详解spring boot配置单点登录
作者:赵武灵王 时间:2022-07-27 11:50:11
概述
企业内部一般都有一套单点登录系统(常用的实现有apereo cas),所有的内部系统的登录认证都对接它。本文介绍spring boot的程序如何对接CAS服务。
常用的安全框架有spring security和apache shiro。shiro的配置和使用相对简单,本文使用shrio对接CAS服务。
配置
新增依赖
pom.xml新增:
<properties>
<shiro.version>1.2.4</shiro.version>
</properties>
<dependencies>
<!--Apache Shiro -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-cas</artifactId>
<version>${shiro.version}</version>
</dependency>
</dependencies>
spring boot配置
application.properties
shiro.cas=https://cas.xxx.com # 这是CAS服务的地址
shiro.server=http://127.0.0.1:8080 # 自己应用的地址,测试使用127即可
应用配置
初始化shiro bean,将文件放到任意子包下即可,比如xxx.config,spring boot会自动扫描加载
@Configuration
public class ShiroCasConfiguration {
private static final String casFilterUrlPattern = "/shiro-cas";
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter"));
filterRegistration.addInitParameter("targetFilterLifecycle", "true");
filterRegistration.setEnabled(true);
filterRegistration.addUrlPatterns("/*");
return filterRegistration;
}
@Bean(name = "lifecycleBeanPostProcessor")
public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
@Bean(name = "securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Value("${shiro.cas}") String casServerUrlPrefix,
@Value("${shiro.server}") String shiroServerUrlPrefix) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
CasRealm casRealm = new CasRealm();
casRealm.setDefaultRoles("ROLE_USER");
casRealm.setCasServerUrlPrefix(casServerUrlPrefix);
casRealm.setCasService(shiroServerUrlPrefix + casFilterUrlPattern);
securityManager.setRealm(casRealm);
securityManager.setCacheManager(new MemoryConstrainedCacheManager());
securityManager.setSubjectFactory(new CasSubjectFactory());
return securityManager;
}
private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean) {
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put(casFilterUrlPattern, "casFilter");
filterChainDefinitionMap.put("/login", "anon");
filterChainDefinitionMap.put("/bower_components/**", "anon");//可以将不需要拦截的静态文件目录加进去
filterChainDefinitionMap.put("/logout","logout");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
}
/**
* CAS Filter
*/
@Bean(name = "casFilter")
public CasFilter getCasFilter(@Value("${shiro.cas}") String casServerUrlPrefix,
@Value("${shiro.server}") String shiroServerUrlPrefix) {
CasFilter casFilter = new CasFilter();
casFilter.setName("casFilter");
casFilter.setEnabled(true);
String loginUrl = casServerUrlPrefix + "/login?service=" + shiroServerUrlPrefix + casFilterUrlPattern;
casFilter.setFailureUrl(loginUrl);
return casFilter;
}
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager,
CasFilter casFilter,
@Value("${shiro.cas}") String casServerUrlPrefix,
@Value("${shiro.server}") String shiroServerUrlPrefix) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
String loginUrl = casServerUrlPrefix + "/login?service=" + shiroServerUrlPrefix + casFilterUrlPattern;
shiroFilterFactoryBean.setLoginUrl(loginUrl);
shiroFilterFactoryBean.setSuccessUrl("/");
Map<String, Filter> filters = new HashMap<>();
filters.put("casFilter", casFilter);
LogoutFilter logoutFilter = new LogoutFilter();
logoutFilter.setRedirectUrl(casServerUrlPrefix + "/logout?service=" + shiroServerUrlPrefix);
filters.put("logout",logoutFilter);
shiroFilterFactoryBean.setFilters(filters);
loadShiroFilterChain(shiroFilterFactoryBean);
return shiroFilterFactoryBean;
}
}
程序中获取登录的用户名
上述配置完成后,就可以找程序中获取登录用户的名字了
public String getUsername() {
Subject subject = SecurityUtils.getSubject();
if (subject == null || subject.getPrincipals() == null) {
return DEFAULTUSER;
}
return (String) subject.getPrincipals().getPrimaryPrincipal();
}
总结
shiro使用还是比较简单的,使用的时候只需要修改application.properties即可
来源:http://www.jianshu.com/p/600593b1f366
标签:spring,boot
0
投稿猜你喜欢
C# 数独求解算法的实现
2022-04-04 18:48:57
SpringData JPA中@OneToMany和@ManyToOne的用法详解
2021-10-01 00:49:10
SpringBoot中 Jackson 日期的时区和日期格式问题解决
2021-09-06 19:37:50
妙解Java中的回调机制(CallBack)
2022-07-15 15:25:31
Mybatis generator如何自动生成代码
2023-08-13 10:15:15
c语言动态数组示例
2023-11-02 22:56:44
SpringBoot+Spring Security+JWT实现RESTful Api权限控制的方法
2022-07-18 03:38:36
springboot配置文件中属性变量引用方式@@解读
2023-11-24 20:39:18
Java之操作Redis案例讲解
2023-06-18 03:48:41
C#中HttpWebRequest的用法详解
2023-06-18 22:39:27
我用java实现了王者荣耀的皮肤和英雄技能
2022-01-13 13:44:09
Java Benchmark 基准测试的实例详解
2023-10-08 11:01:02
Java中用enum结合testng实现数据驱动的方法示例
2021-08-04 07:44:21
浅谈java内存管理与内存溢出异常
2022-04-22 15:03:18
Java中List常用操作比for循环更优雅的写法示例
2023-08-08 23:25:14
Java 多线程同步 锁机制与synchronized深入解析
2023-12-20 17:55:50
Spring之spring-context-indexer依赖详解
2023-11-23 12:21:41
Java StringUtils字符串分割转数组的实现
2023-07-19 12:43:37
JVM常量池的深入讲解
2021-09-13 15:54:00
Mybatis中的延迟加载案例解析
2023-02-27 01:55:37
