承接前文Springboot security cas整合方案-原理篇,请在理解原理的情况下再查看实践篇

maven环境

  1.         <dependency>
  2.             <groupId>org.springframework.boot</groupId>
  3.             <artifactId>spring-boot-starter-security</artifactId>
  4.         </dependency>
  5.         <!-- 添加spring security cas支持 -->
  6.         <dependency>
  7.         	<groupId>org.springframework.security</groupId>
  8.         	<artifactId>spring-security-cas</artifactId>
  9.         </dependency>

cas基础配置

包含配置文件以及对应的VO类

  1. src/main/resources/application-cas.yml
  1.     cas:
  2.      server:
  3.        host:
  4.         url: http://192.168.1.101/cas #cas服务地址
  5.         login_url: /login #登录地址
  6.         logout_url: /logout #注销地址
  8.     app:
  9.      server:
  10.       host:
  11.         url: http://localhost:8080/web-cas #本应用访问地址
  12.      login:
  13.         url: /login/cas	#本应用登录地址
  14.      logout:
  15.         url: /logout #本应用退出地址
  1. 对应的VO类,应用@Component注解加载
  1.     @Component
  2.     public class AcmCasProperties {
  4. 	@Value("${cas.server.host.url}")
  5. 	private String casServerPrefix;
  7. 	@Value("${cas.server.host.login_url}")
  8. 	private String casServerLoginUrl;
  10. 	@Value("${cas.server.host.logout_url}")
  11. 	private String casServerLogoutUrl;
  13. 	@Value("${app.server.host.url}")
  14. 	private String appServicePrefix;
  16. 	@Value("${app.login.url}")
  17. 	private String appServiceLoginUrl;
  19. 	@Value("${app.logout.url}")
  20. 	private String appServiceLogoutUrl;
  22. 	public String getCasServerPrefix() {
  23. 		return LocalIpUtil.replaceTrueIpIfLocalhost(casServerPrefix);
  24. 	}
  26. 	public void setCasServerPrefix(String casServerPrefix) {
  27. 		this.casServerPrefix = casServerPrefix;
  28. 	}
  30. 	public String getCasServerLoginUrl() {
  31. 		return casServerLoginUrl;
  32. 	}
  34. 	public void setCasServerLoginUrl(String casServerLoginUrl) {
  35. 		this.casServerLoginUrl = casServerLoginUrl;
  36. 	}
  38. 	public String getCasServerLogoutUrl() {
  39. 		return casServerLogoutUrl;
  40. 	}
  42. 	public void setCasServerLogoutUrl(String casServerLogoutUrl) {
  43. 		this.casServerLogoutUrl = casServerLogoutUrl;
  44. 	}
  46. 	public String getAppServicePrefix() {
  47. 		return LocalIpUtil.replaceTrueIpIfLocalhost(appServicePrefix);
  48. 	}
  50. 	public void setAppServicePrefix(String appServicePrefix) {
  51. 		this.appServicePrefix = appServicePrefix;
  52. 	}
  54. 	public String getAppServiceLoginUrl() {
  55. 		return appServiceLoginUrl;
  56. 	}
  58. 	public void setAppServiceLoginUrl(String appServiceLoginUrl) {
  59. 		this.appServiceLoginUrl = appServiceLoginUrl;
  60. 	}
  62. 	public String getAppServiceLogoutUrl() {
  63. 		return appServiceLogoutUrl;
  64. 	}
  66. 	public void setAppServiceLogoutUrl(String appServiceLogoutUrl) {
  67. 		this.appServiceLogoutUrl = appServiceLogoutUrl;
  68. 	}
  70.     }
  1. 其中用到了LocalIpUtil工具类,主要是替换localhost或者域名为真实的ip
  1.     public class LocalIpUtil
  2.     {
  3.       private static Logger logger = LoggerFactory.getLogger(LocalIpUtil.class);
  4.       private static final String WINDOWS = "WINDOWS";
  6.       public static void main(String[] args)
  7.       {
  8.         String url = "http://127.0.0.1:8080/client1";
  10.         System.out.println(replaceTrueIpIfLocalhost(url));
  11.       }
  13.       public static String replaceTrueIpIfLocalhost(String url) {
  14.         String localIp = getLocalIp();
  16.         if ((url.contains("localhost")) || (url.contains("127.0.0.1"))) {
  17.           url = url.replaceAll("localhost", localIp).replaceAll("127.0.0.1", localIp);
  18.         }
  19.         return url;
  20.       }
  22.       private static String getLocalIp()
  23.       {
  24.         String os = System.getProperty("os.name").toUpperCase();
  25.         String address = "";
  26.         if (os.contains("WINDOWS"))
  27.           try {
  28.             address = InetAddress.getLocalHost().getHostAddress();
  29.           } catch (UnknownHostException e) {
  30.             logger.error("windows获取本地IP出错", e);
  31.           }
  32.         else {
  33.           address = getLinuxIP();
  34.         }
  35.         return address;
  36.       }
  38.       private static String getLinuxIP()
  39.       {
  40.         String address = "";
  41.         try
  42.         {
  43.           Enumeration allNetInterfaces = NetworkInterface.getNetworkInterfaces();
  44.           InetAddress ip = null;
  45.           while (allNetInterfaces.hasMoreElements()) {
  46.             NetworkInterface netInterface = (NetworkInterface)allNetInterfaces.nextElement();
  47.             if ((netInterface.isUp()) && (!netInterface.isLoopback()) && (!netInterface.isVirtual()))
  48.             {
  49.               Enumeration addresses = netInterface.getInetAddresses();
  50.               while (addresses.hasMoreElements()) {
  51.                 ip = (InetAddress)addresses.nextElement();
  52.                 if ((!ip.isLoopbackAddress()) &&
  53.                   (ip != null) && ((ip instanceof Inet4Address)))
  54.                   address = ip.getHostAddress();
  55.               }
  56.             }
  57.           }
  58.         } catch (SocketException e) {
  59.           logger.error("linux获取本地IP出错", e);
  60.         }
  61.         return address;
  62.   }

Springboot 应用cas配置

src/main/resources/application.yml应用application-cas.yml

  1. 	spring:
  2. 	  profiles:
  3. 	    active: cas

Springboot 配置cas过滤链

这里采用@Configuration@Bean注解来完成,包括LogoutFilterSingleSignOutFilterticket校验器service配置对象cas凭证校验器ProviderCasAuthenticationEntryPoint-cas认证入口

  1. @Configuration
  2. public class AcmCasConfiguration {
  4. 	@Resource
  5. 	private AcmCasProperties acmCasProperties;
  7. 	/**
  8. 	 * 设置客户端service的属性
  9. 	 * <p>
  10. 	 * 主要设置请求cas服务端后的回调路径,一般为主页地址,不可为登录地址
  11. 	 *
  12. 	 * </p>
  13. 	 *
  14. 	 * @return
  15. 	 */
  16. 	@Bean
  17. 	public ServiceProperties serviceProperties() {
  18. 		ServiceProperties serviceProperties = new ServiceProperties();
  19. 		// 设置回调的service路径,此为主页路径
  20. 		serviceProperties.setService(acmCasProperties.getAppServicePrefix() + "/index.html");
  21. 		// 对所有的未拥有ticket的访问均需要验证
  22. 		serviceProperties.setAuthenticateAllArtifacts(true);
  24. 		return serviceProperties;
  25. 	}
  27. 	/**
  28. 	 * 配置ticket校验器
  29. 	 *
  30. 	 * @return
  31. 	 */
  32. 	@Bean
  33. 	public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
  34. 		// 配置上服务端的校验ticket地址
  35. 		return new Cas20ServiceTicketValidator(acmCasProperties.getCasServerPrefix());
  36. 	}
  38. 	/**
  39. 	 * 单点注销,接受cas服务端发出的注销session请求
  40. 	 *
  41. 	 * @see SingleLogout(SLO) Front or Back Channel
  42. 	 *
  43. 	 * @return
  44. 	 */
  45. 	@Bean
  46. 	public SingleSignOutFilter singleSignOutFilter() {
  47. 		SingleSignOutFilter outFilter = new SingleSignOutFilter();
  48. 		// 设置cas服务端路径前缀,应用于front channel的注销请求
  49. 		outFilter.setCasServerUrlPrefix(acmCasProperties.getCasServerPrefix());
  50. 		outFilter.setIgnoreInitConfiguration(true);
  52. 		return outFilter;
  53. 	}
  55. 	/**
  56. 	 * 单点请求cas客户端退出Filter类
  57. 	 *
  58. 	 * 请求/logout,转发至cas服务端进行注销
  59. 	 */
  60. 	@Bean
  61. 	public LogoutFilter logoutFilter() {
  62. 		// 设置回调地址,以免注销后页面不再跳转
  63. 		StringBuilder logoutRedirectPath = new StringBuilder();
  64. 		logoutRedirectPath.append(acmCasProperties.getCasServerPrefix())
  65. 				.append(acmCasProperties.getCasServerLogoutUrl()).append("?service=")
  66. 				.append(acmCasProperties.getAppServicePrefix());
  68. 		LogoutFilter logoutFilter = new LogoutFilter(logoutRedirectPath.toString(), new SecurityContextLogoutHandler());
  70. 		logoutFilter.setFilterProcessesUrl(acmCasProperties.getAppServiceLogoutUrl());
  71. 		return logoutFilter;
  72. 	}
  74. 	/**
  75. 	 * 创建cas校验类
  76. 	 *
  77. 	 * <p>
  78. 	 * <b>Notes:</b> TicketValidator、AuthenticationUserDetailService属性必须设置;
  79. 	 * serviceProperties属性主要应用于ticketValidator用于去cas服务端检验ticket
  80. 	 * </p>
  81. 	 *
  82. 	 * @return
  83. 	 */
  84. 	@Bean("casProvider")
  85. 	public CasAuthenticationProvider casAuthenticationProvider(
  86. 			AuthenticationUserDetailsService<CasAssertionAuthenticationToken> userDetailsService) {
  87. 		CasAuthenticationProvider provider = new CasAuthenticationProvider();
  88. 		provider.setKey("casProvider");
  89. 		provider.setServiceProperties(serviceProperties());
  90. 		provider.setTicketValidator(cas20ServiceTicketValidator());
  91. 		provider.setAuthenticationUserDetailsService(userDetailsService);
  93. 		return provider;
  94. 	}
  96. 	/**
  97. 	 * ==============================================================
  98. 	 * ==============================================================
  99. 	 */
  101. 	/**
  102. 	 * 认证的入口,即跳转至服务端的cas地址
  103. 	 *
  104. 	 * <p>
  105. 	 * <b>Note:</b>浏览器访问不可直接填客户端的login请求,若如此则会返回Error页面,无法被此入口拦截
  106. 	 * </p>
  107. 	 */
  108. 	@Bean
  109. 	public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
  110. 		CasAuthenticationEntryPoint entryPoint = new CasAuthenticationEntryPoint();
  111. 		entryPoint.setServiceProperties(serviceProperties());
  112. 		entryPoint.setLoginUrl(acmCasProperties.getCasServerPrefix() + acmCasProperties.getCasServerLoginUrl());
  114. 		return entryPoint;
  115. 	}
  116. }

下面对上述的AuthenticationUserDetailsService需要手动配置下,用于权限集合的获取

配置cas获取权限集合的AuthenticationUserDetailsService

  1. @Component
  2. public class AcmCasUserDetailService implements AuthenticationUserDetailsService<CasAssertionAuthenticationToken> {
  4. 	private static final Logger USER_SERVICE_LOGGER = LoggerFactory.getLogger(AcmCasUserDetailService.class);
  6. 	@Resource
  7. 	private TSysUserDao tsysUserDAO;
  9. 	@Override
  10. 	public UserDetails loadUserDetails(CasAssertionAuthenticationToken token) throws UsernameNotFoundException {
  11. 		USER_SERVICE_LOGGER.info("校验成功的登录名为: " + token.getName());
  12. 		//此处涉及到数据库操作然后读取权限集合,读者可自行实现
  13. 		SysUser sysUser = tsysUserDAO.findByUserName(token.getName());
  14. 		if (null == sysUser) {
  15. 			throw new UsernameNotFoundException("username isn't exsited in log-cms");
  16. 		}
  17. 		return sysUser;
  18. 	}
  20. }

示例中的SysUser实现了UserDetail接口,实现的方法代码如下

  1.     @Override
  2.     public Collection<? extends GrantedAuthority> getAuthorities() {
  3.         List<GrantedAuthority> auths = new ArrayList<>();
  4. 	    //获取用户对应的角色集合
  5.         List<SysRole> roles = this.getSysRoles();
  6.         for (SysRole role : roles) {
  7. 	        //手动加上ROLE_前缀
  8.             auths.add(new SimpleGrantedAuthority(SercurityConstants.prefix+role.getRoleName()));
  9.         }
  10.         return auths;
  11.     }

FilterSecurityInterceptor配置

需要配置权限的认证过滤链

  1. @Component
  2. public class CasFilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
  3.     @Resource
  4.     private FilterInvocationSecurityMetadataSource securityMetadataSource;
  6.     @Resource
  7.     public void setMyAccessDecisionManager(AccessDecisionManager myAccessDecisionManager) {
  8.         super.setAccessDecisionManager(myAccessDecisionManager);
  9.     }
  11.     @Override
  12.     public void init(FilterConfig filterConfig) throws ServletException {
  14.     }
  16.     @Override
  17.     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
  18.         FilterInvocation fi = new FilterInvocation(servletRequest, servletResponse, filterChain);
  19.         invoke(fi);
  20.     }
  21.     private void invoke(FilterInvocation fi) throws IOException, ServletException {
  22.         //fi里面有一个被拦截的url
  23.         //里面调用CasInvocationSecurityMetadataSource的getAttributes(Object object)这个方法获取fi对应的所有权限
  24.         //再调用CasAccessDecisionManager的decide方法来校验用户的权限是否足够
  25.         InterceptorStatusToken token = super.beforeInvocation(fi);
  26.         try {
  27.         //执行下一个拦截器
  28.             fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
  29.         } finally {
  30.             super.afterInvocation(token, null);
  31.         }
  32.     }
  34.     @Override
  35.     public void destroy() {
  37.     }
  39.     @Override
  40.     public Class<?> getSecureObjectClass() {
  41.         return FilterInvocation.class;
  42.     }
  44.     @Override
  45.     public SecurityMetadataSource obtainSecurityMetadataSource() {
  46.         return this.securityMetadataSource;
  47.     }
  48. }

其中还涉及到SecurityMetadataSource-当前访问路径的权限获取AccessDecisionManager-授权处理器

SecurityMetadataSource-当前访问路径的权限获取

  1. @Component
  2. public class CasInvocationSecurityMetadataSourceService implements FilterInvocationSecurityMetadataSource {
  3.     private final TSysMenuDao tSysMenuDao;
  4.     private final HashSet<Pattern> patterns;
  6.     private final Logger logger = LoggerFactory.getLogger(this.getClass());
  8.     @Autowired
  9.     public MyInvocationSecurityMetadataSourceService(TSysMenuDao tSysMenuDao,FilterStatic filterStatic) {
  10.         this.tSysMenuDao = tSysMenuDao;
  11.         patterns = new HashSet<>();
  12.         //可通过配置过滤路径,这里就省略不写了,写法与AcmCasProperties一致
  13.         for (String filter:filterStatic.getStaticFilters()){
  14.            String regex= filter.replace("**","*").replace("*",".*");
  15.            patterns.add(Pattern.compile(regex));
  16.         }
  17.     }
  19.     /**
  20.      * 查找url对应的角色
  21.      */
  22.     public  Collection<ConfigAttribute> loadResourceDefine(String url){
  23.         Collection<ConfigAttribute> array=new ArrayList<>();
  24.         ConfigAttribute cfg;
  25.         SysMenu permission = tSysMenuDao.findMeneRoles(url);
  26.         if (permission !=null) {
  27.             for (String role :permission.getRoles().split(",")){
  28.                 cfg = new SecurityConfig(role);
  29.                 //此处只添加了用户的名字,其实还可以添加更多权限的信息,例如请求方法到ConfigAttribute的集合中去。此处添加的信息将会作为CasAccessDecisionManager类的decide的第三个参数。
  30.                 array.add(cfg);
  31.             }
  32.             return array;
  33.         }
  34.         return null;
  36.     }
  38.     @Override
  39.     public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
  40.         //object 中包含用户请求的request 信息
  41.         HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
  42.         String url = request.getRequestURI();
  43.         url = url.replaceFirst(request.getContextPath(), "");
  44.         logger.info(url);
  46.         //将请求的url与配置文件中不需要访问控制的url进行匹配
  47.         Iterator<Pattern> patternIterator=patterns.iterator();
  48.         while (patternIterator.hasNext()){
  49.             Pattern pattern = patternIterator.next();
  50.             Matcher matcher=pattern.matcher(url);
  51.             if (matcher.find())
  52.                 return null;
  53.         }
  54.         return loadResourceDefine(url);
  55.     }
  57.     @Override
  58.     public Collection<ConfigAttribute> getAllConfigAttributes() {
  59.         return null;
  60.     }
  62.     @Override
  63.     public boolean supports(Class<?> aClass) {
  64.         return true;
  65.     }
  66. }

AccessDecisionManager-授权处理器

承接上面的SecurityMetadataSource获取到的权限集合configAttributes,此处对此验证

  1. @Component
  2. public class CasAccessDecisionManager implements AccessDecisionManager {
  4. 	/**
  5. 	 * @param authentication 当前用户权限信息
  6. 	 * @param o 请求信息
  7. 	 * @param configAttributes 当前访问的url对应的角色
  8. 	 */
  9.     @Override
  10.     public void decide(Authentication authentication, Object o, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
  11.         //没有角色要求则返回
  12.     	if(null== configAttributes || configAttributes.size() <=0) {
  13.             return;
  14.         }
  15.         //比较当前用户角色和当前访问的url对应的角色,是否拥有对应权限
  16.         ConfigAttribute c;
  17.         String needRole;
  18.         for(Iterator<ConfigAttribute> iter = configAttributes.iterator(); iter.hasNext(); ) {
  19.             c = iter.next();
  20.             needRole = c.getAttribute();
  21.             for(GrantedAuthority ga : authentication.getAuthorities()) {//authentication 为在注释1 中循环添加到 GrantedAuthority 对象中的权限信息集合
  22.                 if((SercurityConstants.prefix+needRole.trim()).equals(ga.getAuthority())) {
  23.                     return;
  24.                 }
  25.             }
  26.         }
  27.         throw new AccessDeniedException("no right");
  28.     }
  30.     @Override
  31.     public boolean supports(ConfigAttribute configAttribute) {
  32.         return true;
  33.     }
  35.     @Override
  36.     public boolean supports(Class<?> aClass) {
  37.         return true;
  38.     }
  39. }

总入口配置

主要是结合spring security进行相应的设置,因为CasAuthenticationFilter需要设置AuthenticationManager对象,所以放在总入口这里配置

  1. @Configuration
  2. @EnableWebSecurity
  3. //如果依赖数据库读取角色等,则需要配置
  4. @AutoConfigureAfter(MyBatisMapperScannerConfig.class)
  5. public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
  6. 	/**
  7. 	 * 自定义动态权限过滤器
  8. 	 */
  9. 	@Resource
  10. 	private final CasFilterSecurityInterceptor myFilterSecurityInterceptor;
  12. 	@Resource
  13. 	private final FilterStatic filterStatic;
  15. 	/**
  16. 	 * 自定义过滤规则及其安全配置
  17. 	 */
  18. 	@Override
  19. 	protected void configure(HttpSecurity http) throws Exception {
  20. 		// HeadersConfigurer
  21. 		http.headers().frameOptions().disable();
  23. 		// CsrfConfigurer
  24. 		http.csrf().disable();
  26. 		// ExpressionInterceptUrlRegistry
  27. 		http.authorizeRequests().anyRequest().authenticated().anyRequest().fullyAuthenticated();
  29. 		// acm cas策略
  30. 		// 对logout请求放行
  31. 		http.logout().permitAll();
  32. 		// 入口
  33. 		CasAuthenticationEntryPoint entryPoint = getApplicationContext().getBean(CasAuthenticationEntryPoint.class);
  34. 		CasAuthenticationFilter casAuthenticationFilter = getApplicationContext()
  35. 					.getBean(CasAuthenticationFilter.class);
  36. 		SingleSignOutFilter singleSignOutFilter = getApplicationContext().getBean(SingleSignOutFilter.class);
  37. 		LogoutFilter logoutFilter = getApplicationContext().getBean(LogoutFilter.class);
  38. 			/**
  39. 			 * 执行顺序为
  40. 			 * LogoutFilter-->SingleSignOutFilter-->CasAuthenticationFilter-->
  41. 			 * ExceptionTranslationFilter
  42. 			 */
  43. 			http.exceptionHandling().authenticationEntryPoint(entryPoint).and().addFilter(casAuthenticationFilter)
  44. 					.addFilterBefore(logoutFilter, LogoutFilter.class)
  45. 					.addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class);
  46. 		}
  47. 		// addFilter
  48. 	http.addFilterBefore(myFilterSecurityInterceptor, FilterSecurityInterceptor.class);
  49. 	}
  51. 	@Autowired
  52. 	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
  53. 			//放入cas凭证校验器
  54. 			AuthenticationProvider authenticationProvider = (AuthenticationProvider) getApplicationContext()
  55. 					.getBean("casProvider");
  56. 			auth.authenticationProvider(authenticationProvider);
  58. 	}
  60. 	@Override
  61. 	public void configure(WebSecurity web) throws Exception {
  62. 		// 静态文静过滤
  63. 		String[] filter = filterStatic.getStaticFilters().toArray(new String[0]);
  64. 		web.ignoring().antMatchers(filter);
  65. 	}
  67. 	/**
  68. 	 * cas filter类
  69. 	 *
  70. 	 * 针对/login请求的校验
  71. 	 *
  72. 	 * @return
  73. 	 */
  74. 	@Bean
  75. 	public CasAuthenticationFilter casAuthenticationFilter(ServiceProperties properties,
  76. 			AcmCasProperties acmCasProperties) throws Exception {
  77. 		CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
  78. 		casAuthenticationFilter.setServiceProperties(properties);
  79. 		casAuthenticationFilter.setFilterProcessesUrl(acmCasProperties.getAppServiceLoginUrl());
  80. 		casAuthenticationFilter.setAuthenticationManager(authenticationManager());
  81. 		casAuthenticationFilter
  82. 				.setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/index.html"));
  83. 		return casAuthenticationFilter;
  84. 	}
  85. }

Springboot启动类配置

  1. @SpringBootApplication
  2. @ComponentScan(basePackages = {"com.jingsir.springboot.cas"})
  3. public class Application extends SpringBootServletInitializer implements EmbeddedServletContainerCustomizer {
  4.     public static void main(String[] args) {
  5.         SpringApplication.run(Application.class);
  6.     }
  8.     @Override
  9.     public void customize(ConfigurableEmbeddedServletContainer configurableEmbeddedServletContainer) {
  10.         configurableEmbeddedServletContainer.setContextPath("/cas-web");
  11.     }
  12. }

小结

当时对CasAuthenticationEntryPoint为何配置的service回调路径不可为本应用的login登录路径有疑惑,因为会被提前拦截显示"401错误"。分析wireshark的抓包后得知结论如下

  • 第一次用户GET请求到casServerLoginUrl,返回登录页面
  • 用户输入账号与密码后POST请求到casServerLoginUrl,其会返回TGC,并不返回ticket(所以此处不可为本应用的登录路径),由于FilterSecurityInterceptor校验仍失败,则仍会由ExceptionTranslationFilter发送GET请求转发至cas登录页面
  • 第二次用户GET请求到casServerLoginUrl,cas服务根据TGC会返回Ticket
  • 客户端拿到Ticket后会路由至cas服务上的/cas/serviceValidate上进行Ticket校验,校验通过后则访问真正的路径。且后面每次的请求都会携带Ticket去cas服务上校验,直至Ticket失效后则再次进行登录

本文都是通过实例操作后所写的博客,建议理解原理之后再可参照实例来编写,不当之处欢迎指出。

Springboot security cas整合方案-实践篇的更多相关文章

  1. Springboot security cas整合方案-原理篇

    前言:网络中关于Spring security整合cas的方案有很多例,对于Springboot security整合cas方案则比较少,且有些仿制下来运行也有些错误,所以博主在此篇详细的分析cas原 ...

  2. Springboot security cas源码陶冶-CasAuthenticationFilter

    Springboot security cas整合方案中不可或缺的校验Filter类或者称为认证Filter类,其内部包含校验器.权限获取等,特开辟新地啃啃 继承结构 - AbstractAuthen ...

  3. Springboot security cas源码陶冶-ExceptionTranslationFilter

    拦截关键的两个异常,对异常进行处理.主要应用异常则跳转至cas服务端登录页面 ExceptionTranslationFilter#doFilter-逻辑入口 具体操作逻辑如下 public void ...

  4. Springboot security cas源码陶冶-FilterSecurityInterceptor

    前言:用户登录信息校验成功后,都会获得当前用户所拥有的全部权限,所以对访问的路径当前用户有无权限则需要拦截验证一发 Spring security过滤器的执行顺序 首先我们需要验证为啥FilterSe ...

  5. 【手摸手,带你搭建前后端分离商城系统】03 整合Spring Security token 实现方案,完成主业务登录

    [手摸手,带你搭建前后端分离商城系统]03 整合Spring Security token 实现方案,完成主业务登录 上节里面,我们已经将基本的前端 VUE + Element UI 整合到了一起.并 ...

  6. Spring Security 3整合CAS 实现SSO

    spring security 3整合cas client用于实现各Application之间的单点登录. 1. 需要准备的jar spring-security-core-3.0.8.RELEASE ...

  7. CAS Spring Security 3 整合配置(转)

    一般来说, Web 应用的安全性包括用户认证( Authentication )和用户授权( Authorization )两个部分.用户认证指的是验证某个用户是否为系统中的合法主体,也就是说用户能否 ...

  8. springboot+security整合(3)自定义鉴权

    说明 springboot 版本 2.0.3源码地址:点击跳转 系列 springboot+security 整合(1) springboot+security 整合(2) springboot+se ...

  9. springboot+security整合(2)自定义校验

    说明 springboot 版本 2.0.3源码地址:点击跳转 系列 springboot+security 整合(1) springboot+security 整合(2) springboot+se ...

随机推荐

  1. C/C++中peek函数的原理及应用

    C++中的peek函数 该调用形式为cin.peek() 其返回值是一个char型的字符,其返回值是指针指向的当前字符,但它只是观测,指针仍停留在当前位置,并不后移.如果要访问的字符是文件结束符,则函 ...

  2. POJ 2209 The King(简单贪心)

    The King Time Limit: 2000MS   Memory Limit: 65536K Total Submissions: 7499   Accepted: 4060 Descript ...

  3. HDU 2289 Cup【高精度,二分】

    Cup Time Limit: 3000/1000 MS (Java/Others)    Memory Limit: 32768/32768 K (Java/Others)Total Submiss ...

  4. BZOJ 1257: [CQOI2007]余数之和sum【神奇的做法,思维题】

    1257: [CQOI2007]余数之和sum Time Limit: 5 Sec  Memory Limit: 162 MBSubmit: 4474  Solved: 2083[Submit][St ...

  5. hdu_1018(斯大林公式/n!的位数)

    题意:求大数n!的位数. 根据n! = (int)log(n!)+1 方法1: log(n!) = log(1*2*3*...*n) = log1+log2+...+logn 方法2: 斯大林公式: ...

  6. Node类型知识大全

    Node类型 1.节点关系 每个节点都有一个childNodes属性,其中保存着一个NodeList对象.NodeList是一种类数组对象,用于保存一组有序的节点,可以通过位置来访问这些节点.请注意, ...

  7. str_repeat() 函数把字符串重复指定的次数。

    str_repeat() 函数把字符串重复指定的次数. str_repeat(string,repeat) 参数 描述 string 必需.规定要重复的字符串. repeat 必需.规定字符串将被重复 ...

  8. php通过ini_set调用output_compression压缩网页

    网页压缩是一种网页优化技术,可以让网页体积缩小后再传输到客户端,从而减少数据传送量,提高速度.这种技术现在使用已经相当普遍,绝大多数网页都使用了这种技术. 网页压缩可以在服务器或空间里通过参数设置启用 ...

  9. dede文章插入分页符不起作用,编辑器中出现分页符,导致文章显示不全

    文章来源:小灰博客| 时间:2013-10-30 13:40:21| 作者:Leo | 1 条评论 文章分类:IT技术分享.PHP     标签: dedecms 今天偶尔发现给一篇dede下的长文章 ...

  10. 织梦CMS搭建网站必做的服务器相关安全设置

    http://help.dedecms.com/install-use/server/2011/1109/2124.html#printSource http://www.aliweihu.com/9 ...