访问服务 -> 丁香认证 -> 用户认证 -> 发放票据 -> 验证票据 -> 传递用户信息
Step 1. 步骤一:配置Tomcat 下载Tomcat(建议8以上版本)
//复制war包进入web-apps,运行Tomcat
sudo sh startup.sh
sh shutdown.sh
1.修改端口号 (1) tomcat-config-service.xml中修改为9100(protocol=“HTTP/1.1”) (2) cas-WEB-INF-cas.properties中修改为9100(server.name=http://localhost:9100)
2.去除https认证(secure) 避开SSL证书,方便测试和编码过程。 (1) cas-WEB-INF-deployerConfigContext.xml中修改requireSecure
<bean id="proxyAuthenticationHandler" class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" p:requireSecure="false"/>
(2) cas-WEB-INF-spring-configuration-ticketGrantingTicketCookieGenerator.xml中修改
p:cookieSecure="false"
p:cookieMaxAge="3600" <!-- cookie有效时间为3600s -->
(3) cas-WEB-INF-spring-configuration-warnCookieGenerator.xml中修改
p:cookieSecure="false"
p:cookieMaxAge="3600"
3.允许退出登录后重定向到其他页面(…?service=…) cas-WEB-INF-spring-configuration-warnCookieGenerator.xml中修改
<bean id="logoutAction" class="org.jasig.cas.web.flow.LogoutAction" p:servicesManager-ref="servicesManager" p:followServiceRedirects="${cas.logout.followServiceRedirects:true}"/>
导入相应的依赖:
<dependency>
<groupId>net.unicon.cas</groupId>
<artifactId>cas-client-autoconfig-support</artifactId>
<version>1.4.0-GA</version>
</dependency>
application.properties配置:
server.port=9001
cas.server-url-prefix=http://cas.server.com:8443/cas
cas.server-login-url=http://cas.server.com:8443/cas/login
cas.client-host-url=http://cas.client1.com:9001
cas.use-session=true
cas.validation-type=cas
#自定义的退出url,退出成功后跳转到 http://cas.client1.com:9001/logout/success
casClientLogoutUrl=http://cas.server.com:8443/cas/logout?service=http://cas.client1.com:9001/logout/success
Springboot 启动类添加标签@EnableCasClient
,启用CAS Client。
自定义Controller类,添加login和logout逻辑。
Config类需要配置忽略授权的URL:
@Configuration
public class CASConfig {
@Value("${cas.server-url-prefix}")
private String serverUrlPrefix;
@Value("${cas.server-login-url}")
private String serverLoginUrl;
@Value("${cas.client-host-url}")
private String clientHostUrl;
/**
* 授权过滤器,添加一个id为filterAuthenticationRegistration的bean标签
* @return
*/
@Bean
public FilterRegistrationBean filterAuthenticationRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new AuthenticationFilter());
// 设定匹配的路径
registration.addUrlPatterns("/*");
Map<String,String> initParameters = new HashMap<String, String>();
initParameters.put("casServerLoginUrl", serverUrlPrefix);
initParameters.put("serverName", clientHostUrl);
//忽略的url,"|"分隔多个url
initParameters.put("ignorePattern", "/logout/success|/index.html|.xml|/filename/*");
registration.setInitParameters(initParameters);
// 设定加载的顺序
registration.setOrder(1);
return registration;
}
}