Of Stack

Example of spring boot integrating CAS Client for single sign on verification

  • 2020-12-22 17:37:43
  • OfStack

This article introduces the example of spring boot integrating CAS Client to realize single sign-on verification. I will share it with you and take notes for myself as follows:

Single sign-on (Single ES8en-ES9en, or SSO for short) is one of the most popular solutions for enterprise business integration. SSO enables users to access all trusted applications in multiple applications with only one login.

CAS Client

Responsible for handling access requests to the client's protected resources. When the requestor needs to be authenticated, redirect to CAS Server for authentication. In principle, client applications no longer accept Credentials for username and password.

Implementation 1: Use party 3's starter

1. Dependent jar 


<dependency> 
  <groupId>net.unicon.cas</groupId> 
  <artifactId>cas-client-autoconfig-support</artifactId> 
  <version>1.4.0-GA</version> 
 </dependency>

2. Add configuration files 


cas.server-url-prefix=http://127.0.0.1 
cas.server-login-url=http://127.0.0.1/login 
cas.client-host-url=http://192.26.4.28:8080 
cas.validation-type=CAS

3. Enable CAS Client support 


@SpringBootApplication 
@ComponentScan(basePackages={"com.chhliu.emailservice"}) 
@EnableCasClient //  open CAS support  
public class Application extends SpringBootServletInitializer{ 
 
 public static void main(String[] args) { 
 SpringApplication.run(Application.class, args); 
  
 } 
}

With the above 3 steps, you can complete client authentication for CAS!

4, extension,

cas. validation-type currently supports 3 methods: 1. CAS; 2. 2, CAS3; 3, SAML

Other configurations available are as follows: 


cas.authentication-url-patterns 
cas.validation-url-patterns 
cas.request-wrapper-url-patterns 
cas.assertion-thread-local-url-patterns 
cas.gateway 
cas.use-session 
cas.redirect-after-validation 
cas.allowed-proxy-chains 
cas.proxy-callback-url 
cas.proxy-receptor-url 
cas.accept-any-proxy 
server.context-parameters.renew

The exact meaning can be clearly seen in the name.

Implementation method 2: Manual configuration

We used to use CAS Client, so we need to make the following configuration in ES64en. xml: 


<filter> 
 <filter-name>authenticationFilter</filter-name> 
 <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> 
 <init-param> 
  <param-name>casServerLoginUrl</param-name> 
  <param-value>http://127.0.0.1/login</param-value> 
 </init-param> 
 <init-param> 
  <param-name>serverName</param-name> 
  <param-value>http://192.26.4.28:8080</param-value> 
 </init-param> 
 </filter> 
 <filter-mapping> 
 <filter-name>authenticationFilter</filter-name> 
 <url-pattern>/*</url-pattern> 
 </filter-mapping> 
 <!--  The filter is responsible for the Ticket You must enable it  --> 
 <filter> 
 <filter-name>validationFilter</filter-name> 
 <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> 
 <init-param> 
  <param-name>casServerUrlPrefix</param-name> 
  <param-value>http://127.0.0.1</param-value> 
 </init-param> 
 <init-param> 
  <param-name>serverName</param-name> 
  <param-value>http://192.26.4.28:8080</param-value> 
 </init-param> 
 <!-- <init-param> 
  <param-name>redirectAfterValidation</param-name> 
  <param-value>true</param-value> 
 </init-param> 
 <init-param> 
  <param-name>useSession</param-name> 
  <param-value>true</param-value> 
 </init-param> --> 
 </filter> 
 <filter-mapping> 
 <filter-name>validationFilter</filter-name> 
 <url-pattern>/*</url-pattern> 
 </filter-mapping> 
 <!--  The filter is responsible for implementation HttpServletRequest The requested package,   Such as allowing developers to pass HttpServletRequest the getRemoteUser() Methods to get SSO Login name of the logon user, optional configuration.  --> 
 <filter> 
 <filter-name>httpServletRequestWrapperFilter</filter-name> 
 <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> 
 </filter> 
 <filter-mapping> 
 <filter-name>httpServletRequestWrapperFilter</filter-name> 
 <url-pattern>/*</url-pattern> 
 </filter-mapping>

Therefore, when we manually configure Filter, we need to manually configure the corresponding Filter in xml above, the code is as follows: 


@Configuration 
@Component 
public class CasConfigure { 
 
 @Bean 
 public FilterRegistrationBean authenticationFilterRegistrationBean() { 
 FilterRegistrationBean authenticationFilter = new FilterRegistrationBean(); 
 authenticationFilter.setFilter(new AuthenticationFilter()); 
 Map<String, String> initParameters = new HashMap<String, String>(); 
 initParameters.put("casServerLoginUrl", "http://127.0.0.1/login"); 
 initParameters.put("serverName", "http://192.26.4.28:8080"); 
 authenticationFilter.setInitParameters(initParameters); 
 authenticationFilter.setOrder(2); 
 List<String> urlPatterns = new ArrayList<String>(); 
 urlPatterns.add("/*");//  Set to match url 
 authenticationFilter.setUrlPatterns(urlPatterns); 
 return authenticationFilter; 
 } 
 
 @Bean 
 public FilterRegistrationBean ValidationFilterRegistrationBean(){ 
 FilterRegistrationBean authenticationFilter = new FilterRegistrationBean(); 
 authenticationFilter.setFilter(new Cas20ProxyReceivingTicketValidationFilter()); 
 Map<String, String> initParameters = new HashMap<String, String>(); 
 initParameters.put("casServerUrlPrefix", "http://127.0.0.1"); 
 initParameters.put("serverName", "http://192.26.4.28:8080"); 
 authenticationFilter.setInitParameters(initParameters); 
 authenticationFilter.setOrder(1); 
 List<String> urlPatterns = new ArrayList<String>(); 
 urlPatterns.add("/*");//  Set to match url 
 authenticationFilter.setUrlPatterns(urlPatterns); 
 return authenticationFilter; 
 } 
 
 @Bean 
 public FilterRegistrationBean casHttpServletRequestWrapperFilter(){ 
 FilterRegistrationBean authenticationFilter = new FilterRegistrationBean(); 
 authenticationFilter.setFilter(new HttpServletRequestWrapperFilter()); 
 authenticationFilter.setOrder(3); 
 List<String> urlPatterns = new ArrayList<String>(); 
 urlPatterns.add("/*");//  Set to match url 
 authenticationFilter.setUrlPatterns(urlPatterns); 
 return authenticationFilter; 
 } 
 
 @Bean 
 public FilterRegistrationBean casAssertionThreadLocalFilter(){ 
 FilterRegistrationBean authenticationFilter = new FilterRegistrationBean(); 
 authenticationFilter.setFilter(new AssertionThreadLocalFilter()); 
 authenticationFilter.setOrder(4); 
 List<String> urlPatterns = new ArrayList<String>(); 
 urlPatterns.add("/*");//  Set to match url 
 authenticationFilter.setUrlPatterns(urlPatterns); 
 return authenticationFilter; 
 } 
}

With the above configuration, CAS Client can also be certified

Related articles: