Home > Java > javaTutorial > body text

Detailed explanation of spring boot configuration single sign-on case sharing

黄舟
Release: 2017-03-24 10:36:16
Original
2774 people have browsed it

This article mainly introduces the detailed explanation of spring boot configuration single sign-on, commonly used SecurityFrameworkThere are spring security and apache shiro. The configuration and use of shiro are relatively simple. This article uses shrio to connect CAS services.

Overview

Enterprise. There is generally a single sign-on system internally (a commonly used implementation is apereo cas), and all internal system login authentications are connected to it. This article introduces how the spring boot program connects to CAS services.

Commonly used. The security frameworks include spring security and apache shiro. The configuration and use of shiro are relatively simple. This article uses shrio to connect to the CAS service.

Configuration

##New dependencies.

pom.

xmlNew:

<properties>
  <shiro.version>1.2.4</shiro.version>
 </properties>
<dependencies>
<!--Apache Shiro -->
  <dependency>
   <groupId>org.apache.shiro</groupId>
   <artifactId>shiro-spring</artifactId>
   <version>${shiro.version}</version>
  </dependency>
  <dependency>
   <groupId>org.apache.shiro</groupId>
   <artifactId>shiro-ehcache</artifactId>
   <version>${shiro.version}</version>
  </dependency>
  <dependency>
   <groupId>org.apache.shiro</groupId>
   <artifactId>shiro-cas</artifactId>
   <version>${shiro.version}</version>
  </dependency>
</dependencies>
Copy after login

spring boot configuration

application.properties

shiro.cas=https://cas.xxx.com # 这是CAS服务的地址
shiro.server=http://127.0.0.1:8080 # 自己应用的地址,测试使用127即可
Copy after login

Application configuration

Initialize shiro bean, just put the file under any sub-package, such as xxx.config, spring boot will automatically scan and load

@Configuration
public class ShiroCasConfiguration {
 private static final String casFilterUrlPattern = "/shiro-cas";

 @Bean
 public FilterRegistrationBean filterRegistrationBean() {
  FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
  filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter"));
  filterRegistration.addInitParameter("targetFilterLifecycle", "true");
  filterRegistration.setEnabled(true);
  filterRegistration.addUrlPatterns("/*");
  return filterRegistration;
 }

 @Bean(name = "lifecycleBeanPostProcessor")
 public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
  return new LifecycleBeanPostProcessor();
 }

 @Bean(name = "securityManager")
 public DefaultWebSecurityManager getDefaultWebSecurityManager(@Value("${shiro.cas}") String casServerUrlPrefix,
                 @Value("${shiro.server}") String shiroServerUrlPrefix) {
  DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
  CasRealm casRealm = new CasRealm();
  casRealm.setDefaultRoles("ROLE_USER");
  casRealm.setCasServerUrlPrefix(casServerUrlPrefix);
  casRealm.setCasService(shiroServerUrlPrefix + casFilterUrlPattern);
  securityManager.setRealm(casRealm);
  securityManager.setCacheManager(new MemoryConstrainedCacheManager());
  securityManager.setSubjectFactory(new CasSubjectFactory());
  return securityManager;
 }

 private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean) {
  Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();

  filterChainDefinitionMap.put(casFilterUrlPattern, "casFilter");
  filterChainDefinitionMap.put("/login", "anon");
  filterChainDefinitionMap.put("/bower_components/**", "anon");//可以将不需要拦截的静态文件目录加进去
  filterChainDefinitionMap.put("/logout","logout");
  filterChainDefinitionMap.put("/**", "authc");
  shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
 }

 /**
  * CAS Filter
  */
 @Bean(name = "casFilter")
 public CasFilter getCasFilter(@Value("${shiro.cas}") String casServerUrlPrefix,
         @Value("${shiro.server}") String shiroServerUrlPrefix) {
  CasFilter casFilter = new CasFilter();
  casFilter.setName("casFilter");
  casFilter.setEnabled(true);
  String loginUrl = casServerUrlPrefix + "/login?service=" + shiroServerUrlPrefix + casFilterUrlPattern;
  casFilter.setFailureUrl(loginUrl);
  return casFilter;
 }

 @Bean(name = "shiroFilter")
 public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager,
               CasFilter casFilter,
               @Value("${shiro.cas}") String casServerUrlPrefix,
               @Value("${shiro.server}") String shiroServerUrlPrefix) {
  ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
  shiroFilterFactoryBean.setSecurityManager(securityManager);
  String loginUrl = casServerUrlPrefix + "/login?service=" + shiroServerUrlPrefix + casFilterUrlPattern;
  shiroFilterFactoryBean.setLoginUrl(loginUrl);
  shiroFilterFactoryBean.setSuccessUrl("/");
  Map<String, Filter> filters = new HashMap<>();
  filters.put("casFilter", casFilter);
  LogoutFilter logoutFilter = new LogoutFilter();
  logoutFilter.setRedirectUrl(casServerUrlPrefix + "/logout?service=" + shiroServerUrlPrefix);
  filters.put("logout",logoutFilter);
  shiroFilterFactoryBean.setFilters(filters);

  loadShiroFilterChain(shiroFilterFactoryBean);
  return shiroFilterFactoryBean;
 }
}
Copy after login

Get the login user name in the program

After the above configuration is completed, you can get the login user name in the program

public String getUsername() {
  Subject subject = SecurityUtils.getSubject();
  if (subject == null || subject.getPrincipals() == null) {
   return DEFAULTUSER;
  }
  return (String) subject.getPrincipals().getPrimaryPrincipal();
 }
Copy after login

Summary

Shiro is relatively simple to use. When using it, you only need to modify application.properties


The above is the detailed content of Detailed explanation of spring boot configuration single sign-on case sharing. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template