cas4.0單點登錄的配置
package com.rquest.riskmaster.config;
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.AssertionThreadLocalFilter;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.context.embedded.FilterRegistrationBean;
import org.springframework.boot.context.embedded.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class CasConfiguration {
private static final Logger logger = LoggerFactory.getLogger(CasConfiguration.class);
/**
* CAS過濾器
*
* @return
* @author SHANHY
* @create 2016年1月17日
*/
@Value("${casServerLoginUrl}")
private String casServerLoginUrl;
@Value("${clientServerName}")
private String clientServerName;
@Value("${casServerUrlPrefix}")
private String casServerUrlPrefix;
private static boolean casEnabled = true;
/**
* 用於實現單點登出功能
*/
@Bean
public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() {
ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listener = new ServletListenerRegistrationBean<>();
listener.setEnabled(casEnabled);
listener.setListener(new SingleSignOutHttpSessionListener());
listener.setOrder(1);
return listener;
}
/**
* 該過濾器用於實現單點登出功能,單點退出配置,一定要放在其他filter之前
*/
/* @Bean
public FilterRegistrationBean logOutFilter() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
LogoutFilter logoutFilter = new LogoutFilter(casServerHostLoginUrl ,new SecurityContextLogoutHandler());
filterRegistration.setFilter(logoutFilter);
filterRegistration.setEnabled(casEnabled);
filterRegistration.addUrlPatterns("/logout");
filterRegistration.addInitParameter("casServerUrlPrefix", casServerUrlPrefix);
filterRegistration.addInitParameter("serverName", serverName);
filterRegistration.setOrder(2);
logger.info("logOutFilter===第二啓動");
return filterRegistration;
} */
/**
* 該過濾器用於實現單點登出功能,單點退出配置,一定要放在其他filter之前
*/
@Bean
public FilterRegistrationBean singleSignOutFilter() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
filterRegistration.setFilter(new SingleSignOutFilter());
filterRegistration.setEnabled(casEnabled);
filterRegistration.addUrlPatterns("/*");
filterRegistration.addUrlPatterns("/logout");
filterRegistration.setOrder(3);
return filterRegistration;
}
/**
* 該過濾器負責用戶的認證工作
* cas.server.login.url=https://rquest.sso.cas:8443/cas/login
* server.name=http://localhost:8080
*/
@Bean
public FilterRegistrationBean authenticationFilter() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
filterRegistration.setFilter(new AuthenticationFilter());
filterRegistration.setEnabled(casEnabled);
filterRegistration.addUrlPatterns("/*");
//casServerLoginUrl:cas服務的登陸url
filterRegistration.addInitParameter("casServerLoginUrl", casServerLoginUrl);
//本項目登錄ip+port
filterRegistration.addInitParameter("serverName",clientServerName);
// filterRegistration.addInitParameter("useSession", "true");
filterRegistration.addInitParameter("redirectAfterValidation","true");
filterRegistration.setOrder(4);
return filterRegistration;
}
/**
* 該過濾器負責對Ticket的校驗工作
*/
@Bean
public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
Cas20ProxyReceivingTicketValidationFilter cas20ProxyReceivingTicketValidationFilter = new Cas20ProxyReceivingTicketValidationFilter();
//cas20ProxyReceivingTicketValidationFilter.setTicketValidator(cas20ServiceTicketValidator());
// cas20ProxyReceivingTicketValidationFilter.setServerName(serverName);
filterRegistration.setFilter(cas20ProxyReceivingTicketValidationFilter);
filterRegistration.setEnabled(casEnabled);
filterRegistration.addUrlPatterns("/*");
filterRegistration.addInitParameter("casServerUrlPrefix", casServerUrlPrefix);
filterRegistration.addInitParameter("serverName",clientServerName);
filterRegistration.setOrder(5);
return filterRegistration;
}
/**
* 該過濾器對HttpServletRequest請求包裝, 可通過HttpServletRequest的getRemoteUser()方法獲得登錄用戶的登錄名
*/
@Bean
public FilterRegistrationBean httpServletRequestWrapperFilter() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
filterRegistration.setFilter(new HttpServletRequestWrapperFilter());
filterRegistration.setEnabled(true);
filterRegistration.addUrlPatterns("/*");
filterRegistration.setOrder(6);
return filterRegistration;
}
/**
* 該過濾器使得可以通過org.jasig.cas.client.util.AssertionHolder來獲取用戶的登錄名。
比如AssertionHolder.getAssertion().getPrincipal().getName()。
這個類把Assertion信息放在ThreadLocal變量中,這樣應用程序不在web層也能夠獲取到當前登錄信息
*/
@Bean
public FilterRegistrationBean assertionThreadLocalFilter() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
filterRegistration.setFilter(new AssertionThreadLocalFilter());
filterRegistration.setEnabled(true);
filterRegistration.addUrlPatterns("/*");
filterRegistration.setOrder(7);
return filterRegistration;
}
}
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.AssertionThreadLocalFilter;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.context.embedded.FilterRegistrationBean;
import org.springframework.boot.context.embedded.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class CasConfiguration {
private static final Logger logger = LoggerFactory.getLogger(CasConfiguration.class);
/**
* CAS過濾器
*
* @return
* @author SHANHY
* @create 2016年1月17日
*/
@Value("${casServerLoginUrl}")
private String casServerLoginUrl;
@Value("${clientServerName}")
private String clientServerName;
@Value("${casServerUrlPrefix}")
private String casServerUrlPrefix;
private static boolean casEnabled = true;
/**
* 用於實現單點登出功能
*/
@Bean
public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() {
ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listener = new ServletListenerRegistrationBean<>();
listener.setEnabled(casEnabled);
listener.setListener(new SingleSignOutHttpSessionListener());
listener.setOrder(1);
return listener;
}
/**
* 該過濾器用於實現單點登出功能,單點退出配置,一定要放在其他filter之前
*/
/* @Bean
public FilterRegistrationBean logOutFilter() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
LogoutFilter logoutFilter = new LogoutFilter(casServerHostLoginUrl ,new SecurityContextLogoutHandler());
filterRegistration.setFilter(logoutFilter);
filterRegistration.setEnabled(casEnabled);
filterRegistration.addUrlPatterns("/logout");
filterRegistration.addInitParameter("casServerUrlPrefix", casServerUrlPrefix);
filterRegistration.addInitParameter("serverName", serverName);
filterRegistration.setOrder(2);
logger.info("logOutFilter===第二啓動");
return filterRegistration;
} */
/**
* 該過濾器用於實現單點登出功能,單點退出配置,一定要放在其他filter之前
*/
@Bean
public FilterRegistrationBean singleSignOutFilter() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
filterRegistration.setFilter(new SingleSignOutFilter());
filterRegistration.setEnabled(casEnabled);
filterRegistration.addUrlPatterns("/*");
filterRegistration.addUrlPatterns("/logout");
filterRegistration.setOrder(3);
return filterRegistration;
}
/**
* 該過濾器負責用戶的認證工作
* cas.server.login.url=https://rquest.sso.cas:8443/cas/login
* server.name=http://localhost:8080
*/
@Bean
public FilterRegistrationBean authenticationFilter() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
filterRegistration.setFilter(new AuthenticationFilter());
filterRegistration.setEnabled(casEnabled);
filterRegistration.addUrlPatterns("/*");
//casServerLoginUrl:cas服務的登陸url
filterRegistration.addInitParameter("casServerLoginUrl", casServerLoginUrl);
//本項目登錄ip+port
filterRegistration.addInitParameter("serverName",clientServerName);
// filterRegistration.addInitParameter("useSession", "true");
filterRegistration.addInitParameter("redirectAfterValidation","true");
filterRegistration.setOrder(4);
return filterRegistration;
}
/**
* 該過濾器負責對Ticket的校驗工作
*/
@Bean
public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
Cas20ProxyReceivingTicketValidationFilter cas20ProxyReceivingTicketValidationFilter = new Cas20ProxyReceivingTicketValidationFilter();
//cas20ProxyReceivingTicketValidationFilter.setTicketValidator(cas20ServiceTicketValidator());
// cas20ProxyReceivingTicketValidationFilter.setServerName(serverName);
filterRegistration.setFilter(cas20ProxyReceivingTicketValidationFilter);
filterRegistration.setEnabled(casEnabled);
filterRegistration.addUrlPatterns("/*");
filterRegistration.addInitParameter("casServerUrlPrefix", casServerUrlPrefix);
filterRegistration.addInitParameter("serverName",clientServerName);
filterRegistration.setOrder(5);
return filterRegistration;
}
/**
* 該過濾器對HttpServletRequest請求包裝, 可通過HttpServletRequest的getRemoteUser()方法獲得登錄用戶的登錄名
*/
@Bean
public FilterRegistrationBean httpServletRequestWrapperFilter() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
filterRegistration.setFilter(new HttpServletRequestWrapperFilter());
filterRegistration.setEnabled(true);
filterRegistration.addUrlPatterns("/*");
filterRegistration.setOrder(6);
return filterRegistration;
}
/**
* 該過濾器使得可以通過org.jasig.cas.client.util.AssertionHolder來獲取用戶的登錄名。
比如AssertionHolder.getAssertion().getPrincipal().getName()。
這個類把Assertion信息放在ThreadLocal變量中,這樣應用程序不在web層也能夠獲取到當前登錄信息
*/
@Bean
public FilterRegistrationBean assertionThreadLocalFilter() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
filterRegistration.setFilter(new AssertionThreadLocalFilter());
filterRegistration.setEnabled(true);
filterRegistration.addUrlPatterns("/*");
filterRegistration.setOrder(7);
return filterRegistration;
}
}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.