Example of spring boot integrating CAS Client for single sign on verification
- 2020-12-22 17:37:43
- OfStack
This article introduces the example of spring boot integrating CAS Client to realize single sign-on verification. I will share it with you and take notes for myself as follows:
Single sign-on (Single ES8en-ES9en, or SSO for short) is one of the most popular solutions for enterprise business integration. SSO enables users to access all trusted applications in multiple applications with only one login.
CAS Client
Responsible for handling access requests to the client's protected resources. When the requestor needs to be authenticated, redirect to CAS Server for authentication. In principle, client applications no longer accept Credentials for username and password.
Implementation 1: Use party 3's starter
1. Dependent jar
<dependency>
<groupId>net.unicon.cas</groupId>
<artifactId>cas-client-autoconfig-support</artifactId>
<version>1.4.0-GA</version>
</dependency>
2. Add configuration files
cas.server-url-prefix=http://127.0.0.1
cas.server-login-url=http://127.0.0.1/login
cas.client-host-url=http://192.26.4.28:8080
cas.validation-type=CAS
3. Enable CAS Client support
@SpringBootApplication
@ComponentScan(basePackages={"com.chhliu.emailservice"})
@EnableCasClient // open CAS support
public class Application extends SpringBootServletInitializer{
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
With the above 3 steps, you can complete client authentication for CAS!
4, extension,
cas. validation-type currently supports 3 methods: 1. CAS; 2. 2, CAS3; 3, SAML
Other configurations available are as follows:
cas.authentication-url-patterns
cas.validation-url-patterns
cas.request-wrapper-url-patterns
cas.assertion-thread-local-url-patterns
cas.gateway
cas.use-session
cas.redirect-after-validation
cas.allowed-proxy-chains
cas.proxy-callback-url
cas.proxy-receptor-url
cas.accept-any-proxy
server.context-parameters.renew
The exact meaning can be clearly seen in the name.
Implementation method 2: Manual configuration
We used to use CAS Client, so we need to make the following configuration in ES64en. xml:
<filter>
<filter-name>authenticationFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://127.0.0.1/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://192.26.4.28:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>authenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- The filter is responsible for the Ticket You must enable it -->
<filter>
<filter-name>validationFilter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://127.0.0.1</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://192.26.4.28:8080</param-value>
</init-param>
<!-- <init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>true</param-value>
</init-param> -->
</filter>
<filter-mapping>
<filter-name>validationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- The filter is responsible for implementation HttpServletRequest The requested package, Such as allowing developers to pass HttpServletRequest the getRemoteUser() Methods to get SSO Login name of the logon user, optional configuration. -->
<filter>
<filter-name>httpServletRequestWrapperFilter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>httpServletRequestWrapperFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Therefore, when we manually configure Filter, we need to manually configure the corresponding Filter in xml above, the code is as follows:
@Configuration
@Component
public class CasConfigure {
@Bean
public FilterRegistrationBean authenticationFilterRegistrationBean() {
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new AuthenticationFilter());
Map<String, String> initParameters = new HashMap<String, String>();
initParameters.put("casServerLoginUrl", "http://127.0.0.1/login");
initParameters.put("serverName", "http://192.26.4.28:8080");
authenticationFilter.setInitParameters(initParameters);
authenticationFilter.setOrder(2);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// Set to match url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
@Bean
public FilterRegistrationBean ValidationFilterRegistrationBean(){
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new Cas20ProxyReceivingTicketValidationFilter());
Map<String, String> initParameters = new HashMap<String, String>();
initParameters.put("casServerUrlPrefix", "http://127.0.0.1");
initParameters.put("serverName", "http://192.26.4.28:8080");
authenticationFilter.setInitParameters(initParameters);
authenticationFilter.setOrder(1);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// Set to match url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
@Bean
public FilterRegistrationBean casHttpServletRequestWrapperFilter(){
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new HttpServletRequestWrapperFilter());
authenticationFilter.setOrder(3);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// Set to match url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
@Bean
public FilterRegistrationBean casAssertionThreadLocalFilter(){
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new AssertionThreadLocalFilter());
authenticationFilter.setOrder(4);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// Set to match url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
}
With the above configuration, CAS Client can also be certified