本篇文章主要介绍了详解spring boot配置单点登录,常用的安全框架有spring security和apache shiro。shiro的配置和使用相对简单,本文使用shrio对接CAS服务。
概述
企业内部一般都有一套单点登录系统(常用的实现有apereo cas),所有的内部系统的登录认证都对接它。本文介绍spring boot的程序如何对接CAS服务。
常用的安全框架有spring security和apache shiro。shiro的配置和使用相对简单,本文使用shrio对接CAS服务。
配置
新增依赖
pom.xml新增:
1.2.4org.apache.shiroshiro-spring${shiro.version}org.apache.shiroshiro-ehcache${shiro.version}org.apache.shiroshiro-cas${shiro.version}
spring boot配置
application.properties
shiro.cas=https://cas.xxx.com # 这是CAS服务的地址 shiro.server=http://127.0.0.1:8080 # 自己应用的地址,测试使用127即可
应用配置
初始化shiro bean,将文件放到任意子包下即可,比如xxx.config,spring boot会自动扫描加载
@Configuration public class ShiroCasConfiguration { private static final String casFilterUrlPattern = "/shiro-cas"; @Bean public FilterRegistrationBean filterRegistrationBean() { FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter")); filterRegistration.addInitParameter("targetFilterLifecycle", "true"); filterRegistration.setEnabled(true); filterRegistration.addUrlPatterns("/*"); return filterRegistration; } @Bean(name = "lifecycleBeanPostProcessor") public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } @Bean(name = "securityManager") public DefaultWebSecurityManager getDefaultWebSecurityManager(@Value("${shiro.cas}") String casServerUrlPrefix, @Value("${shiro.server}") String shiroServerUrlPrefix) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); CasRealm casRealm = new CasRealm(); casRealm.setDefaultRoles("ROLE_USER"); casRealm.setCasServerUrlPrefix(casServerUrlPrefix); casRealm.setCasService(shiroServerUrlPrefix + casFilterUrlPattern); securityManager.setRealm(casRealm); securityManager.setCacheManager(new MemoryConstrainedCacheManager()); securityManager.setSubjectFactory(new CasSubjectFactory()); return securityManager; } private void loadShiroFilterChain(ShiroFilterfactorybean shiroFilterfactorybean) { Map filterChainDeFinitionMap = new LinkedHashMap(); filterChainDeFinitionMap.put(casFilterUrlPattern, "casFilter"); filterChainDeFinitionMap.put("/login", "anon"); filterChainDeFinitionMap.put("/bower_components/**", "anon");//可以将不需要拦截的静态文件目录加进去 filterChainDeFinitionMap.put("/logout","logout"); filterChainDeFinitionMap.put("/**", "authc"); shiroFilterfactorybean.setFilterChainDeFinitionMap(filterChainDeFinitionMap); } /** * CAS Filter */ @Bean(name = "casFilter") public CasFilter getCasFilter(@Value("${shiro.cas}") String casServerUrlPrefix, @Value("${shiro.server}") String shiroServerUrlPrefix) { CasFilter casFilter = new CasFilter(); casFilter.setName("casFilter"); casFilter.setEnabled(true); String loginUrl = casServerUrlPrefix + "/login?service=" + shiroServerUrlPrefix + casFilterUrlPattern; casFilter.setFailureUrl(loginUrl); return casFilter; } @Bean(name = "shiroFilter") public ShiroFilterfactorybean getShiroFilterfactorybean(DefaultWebSecurityManager securityManager, CasFilter casFilter, @Value("${shiro.cas}") String casServerUrlPrefix, @Value("${shiro.server}") String shiroServerUrlPrefix) { ShiroFilterfactorybean shiroFilterfactorybean = new ShiroFilterfactorybean(); shiroFilterfactorybean.setSecurityManager(securityManager); String loginUrl = casServerUrlPrefix + "/login?service=" + shiroServerUrlPrefix + casFilterUrlPattern; shiroFilterfactorybean.setLoginUrl(loginUrl); shiroFilterfactorybean.setSuccessUrl("/"); Map filters = new HashMap(); filters.put("casFilter", casFilter); logoutFilter logoutFilter = new logoutFilter(); logoutFilter.setRedirectUrl(casServerUrlPrefix + "/logout?service=" + shiroServerUrlPrefix); filters.put("logout",logoutFilter); shiroFilterfactorybean.setFilters(filters); loadShiroFilterChain(shiroFilterfactorybean); return shiroFilterfactorybean; } }
public String getUsername() { Subject subject = SecurityUtils.getSubject(); if (subject == null || subject.getPrincipals() == null) { return DEFAULTUSER; } return (String) subject.getPrincipals().getPrimaryPrincipal(); }
总结
shiro使用还是比较简单的,使用的时候只需要修改application.properties即可
