重庆分公司,新征程启航
为企业提供网站建设、域名注册、服务器等服务
今天就跟大家聊聊有关在Spring Boot 中使用Spring security 如何实现对CAS进行集成,可能很多人都不太了解,为了让大家更加了解,小编给大家总结了以下内容,希望大家根据这篇文章可以有所收获。
让客户满意是我们工作的目标,不断超越客户的期望值来自于我们对这个行业的热爱。我们立志把好的技术通过有效、简单的方式提供给客户,将通过不懈努力成为客户在信息化领域值得信任、有价值的长期合作伙伴,公司提供的服务项目有:域名注册、网站空间、营销软件、网站建设、沙坪坝网站维护、网站推广。
1.创建工程
创建Maven工程:springboot-security-cas
2.加入依赖
创建工程后,打开pom.xml,在pom.xml中加入以下内容:
org.springframework.boot spring-boot-starter-parent 1.4.3.RELEASE UTF-8 1.8 org.springframework.boot spring-boot-starter org.springframework.boot spring-boot-starter-web org.springframework.boot spring-boot-starter-security org.springframework.security spring-security-cas org.springframework.security spring-security-taglibs org.springframework.boot spring-boot-devtools true org.springframework.boot spring-boot-configuration-processor true org.springframework.boot spring-boot-maven-plugin
3.创建application.properties
创建application.properties文件,加入以下内容:
#CAS服务地址 cas.server.host.url=http://localhost:8081/cas #CAS服务登录地址 cas.server.host.login_url=${cas.server.host.url}/login #CAS服务登出地址 cas.server.host.logout_url=${cas.server.host.url}/logout?service=${app.server.host.url} #应用访问地址 app.server.host.url=http://localhost:8080 #应用登录地址 app.login.url=/login #应用登出地址 app.logout.url=/logout
4.创建入口启动类(MainConfig)
创建入口启动类MainConfig,完整代码如下:
package com.chengli.springboot; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; @RestController @SpringBootApplication public class MainConfig { public static void main(String[] args) { SpringApplication.run(MainConfig.class, args); } @RequestMapping("/") public String index() { return "访问了首页哦"; } @RequestMapping("/hello") public String hello() { return "不验证哦"; } @PreAuthorize("hasAuthority('TEST')")//有TEST权限的才能访问 @RequestMapping("/security") public String security() { return "hello world security"; } @PreAuthorize("hasAuthority('ADMIN')")//必须要有ADMIN权限的才能访问 @RequestMapping("/authorize") public String authorize() { return "有权限访问"; } /**这里注意的是,TEST与ADMIN只是权限编码,可以自己定义一套规则,根据实际情况即可*/ }
5.创建Security配置类(SecurityConfig)
创建Security配置类SecurityConfig,完整代码如下:
package com.chengli.springboot.security; import org.jasig.cas.client.session.SingleSignOutFilter; import org.jasig.cas.client.validation.Cas20ServiceTicketValidator; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.cas.ServiceProperties; import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken; import org.springframework.security.cas.authentication.CasAuthenticationProvider; import org.springframework.security.cas.web.CasAuthenticationEntryPoint; import org.springframework.security.cas.web.CasAuthenticationFilter; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.AuthenticationUserDetailsService; import org.springframework.security.web.authentication.logout.LogoutFilter; import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler; import com.chengli.springboot.custom.CustomUserDetailsService; import com.chengli.springboot.properties.CasProperties; @Configuration @EnableWebSecurity //启用web权限 @EnableGlobalMethodSecurity(prePostEnabled = true) //启用方法验证 public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private CasProperties casProperties; /**定义认证用户信息获取来源,密码校验规则等*/ @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { super.configure(auth); auth.authenticationProvider(casAuthenticationProvider()); //inMemoryAuthentication 从内存中获取 //auth.inMemoryAuthentication().withUser("chengli").password("123456").roles("USER") //.and().withUser("admin").password("123456").roles("ADMIN"); //jdbcAuthentication从数据库中获取,但是默认是以security提供的表结构 //usersByUsernameQuery 指定查询用户SQL //authoritiesByUsernameQuery 指定查询权限SQL //auth.jdbcAuthentication().dataSource(dataSource).usersByUsernameQuery(query).authoritiesByUsernameQuery(query); //注入userDetailsService,需要实现userDetailsService接口 //auth.userDetailsService(userDetailsService); } /**定义安全策略*/ @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests()//配置安全策略 //.antMatchers("/","/hello").permitAll()//定义/请求不需要验证 .anyRequest().authenticated()//其余的所有请求都需要验证 .and() .logout() .permitAll()//定义logout不需要验证 .and() .formLogin();//使用form表单登录 http.exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint()) .and() .addFilter(casAuthenticationFilter()) .addFilterBefore(casLogoutFilter(), LogoutFilter.class) .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class); //http.csrf().disable(); //禁用CSRF } /**认证的入口*/ @Bean public CasAuthenticationEntryPoint casAuthenticationEntryPoint() { CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint(); casAuthenticationEntryPoint.setLoginUrl(casProperties.getCasServerLoginUrl()); casAuthenticationEntryPoint.setServiceProperties(serviceProperties()); return casAuthenticationEntryPoint; } /**指定service相关信息*/ @Bean public ServiceProperties serviceProperties() { ServiceProperties serviceProperties = new ServiceProperties(); serviceProperties.setService(casProperties.getAppServerUrl() + casProperties.getAppLoginUrl()); serviceProperties.setAuthenticateAllArtifacts(true); return serviceProperties; } /**CAS认证过滤器*/ @Bean public CasAuthenticationFilter casAuthenticationFilter() throws Exception { CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter(); casAuthenticationFilter.setAuthenticationManager(authenticationManager()); casAuthenticationFilter.setFilterProcessesUrl(casProperties.getAppLoginUrl()); return casAuthenticationFilter; } /**cas 认证 Provider*/ @Bean public CasAuthenticationProvider casAuthenticationProvider() { CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider(); casAuthenticationProvider.setAuthenticationUserDetailsService(customUserDetailsService()); //casAuthenticationProvider.setUserDetailsService(customUserDetailsService()); //这里只是接口类型,实现的接口不一样,都可以的。 casAuthenticationProvider.setServiceProperties(serviceProperties()); casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator()); casAuthenticationProvider.setKey("casAuthenticationProviderKey"); return casAuthenticationProvider; } /*@Bean public UserDetailsService customUserDetailsService(){ return new CustomUserDetailsService(); }*/ /**用户自定义的AuthenticationUserDetailsService*/ @Bean public AuthenticationUserDetailsServicecustomUserDetailsService(){ return new CustomUserDetailsService(); } @Bean public Cas20ServiceTicketValidator cas20ServiceTicketValidator() { return new Cas20ServiceTicketValidator(casProperties.getCasServerUrl()); } /**单点登出过滤器*/ @Bean public SingleSignOutFilter singleSignOutFilter() { SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter(); singleSignOutFilter.setCasServerUrlPrefix(casProperties.getCasServerUrl()); singleSignOutFilter.setIgnoreInitConfiguration(true); return singleSignOutFilter; } /**请求单点退出过滤器*/ @Bean public LogoutFilter casLogoutFilter() { LogoutFilter logoutFilter = new LogoutFilter(casProperties.getCasServerLogoutUrl(), new SecurityContextLogoutHandler()); logoutFilter.setFilterProcessesUrl(casProperties.getAppLogoutUrl()); return logoutFilter; } }
6.用户自定义类
(1)定义CasProperties,用于将properties文件指定的内容注入以方便使用,这里不注入也是可以的,可以获取Spring 当前的环境,代码如下:
package com.chengli.springboot.properties; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; /** * CAS的配置参数 * @author ChengLi */ @Component public class CasProperties { @Value("${cas.server.host.url}") private String casServerUrl; @Value("${cas.server.host.login_url}") private String casServerLoginUrl; @Value("${cas.server.host.logout_url}") private String casServerLogoutUrl; @Value("${app.server.host.url}") private String appServerUrl; @Value("${app.login.url}") private String appLoginUrl; @Value("${app.logout.url}") private String appLogoutUrl; ......省略 getters setters 方法 }
(2)定义CustomUserDetailsService类,代码如下:
package com.chengli.springboot.custom; import java.util.HashSet; import java.util.Set; import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken; import org.springframework.security.core.userdetails.AuthenticationUserDetailsService; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UsernameNotFoundException; /** * 用于加载用户信息 实现UserDetailsService接口,或者实现AuthenticationUserDetailsService接口 * @author ChengLi * */ public class CustomUserDetailsService /* //实现UserDetailsService接口,实现loadUserByUsername方法 implements UserDetailsService { @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { System.out.println("当前的用户名是:"+username); //这里我为了方便,就直接返回一个用户信息,实际当中这里修改为查询数据库或者调用服务什么的来获取用户信息 UserInfo userInfo = new UserInfo(); userInfo.setUsername("admin"); userInfo.setName("admin"); Setauthorities = new HashSet (); AuthorityInfo authorityInfo = new AuthorityInfo("TEST"); authorities.add(authorityInfo); userInfo.setAuthorities(authorities); return userInfo; }*/ //实现AuthenticationUserDetailsService,实现loadUserDetails方法 implements AuthenticationUserDetailsService { @Override public UserDetails loadUserDetails(CasAssertionAuthenticationToken token) throws UsernameNotFoundException { System.out.println("当前的用户名是:"+token.getName()); /*这里我为了方便,就直接返回一个用户信息,实际当中这里修改为查询数据库或者调用服务什么的来获取用户信息*/ UserInfo userInfo = new UserInfo(); userInfo.setUsername("admin"); userInfo.setName("admin"); Set authorities = new HashSet (); AuthorityInfo authorityInfo = new AuthorityInfo("TEST"); authorities.add(authorityInfo); userInfo.setAuthorities(authorities); return userInfo; } }
(3)定义AuthorityInfo类,用于加载当前登录用户的权限信息,实现GrantedAuthority接口,代码如下:
package com.chengli.springboot.custom; import org.springframework.security.core.GrantedAuthority; /** * 权限信息 * * @author ChengLi * */ public class AuthorityInfo implements GrantedAuthority { private static final long serialVersionUID = -175781100474818800L; /** * 权限CODE */ private String authority; public AuthorityInfo(String authority) { this.authority = authority; } @Override public String getAuthority() { return authority; } public void setAuthority(String authority) { this.authority = authority; } }
(4)定义UserInfo类,用于加载当前用户信息,实现UserDetails接口,代码如下:
package com.chengli.springboot.custom; import java.util.Collection; import java.util.HashSet; import java.util.Set; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; /** * 用户信息 * @、这里我写了几个较为常用的字段,id,name,username,password,可以根据实际的情况自己增加 * @author ChengLi * */ public class UserInfo implements UserDetails { private static final long serialVersionUID = -1041327031937199938L; /** * 用户ID */ private Long id; /** * 用户名称 */ private String name; /** * 登录名称 */ private String username; /** * 登录密码 */ private String password; private boolean isAccountNonExpired = true; private boolean isAccountNonLocked = true; private boolean isCredentialsNonExpired = true; private boolean isEnabled = true; private Setauthorities = new HashSet (); ....省略getters setters 方法 }
到这里基本就已经完成了,运行CAS Server ,将以上的application.properties文件中的地址修改为实际的地址即可运行。
看完上述内容,你们对在Spring Boot 中使用Spring security 如何实现对CAS进行集成有进一步的了解吗?如果还想了解更多知识或者相关内容,请关注创新互联行业资讯频道,感谢大家的支持。