這篇文章主要介紹shiro+cas實現單點登錄(SSO),搞了三天,參考了網上很多文章,折騰了很久,也學到了很多,在此,總結一下。
1、需要依賴的包:
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-cas</artifactId>
<version>1.2.2</version>
</dependency>
2、web.xml增加內容:
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
3、applicationContext-shiro.xml內容:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd"
default-lazy-init="true">
<description>Shiro安全配置</description>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<!-- 設定角色的登錄鏈接,這裏爲cas登錄頁面的鏈接可配置回調地址 -->
<property name="loginUrl" value="https://www.ppt.com:8443/cas/login?service=http://localhost:8888/Jfmweb/index.jsp" />
<!-- <property name="successUrl" value="/index.jsp"></property> --> <!-- 加這句會出現頁面循壞重定向 -->
<property name="filters">
<map>
<entry key="casFilter" value-ref="casFilter"/>
</map>
</property>
<property name="filterChainDefinitions">
<value>
/index.jsp = casFilter
/ucenter/** = authc,perms["ppt"]
/product/** = authc
/** = anon
</value>
</property>
</bean>
<bean id="casFilter" class="org.apache.shiro.cas.CasFilter">
<property name="failureUrl" value="/common/403.jsp"/>
</bean>
<bean id="shiroDbRealm" class="com.csair.uweb.service.account.ShiroDbRealm">
<property name="casServerUrlPrefix" value="https://www.ppt.com:8443/cas/"/> <!-- 一定是ip+port+context path -->
<property name="casService" value="http://localhost:8888/Jfmweb/index.jsp"/> <!-- 沒有這句,認證不會通過,casfilter失敗 -->
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="shiroDbRealm"/>
<property name="subjectFactory" ref="casSubjectFactory"/>
</bean>
<bean id="casSubjectFactory" class="org.apache.shiro.cas.CasSubjectFactory"/>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
<property name="arguments" ref="securityManager"/>
</bean>
</beans>
4、自定義realm:
public class ShiroDbRealm extends CasRealm {
private Logger log = Logger.getLogger(ShiroDbRealm.class);
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
try {
System.out.println("授權");
String username = (String)principals.getPrimaryPrincipal();
log.info("cas realm username:" + username);
SimpleAuthorizationInfo author = new SimpleAuthorizationInfo();
author.addRole("role");
author.addStringPermission("permission");
author.addStringPermission("ppt");
return author;
} catch(Exception e) {
e.printStackTrace();
}
return null;
}
public static class ShiroUser implements Serializable {
private static final long serialVersionUID = -3041131129273959698L;
public long id;
public String name;
public long type;
public String account;
}
}
到此就可以了。下面說說,其中遇到的問題:
1、頁面一直提示循壞重定向,經測試,原來是加多了這個:<property name="successUrl" value="/index.jsp"></property>
2、提示這個錯:Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target是因爲證書問題,訪問的域名,一定是證書的所有者:所有者:CN=www.ppt.com, OU=www.ppt.com, O=www.ppt.com, L=www.ppt.com, ST=www.ppt.com, C=cn這裏的www.ppt.com這個錯誤折騰了我兩天,滿滿的都是淚啊。還有一個ticket驗證不通過,也是這個原因。
3、這個錯誤: [org.jasig.cas.client.util.XmlUtils] - org.xml.sax.SAXParseException: The reference to entity "locale" must end with the ';' delimiter.是因爲<property name="casServerUrlPrefix" value="https://www.ppt.com:8443/cas/"/>這裏的value是IP+PORT+context path就夠了,再加上login的話,就會報錯。
4、一直停留在首頁跳轉頁面(http://localhost:8888/Jfmweb/index.jsp),是因爲少了這個:/index.jsp = casFilter
三個問題,搞了三天,繼續加油。