详解spring boot配置单点登录_Java教程

概述

企业内部一般都有一套单点登录系统（常用的实现有apereo cas），所有的内部系统的登录认证都对接它。本文介绍spring boot的程序如何对接CAS服务。

常用的安全框架有spring security和apache shiro。shiro的配置和使用相对简单，本文使用shrio对接CAS服务。

配置

新增依赖

pom.xml新增：

									<properties>

									  <shiro.version>1.2.4</shiro.version>

									 </properties>

									<dependencies>

									<!--Apache Shiro -->

									  <dependency>

									   <groupId>org.apache.shiro</groupId>

									   <artifactId>shiro-spring</artifactId>

									   <version>${shiro.version}</version>

									  </dependency>

									  <dependency>

									   <groupId>org.apache.shiro</groupId>

									   <artifactId>shiro-ehcache</artifactId>

									   <version>${shiro.version}</version>

									  </dependency>

									  <dependency>

									   <groupId>org.apache.shiro</groupId>

									   <artifactId>shiro-cas</artifactId>

									   <version>${shiro.version}</version>

									  </dependency>

									</dependencies>

spring boot配置

application.properties

1 2	`shiro.cas=https://cas.xxx.com # 这是CAS服务的地址` `shiro.server=http://127.0.0.1:8080 # 自己应用的地址，测试使用127即可`

应用配置

初始化shiro bean，将文件放到任意子包下即可，比如xxx.config，spring boot会自动扫描加载

									@Configuration

									public class ShiroCasConfiguration {

									 private static final String casFilterUrlPattern = "/shiro-cas";

									 @Bean

									 public FilterRegistrationBean filterRegistrationBean() {

									  FilterRegistrationBean filterRegistration = new FilterRegistrationBean();

									  filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter"));

									  filterRegistration.addInitParameter("targetFilterLifecycle", "true");

									  filterRegistration.setEnabled(true);

									  filterRegistration.addUrlPatterns("/*");

									  return filterRegistration;

									 }

									 @Bean(name = "lifecycleBeanPostProcessor")

									 public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {

									  return new LifecycleBeanPostProcessor();

									 }

									 @Bean(name = "securityManager")

									 public DefaultWebSecurityManager getDefaultWebSecurityManager(@Value("${shiro.cas}") String casServerUrlPrefix,

									                 @Value("${shiro.server}") String shiroServerUrlPrefix) {

									  DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();

									  CasRealm casRealm = new CasRealm();

									  casRealm.setDefaultRoles("ROLE_USER");

									  casRealm.setCasServerUrlPrefix(casServerUrlPrefix);

									  casRealm.setCasService(shiroServerUrlPrefix + casFilterUrlPattern);

									  securityManager.setRealm(casRealm);

									  securityManager.setCacheManager(new MemoryConstrainedCacheManager());

									  securityManager.setSubjectFactory(new CasSubjectFactory());

									  return securityManager;

									 }

									 private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean) {

									  Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();

									  filterChainDefinitionMap.put(casFilterUrlPattern, "casFilter");

									  filterChainDefinitionMap.put("/login", "anon");

									  filterChainDefinitionMap.put("/bower_components/**", "anon");//可以将不需要拦截的静态文件目录加进去

									  filterChainDefinitionMap.put("/logout","logout");

									  filterChainDefinitionMap.put("/**", "authc");

									  shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

									 }

									 /**

									  * CAS Filter

									  */

									 @Bean(name = "casFilter")

									 public CasFilter getCasFilter(@Value("${shiro.cas}") String casServerUrlPrefix,

									         @Value("${shiro.server}") String shiroServerUrlPrefix) {

									  CasFilter casFilter = new CasFilter();

									  casFilter.setName("casFilter");

									  casFilter.setEnabled(true);

									  String loginUrl = casServerUrlPrefix + "/login?service=" + shiroServerUrlPrefix + casFilterUrlPattern;

									  casFilter.setFailureUrl(loginUrl);

									  return casFilter;

									 }

									 @Bean(name = "shiroFilter")

									 public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager,

									               CasFilter casFilter,

									               @Value("${shiro.cas}") String casServerUrlPrefix,

									               @Value("${shiro.server}") String shiroServerUrlPrefix) {

									  ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

									  shiroFilterFactoryBean.setSecurityManager(securityManager);

									  String loginUrl = casServerUrlPrefix + "/login?service=" + shiroServerUrlPrefix + casFilterUrlPattern;

									  shiroFilterFactoryBean.setLoginUrl(loginUrl);

									  shiroFilterFactoryBean.setSuccessUrl("/");

									  Map<String, Filter> filters = new HashMap<>();

									  filters.put("casFilter", casFilter);

									  LogoutFilter logoutFilter = new LogoutFilter();

									  logoutFilter.setRedirectUrl(casServerUrlPrefix + "/logout?service=" + shiroServerUrlPrefix);

									  filters.put("logout",logoutFilter);

									  shiroFilterFactoryBean.setFilters(filters);

									  loadShiroFilterChain(shiroFilterFactoryBean);

									  return shiroFilterFactoryBean;

									 }

									}

程序中获取登录的用户名

上述配置完成后，就可以找程序中获取登录用户的名字了

									public String getUsername() {

									  Subject subject = SecurityUtils.getSubject();

									  if (subject == null || subject.getPrincipals() == null) {

									   return DEFAULTUSER;

									  }

									  return (String) subject.getPrincipals().getPrimaryPrincipal();

									 }