties serviceProperties() { 
    ServiceProperties serviceProperties = new ServiceProperties(); 
    serviceProperties.setService(casProperties.getAppServerUrl() + casProperties.getAppLoginUrl()); 
    serviceProperties.setAuthenticateAllArtifacts(true); 
    return serviceProperties; 
  } 
   
  /**CAS认证过滤器*/ 
  @Bean 
  public CasAuthenticationFilter casAuthenticationFilter() throws Exception { 
    CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter(); 
    casAuthenticationFilter.setAuthenticationManager(authenticationManager()); 
    casAuthenticationFilter.setFilterProcessesUrl(casProperties.getAppLoginUrl()); 
    return casAuthenticationFilter; 
  } 
   
  /**cas 认证 Provider*/ 
  @Bean 
  public CasAuthenticationProvider casAuthenticationProvider() { 
    CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider(); 
    casAuthenticationProvider.setAuthenticationUserDetailsService(customUserDetailsService()); 
    //casAuthenticationProvider.setUserDetailsService(customUserDetailsService()); //这里只是接口类型,实现的接口不一样,都可以的。 
    casAuthenticationProvider.setServiceProperties(serviceProperties()); 
    casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator()); 
    casAuthenticationProvider.setKey("casAuthenticationProviderKey"); 
    return casAuthenticationProvider; 
  } 
   
  /*@Bean 
  public UserDetailsService customUserDetailsService(){ 
    return new CustomUserDetailsService(); 
  }*/ 
   
  /**用户自定义的AuthenticationUserDetailsService*/ 
  @Bean 
  public AuthenticationUserDetailsService<CasAssertionAuthenticationToken> customUserDetailsService(){ 
    return new CustomUserDetailsService(); 
  } 
   
  @Bean 
  public Cas20ServiceTicketValidator cas20ServiceTicketValidator() { 
    return new Cas20ServiceTicketValidator(casProperties.getCasServerUrl()); 
  } 
   
  /**单点登出过滤器*/ 
  @Bean 
  public SingleSignOutFilter singleSignOutFilter() { 
    SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter(); 
    singleSignOutFilter.setCasServerUrlPrefix(casProperties.getCasServerUrl()); 
    singleSignOutFilter.setIgnoreInitConfiguration(true); 
    return singleSignOutFilter; 
  } 
   
  /**请求单点退出过滤器*/ 
  @Bean 
  public LogoutFilter casLogoutFilter() { 
    LogoutFilter logoutFilter = new LogoutFilter(casProperties.getCasServerLogoutUrl(), new SecurityContextLogoutHandler()); 
    logoutFilter.setFilterProcessesUrl(casProperties.getAppLogoutUrl()); 
    return logoutFilter; 
  } 
} 

6.用户html" target="_blank">自定义类

(1)定义CasProperties,用于将properties文件指定的内容注入以方便使用,这里不注入也是可以的,可以获取Spring 当前的环境,代码如下:

package com.chengli.springboot.properties; 
import org.springframework.beans.factory.annotation.Value; 
import org.springframework.stereotype.Component; 
 
/** 
 * CAS的配置参数 
 * @author ChengLi 
 */ 
@Component 
public class CasProperties { 
  @Value("${cas.server.host.url}") 
  private String casServerUrl; 
 
  @Value("${cas.server.host.login_url}") 
  private String casServerLoginUrl; 
 
  @Value("${cas.server.host.logout_url}") 
  private String casServerLogoutUrl; 
 
  @Value("${app.server.host.url}") 
  private String appServerUrl; 
 
  @Value("${app.login.url}") 
  private String appLoginUrl; 
 
  @Value("${app.logout.url}") 
  private String appLogoutUrl; 
......省略 getters setters 方法 
} 

(2)定义CustomUserDetailsService类,代码如下:

package com.chengli.springboot.custom; 
 
import java.util.HashSet; 
import java.util.Set; 
 
import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken; 
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService; 
import org.springframework.security.core.userdetails.UserDetails; 
import org.springframework.security.core.userdetails.UsernameNotFoundException; 
 
/** 
 * 用于加载用户信息 实现UserDetailsService接口,或者实现AuthenticationUserDetailsService接口 
 * @author ChengLi 
 * 
 */ 
public class CustomUserDetailsService /* 
  //实现UserDetailsService接口,实现loadUserByUsername方法 
  implements UserDetailsService { 
  @Override 
  public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 
    System.out.println("当前的用户名是:"+username); 
    //这里我为了方便,就直接返回一个用户信息,实际当中这里修改为查询数据库或者调用服务什么的来获取用户信息 
    UserInfo userInfo = new UserInfo(); 
    userInfo.setUsername("admin"); 
    userInfo.setName("admin"); 
    Set<AuthorityInfo> authorities = new HashSet<AuthorityInfo>(); 
    AuthorityInfo authorityInfo = new AuthorityInfo("TEST"); 
    authorities.add(authorityInfo); 
    userInfo.setAuthorities(authorities); 
    return userInfo; 
  }*/ 
   
   
  //实现AuthenticationUserDetailsService,实现loadUserDetails方法 
  implements AuthenticationUserDetailsService<CasAssertionAuthenticationToken> { 
 
  @Override 
  public UserDetails loadUserDetails(CasAssertionAuthenticationToken token) throws UsernameNotFoundException { 
    System.out.println("当前的用户名是:"+token.getName()); 
    /*这里我为了方便,就直接返回一个用户信息,实际当中这里修改为查询数据库或者调用服务什么的来获取用户信息*/ 
    UserInfo userInfo = new UserInfo(); 
    userInfo.setUsername("admin"); 
    userInfo.setName("admin"); 
    Set<AuthorityInfo> authorities = new HashSet<AuthorityInfo>(); 
    AuthorityInfo authorityInfo = new AuthorityInfo("TEST"); 
    authorities.add(authorityInfo); 
    userInfo.setAuthorities(authorities); 
    return userInfo; 
  } 
 
} 

(3)定义AuthorityInfo类,用于加载当前登录用户的权限信息,实现GrantedAuthority接口,代码如下:

package com.chengli.springboot.custom; 
 
import org.springframework.security.core.GrantedAuthority; 
 
/** 
 * 权限信息 
 * 
 * @author ChengLi 
 * 
 */ 
public class AuthorityInfo implements GrantedAuthority { 
  private static final long serialVersionUID = -175781100474818800L; 
 
  /** 
   * 权限CODE 
   */ 
  private String authority; 
 
  public AuthorityInfo(String authority) { 
    this.authority = authority; 
  } 
 
  @Override 
  public String getAuthority() { 
    return authority; 
  } 
 
  public void setAuthority(String authority) { 
    this.authority = authority; 
  } 
 
} 

(4)定义UserInfo类,用于加载当前用户信息,实现UserDetails接口,代码如下:

package com.chengli.springboot.custom; 
 
import java.util.Collection; 
import java.util.HashSet; 
import java.util.Set; 
 
import org.springframework.security.core.GrantedAuthority; 
import org.springframework.security.core.userdetails.UserDetails; 
 
/** 
 * 用户信息 
 * @、这里我写了几个较为常用的字段,id,name,username,password,可以根据实际的情况自己增加 
 * @author ChengLi 
 * 
 */ 
public class UserInfo implements UserDetails { 
  private static final long serialVersionUID = -1041327031937199938L; 
 
  /** 
   * 用户ID 
   */ 
  private Long id; 
 
  /** 
   * 用户名称 
   */ 
  private String name; 
 
  /** 
   * 登录名称 
   */ 
  private String username; 
 
  /** 
   * 登录密码 
   */ 
  private String password; 
 
  private boolean isAccountNonExpired = true; 
 
  private boolean isAccountNonLocked = true; 
 
  private boolean isCredentialsNonExpired = true; 
 
  private boolean isEnabled = true; 
 
  private Set<AuthorityInfo> authorities = new HashSet<AuthorityInfo>(); 
....省略getters setters 方法 
} 

到这里基本就已经完成了,运行CAS Server ,将以上的application.properties文件中的地址修改为实际的地址即可运行。

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持小牛知识库。

 类似资料:
  • 本文向大家介绍详解SpringBoot之集成Spring AOP,包括了详解SpringBoot之集成Spring AOP的使用技巧和注意事项,需要的朋友参考一下 在开始之前,我们先把需要的jar包添加到工程里。新增Maven依赖如下:  接下来,我们进入正题。这里的涉及的通知类型有:前置通知、后置最终通知、后置返回通知、后置异常通知、环绕通知,下面我们就具体的来看一下怎么在SpringBoot中

  • 本文向大家介绍springboot集成springsecurity 使用OAUTH2做权限管理的教程,包括了springboot集成springsecurity 使用OAUTH2做权限管理的教程的使用技巧和注意事项,需要的朋友参考一下 Spring Security OAuth2 主要配置,注意application.yml最后的配置resource filter顺序配置,不然会能获取token但

  • 本文向大家介绍详解SpringBoot+Dubbo集成ELK实战,包括了详解SpringBoot+Dubbo集成ELK实战的使用技巧和注意事项,需要的朋友参考一下 前言 一直以来,日志始终伴随着我们的开发和运维过程。当系统出现了Bug,往往就是通过Xshell连接到服务器,定位到日志文件,一点点排查问题来源。 随着互联网的快速发展,我们的系统越来越庞大。依赖肉眼分析日志文件来排查问题的方式渐渐凸显

  • 本文向大家介绍Springboot中@Value的使用详解,包括了Springboot中@Value的使用详解的使用技巧和注意事项,需要的朋友参考一下 Springboot通过@Value注解将配置文件中的属性注入到容器内组件中(可用在@Controller、@Service、@Configuration、@Component等Spring托管的类中)  1.普通字符串注入 例:yml中存在key

  • 我有几个繁重的Spring集成测试(是的,这不是最好的方法,我没有时间正确地模拟所有外部dep) 下面是测试的典型注释 由于以下原因,测试会定期失败: 这里有两个问题:1、让测试共存的正确方式是什么?我在surefire插件中设置了forkCount=0。好像有帮助 2.1. 在每次测试期间,我实际上不需要启动所有的

  • 一、简介 Storm-Redis 提供了 Storm 与 Redis 的集成支持,你只需要引入对应的依赖即可使用: <dependency> <groupId>org.apache.storm</groupId> <artifactId>storm-redis</artifactId> <version>${storm.version}</version> <typ