This article introduces an example of spring boot integrating CAS Client to implement single sign-in verification. It is shared with you and also leaves a note for yourself. The details are as follows:
Single Sign-On (SSO for short) is one of the most popular solutions for enterprise business integration. SSO allows users to access all mutually trusted application systems in multiple application systems only once.
CAS Client
Responsible for handling access requests to the client protected resources. When it is necessary to authenticate the requesting party, it redirects to CAS Server for authentication. (In principle, client applications no longer accept any username, password, etc.).
Implementation method one: Use a third-party starter
1. Depend on jar
<dependency> <groupId>net.unicon.cas</groupId> <artifactId>cas-client-autoconfig-support</artifactId> <version>1.4.0-GA</version> </dependency>
2. Add configuration files
cas.server-url-prefix=http://127.0.0.1 cas.server-login-url=http://127.0.0.1/login cas.client-host-url=http://192.26.4.28:8080 cas.validation-type=CAS
3. Turn on CAS Client support
@SpringBootApplication @ComponentScan(basePackages={"com.chhliu.emailservice"}) @EnableCasClient // Enable CAS support public class Application extends SpringBootServletInitializer{ public static void main(String[] args) { SpringApplication.run(Application.class, args); } }Through the above 3 steps, you can complete the CAS client authentication!
4. Expand
cas.validation-type currently supports 3 methods: 1. CAS; 2. CAS3; 3. SAML
Other available configurations are as follows:
cas.authentication-url-patterns cas.validation-url-patterns cas.request-wrapper-url-patterns cas.assertion-thread-local-url-patterns cas.gateway cas.use-session cas.redirect-after-validation cas.allowed-proxy-chains cas.proxy-callback-url cas.proxy-receptor-url cas.accept-any-proxy server.context-parameters.renew
The specific meaning can be clearly seen from the name.
Implementation method 2: Manual configuration
We used CAS Client and needed to configure the following in web.xml:
<filter> <filter-name>authenticationFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://127.0.0.1/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://192.26.4.28:8080</param-value> </init-param> </filter> <filter-mapping> <filter-name>authenticationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- This filter is responsible for the verification of Ticket, and it must be enabled --> <filter> <filter-name>validationFilter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceive TicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://127.0.0.1</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://192.26.4.28:8080</param-value> </init-param> <!-- <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>useSession</param-name> <param-value>true</param-value> </init-param> --> </filter> <filter-mapping> <filter-name>validationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- This filter is responsible for implementing the package requested by HttpServletRequest, such as allowing developers to obtain the login name of the SSO logged-in user through the getRemoteUser() method of HttpServletRequest, and optional configuration. --> <filter> <filter-name>httpServletRequestWrapperFilter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>httpServletRequestWrapperFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Therefore, when we configure manually, we need to manually configure the corresponding Filter in the above xml, and the code is as follows:
@Configuration @Component public class CasConfigure { @Bean public FilterRegistrationBean authenticationFilterRegistrationBean() { FilterRegistrationBean authenticationFilter = new FilterRegistrationBean(); authenticationFilter.setFilter(new AuthenticationFilter()); Map<String, String> initParameters = new HashMap<String, String>(); initParameters.put("casServerLoginUrl", "http://127.0.0.1/login"); initParameters.put("serverName", "http://192.26.4.28:8080"); authenticationFilter.setInitParameters(initParameters); authenticationFilter.setOrder(2); List<String> urlPatterns = new ArrayList<String>(); urlPatterns.add("/*");// Set matching url authenticationFilter.setUrlPatterns(urlPatterns); return authenticationFilter; } @Bean public FilterRegistrationBean ValidationFilterRegistrationBean(){ FilterRegistrationBean authenticationFilter = new FilterRegistrationBean(); authenticationFilter.setFilter(new Cas20ProxyReceiveTicketValidationFilter()); Map<String, String> initParameters = new HashMap<String, String>(); initParameters.put("casServerUrlPrefix", "http://127.0.0.1"); initParameters.put("serverName", "http://192.26.4.28:8080"); authenticationFilter.setInitParameters(initParameters); authenticationFilter.setOrder(1); List<String> urlPatterns = new ArrayList<String>(); urlPatterns.add("/*");// Set the matching url authenticationFilter.setUrlPatterns(urlPatterns); return authenticationFilter; } @Bean public FilterRegistrationBean casHttpServletRequestWrapperFilter(){ FilterRegistrationBean authenticationFilter = new FilterRegistrationBean(); authenticationFilter.setFilter(new HttpServletRequestWrapperFilter()); authenticationFilter.setOrder(3); List<String> urlPatterns = new ArrayList<String>(); urlPatterns.add("/*");// Set the matching url authenticationFilter.setUrlPatterns(urlPatterns); return authenticationFilter; } @Bean public FilterRegistrationBean casAssertionThreadLocalFilter(){ FilterRegistrationBean authenticationFilter = new FilterRegistrationBean(); authenticationFilter.setFilter(new AssertionThreadLocalFilter()); authenticationFilter.setOrder(4); List<String> urlPatterns = new ArrayList<String>(); urlPatterns.add("/*");// Set the matching url authenticationFilter.setUrlPatterns(urlPatterns); return authenticationFilter; } } Through the above configuration, the CAS Client authentication can also be completed
The above is all the content of this article. I hope it will be helpful to everyone's learning and I hope everyone will support Wulin.com more.