Home > Java > javaTutorial > body text

How to install cas-server-3.5.2?

零下一度
Release: 2017-06-23 09:27:05
Original
2691 people have browsed it

1. Install cas-server-3.5.2

Official website:

Download address: cas-server-3.5.2-release.zip

Installation reference article :

Note:

Enter the key password of
(if it is the same as the keystore password, press Enter), press Enter directly here, too Use keystore password changeit, otherwise tomcat will start with an error!

2. Configure ehcache cache

<?xml version="1.0" encoding="UTF-8"?><ehcache updateCheck="false" name="shiroCache"><defaultCachemaxElementsInMemory="10000"eternal="false"timeToIdleSeconds="120"timeToLiveSeconds="120"overflowToDisk="false"diskPersistent="false"diskExpiryThreadIntervalSeconds="120"/></ehcache>
Copy after login

3. Add maven dependency

        <dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring</artifactId><version>1.2.4</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-ehcache</artifactId><version>1.2.4</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-cas</artifactId><version>1.2.4</version></dependency>
Copy after login

4. Add the @ServletComponentScan annotation to the startup class

   SpringApplication.run(Application.
Copy after login

5. Configure shiro+cas

package com.hdwang.config.shiroCas;import com.hdwang.dao.UserDao;import org.apache.shiro.cache.ehcache.EhCacheManager;import org.apache.shiro.cas.CasFilter;import org.apache.shiro.cas.CasSubjectFactory;import org.apache.shiro.spring.LifecycleBeanPostProcessor;import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;import org.apache.shiro.spring.web.ShiroFilterFactoryBean;import org.apache.shiro.web.filter.authc.LogoutFilter;import org.apache.shiro.web.mgt.DefaultWebSecurityManager;import org.jasig.cas.client.session.SingleSignOutFilter;import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;import org.springframework.beans.factory.annotation.Qualifier;import org.springframework.boot.web.servlet.FilterRegistrationBean;import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.core.Ordered;import org.springframework.web.filter.DelegatingFilterProxy;import javax.servlet.Filter;import javax.servlet.annotation.WebListener;import java.util.HashMap;import java.util.LinkedHashMap;import java.util.Map;/**
 * Created by hdwang on 2017/6/20.
 * shiro+cas 配置 */@Configurationpublic class ShiroCasConfiguration {private static final Logger logger = LoggerFactory.getLogger(ShiroCasConfiguration.class);// cas server地址public static final String casServerUrlPrefix = "https://localhost:8443/cas";// Cas登录页面地址public static final String casLoginUrl = casServerUrlPrefix + "/login";// Cas登出页面地址public static final String casLogoutUrl = casServerUrlPrefix + "/logout";// 当前工程对外提供的服务地址public static final String shiroServerUrlPrefix = "http://localhost:8081";// casFilter UrlPatternpublic static final String casFilterUrlPattern = "/cas";// 登录地址public static final String loginUrl = casLoginUrl + "?service=" + shiroServerUrlPrefix + casFilterUrlPattern;// 登出地址(casserver启用service跳转功能,需在webapps\cas\WEB-INF\cas.properties文件中启用cas.logout.followServiceRedirects=true)public static final String logoutUrl = casLogoutUrl+"?service="+shiroServerUrlPrefix;// 登录成功地址public static final String loginSuccessUrl = "/home";// 权限认证失败跳转地址public static final String unauthorizedUrl = "/error/403.html";


    @Beanpublic EhCacheManager getEhCacheManager() {
        EhCacheManager em = new EhCacheManager();
        em.setCacheManagerConfigFile("classpath:ehcache-shiro.xml");return em;
    }

    @Bean(name = "myShiroCasRealm")public MyShiroCasRealm myShiroCasRealm(EhCacheManager cacheManager) {
        MyShiroCasRealm realm = new MyShiroCasRealm();
        realm.setCacheManager(cacheManager);//realm.setCasServerUrlPrefix(ShiroCasConfiguration.casServerUrlPrefix);// 客户端回调地址//realm.setCasService(ShiroCasConfiguration.shiroServerUrlPrefix + ShiroCasConfiguration.casFilterUrlPattern);return realm;
    }/** * 注册单点登出listener
     * @return */@Beanpublic ServletListenerRegistrationBean singleSignOutHttpSessionListener(){
        ServletListenerRegistrationBean bean = new ServletListenerRegistrationBean();
        bean.setListener(new SingleSignOutHttpSessionListener());//        bean.setName(""); //默认为bean namebean.setEnabled(true);//bean.setOrder(Ordered.HIGHEST_PRECEDENCE); //设置优先级return bean;
    }/** * 注册单点登出filter
     * @return */@Beanpublic FilterRegistrationBean singleSignOutFilter(){
        FilterRegistrationBean bean = new FilterRegistrationBean();
        bean.setName("singleSignOutFilter");
        bean.setFilter(new SingleSignOutFilter());
        bean.addUrlPatterns("/*");
        bean.setEnabled(true);//bean.setOrder(Ordered.HIGHEST_PRECEDENCE);return bean;
    }/** * 注册DelegatingFilterProxy(Shiro)
     *
     * @return * @author SHANHY
     * @create  2016年1月13日     */@Beanpublic FilterRegistrationBean delegatingFilterProxy() {
        FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
        filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter"));//  该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理filterRegistration.addInitParameter("targetFilterLifecycle", "true");
        filterRegistration.setEnabled(true);
        filterRegistration.addUrlPatterns("/*");return filterRegistration;
    }


    @Bean(name = "lifecycleBeanPostProcessor")public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {return new LifecycleBeanPostProcessor();
    }

    @Beanpublic DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator();
        daap.setProxyTargetClass(true);return daap;
    }

    @Bean(name = "securityManager")public DefaultWebSecurityManager getDefaultWebSecurityManager(MyShiroCasRealm myShiroCasRealm) {
        DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager();
        dwsm.setRealm(myShiroCasRealm);//      <!-- 用户授权/认证信息Cache, 采用EhCache 缓存 -->        dwsm.setCacheManager(getEhCacheManager());// 指定 SubjectFactorydwsm.setSubjectFactory(new CasSubjectFactory());return dwsm;
    }

    @Beanpublic AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();
        aasa.setSecurityManager(securityManager);return aasa;
    }/** * CAS过滤器
     *
     * @return * @author SHANHY
     * @create  2016年1月17日     */@Bean(name = "casFilter")public CasFilter getCasFilter() {
        CasFilter casFilter = new CasFilter();
        casFilter.setName("casFilter");
        casFilter.setEnabled(true);// 登录失败后跳转的URL,也就是 Shiro 执行 CasRealm 的 doGetAuthenticationInfo 方法向CasServer验证tiketcasFilter.setFailureUrl(loginUrl);// 我们选择认证失败后再打开登录页面return casFilter;
    }/** * ShiroFilter<br/>
     * 注意这里参数中的 StudentService 和 IScoreDao 只是一个例子,因为我们在这里可以用这样的方式获取到相关访问数据库的对象,
     * 然后读取数据库相关配置,配置到 shiroFilterFactoryBean 的访问规则中。实际项目中,请使用自己的Service来处理业务逻辑。
     *
     * @param securityManager
     * @param casFilter
     * @param userDao
     * @return * @author SHANHY
     * @create  2016年1月14日     */@Bean(name = "shiroFilter")public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager, CasFilter casFilter, UserDao userDao) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();// 必须设置 SecurityManager        shiroFilterFactoryBean.setSecurityManager(securityManager);// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面        shiroFilterFactoryBean.setLoginUrl(loginUrl);// 登录成功后要跳转的连接        shiroFilterFactoryBean.setSuccessUrl(loginSuccessUrl);
        shiroFilterFactoryBean.setUnauthorizedUrl(unauthorizedUrl);// 添加casFilter到shiroFilter中Map<String, Filter> filters = new HashMap<>();
        filters.put("casFilter", casFilter);       // filters.put("logout",logoutFilter());        shiroFilterFactoryBean.setFilters(filters);

        loadShiroFilterChain(shiroFilterFactoryBean, userDao);return shiroFilterFactoryBean;
    }/** * 加载shiroFilter权限控制规则(从数据库读取然后配置),角色/权限信息由MyShiroCasRealm对象提供doGetAuthorizationInfo实现获取来的
     *
     * @author SHANHY
     * @create  2016年1月14日     */private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean, UserDao userDao){/////////////////////// 下面这些规则配置最好配置到配置文件中 ///////////////////////Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();// authc:该过滤器下的页面必须登录后才能访问,它是Shiro内置的一个拦截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter// anon: 可以理解为不拦截// user: 登录了就不拦截// roles["admin"] 用户拥有admin角色// perms["permission1"] 用户拥有permission1权限// filter顺序按照定义顺序匹配,匹配到就验证,验证完毕结束。// url匹配通配符支持:? * **,分别表示匹配1个,匹配0-n个(不含子路径),匹配下级所有路径//1.shiro集成cas后,首先添加该规则filterChainDefinitionMap.put(casFilterUrlPattern, "casFilter");//filterChainDefinitionMap.put("/logout","logout"); //logut请求采用logout filter//2.不拦截的请求filterChainDefinitionMap.put("/css/**","anon");
        filterChainDefinitionMap.put("/js/**","anon");
        filterChainDefinitionMap.put("/login", "anon");
        filterChainDefinitionMap.put("/logout","anon");
        filterChainDefinitionMap.put("/error","anon");//3.拦截的请求(从本地数据库获取或者从casserver获取(webservice,http等远程方式),看你的角色权限配置在哪里)filterChainDefinitionMap.put("/user", "authc"); //需要登录filterChainDefinitionMap.put("/user/add/**", "authc,roles[admin]"); //需要登录,且用户角色为adminfilterChainDefinitionMap.put("/user/delete/**", "authc,perms[\"user:delete\"]"); //需要登录,且用户有权限为user:delete//4.登录过的不拦截filterChainDefinitionMap.put("/**", "user");

        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    }

}
Copy after login
package com.hdwang.config.shiroCas;import javax.annotation.PostConstruct;import com.hdwang.dao.UserDao;import com.hdwang.entity.User;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.cas.CasRealm;import org.apache.shiro.subject.PrincipalCollection;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.beans.factory.annotation.Autowired;import java.util.HashSet;import java.util.Set;/**
 * Created by hdwang on 2017/6/20.
 * 安全数据源 */public class MyShiroCasRealm extends CasRealm{private static final Logger logger = LoggerFactory.getLogger(MyShiroCasRealm.class);

    @Autowiredprivate UserDao userDao;

    @PostConstructpublic void initProperty(){//      setDefaultRoles("ROLE_USER");        setCasServerUrlPrefix(ShiroCasConfiguration.casServerUrlPrefix);// 客户端回调地址setCasService(ShiroCasConfiguration.shiroServerUrlPrefix + ShiroCasConfiguration.casFilterUrlPattern);
    }//    /**//     * 1、CAS认证 ,验证用户身份//     * 2、将用户基本信息设置到会话中(不用了,随时可以获取的)//     *///    @Override//    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) {////        AuthenticationInfo authc = super.doGetAuthenticationInfo(token);////        String account = (String) authc.getPrincipals().getPrimaryPrincipal();////        User user = userDao.getByName(account);//        //将用户信息存入session中//        SecurityUtils.getSubject().getSession().setAttribute("user", user);////        return authc;//    }/** * 权限认证,为当前登录的Subject授予角色和权限
     * @see 经测试:本例中该方法的调用时机为需授权资源被访问时
     * @see 经测试:并且每次访问需授权资源时都会执行该方法中的逻辑,这表明本例中默认并未启用AuthorizationCache
     * @see 经测试:如果连续访问同一个URL(比如刷新),该方法不会被重复调用,Shiro有一个时间间隔(也就是cache时间,在ehcache-shiro.xml中配置),超过这个时间间隔再刷新页面,该方法会被执行     */@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        logger.info("##################执行Shiro权限认证##################");//获取当前登录输入的用户名,等价于(String) principalCollection.fromRealm(getName()).iterator().next();String loginName = (String)super.getAvailablePrincipal(principalCollection);//到数据库查是否有此对象(1.本地查询 2.可以远程查询casserver 3.可以由casserver带过来角色/权限其它信息)User user=userDao.getByName(loginName);// 实际项目中,这里可以根据实际情况做缓存,如果不做,Shiro自己也是有时间间隔机制,2分钟内不会重复执行该方法if(user!=null){//权限信息对象info,用来存放查出的用户的所有的角色(role)及权限(permission)SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();//给用户添加角色(让shiro去验证)Set<String> roleNames = new HashSet<>();if(user.getName().equals("boy5")){
                roleNames.add("admin");
            }
            info.setRoles(roleNames);if(user.getName().equals("李四")){//给用户添加权限(让shiro去验证)info.addStringPermission("user:delete");
            }// 或者按下面这样添加//添加一个角色,不是配置意义上的添加,而是证明该用户拥有admin角色//            simpleAuthorInfo.addRole("admin");//添加权限//            simpleAuthorInfo.addStringPermission("admin:manage");//            logger.info("已为用户[mike]赋予了[admin]角色和[admin:manage]权限");return info;
        }// 返回null的话,就会导致任何用户访问被拦截的请求时,都会自动跳转到unauthorizedUrl指定的地址return null;
    }

}
Copy after login
package com.hdwang.controller;import com.hdwang.config.shiroCas.ShiroCasConfiguration;import com.hdwang.entity.User;import org.springframework.stereotype.Controller;import org.springframework.ui.Model;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RequestMethod;import javax.servlet.http.HttpSession;/**
 * Created by hdwang on 2017/6/21.
 * 跳转至cas server去登录(一个入口) */@Controller
@RequestMapping("")public class CasLoginController {/** * 一般用不到
     * @param model
     * @return */@RequestMapping(value="/login",method= RequestMethod.GET)public String loginForm(Model model){
        model.addAttribute("user", new User());//      return "login";return "redirect:" + ShiroCasConfiguration.loginUrl;
    }


    @RequestMapping(value = "logout", method = { RequestMethod.GET,
            RequestMethod.POST })public String loginout(HttpSession session)
    {return "redirect:"+ShiroCasConfiguration.logoutUrl;
    }
}
Copy after login
package com.hdwang.controller;import com.alibaba.fastjson.JSONObject;import com.hdwang.entity.User;import com.hdwang.service.datajpa.UserService;import org.apache.shiro.SecurityUtils;import org.apache.shiro.mgt.SecurityManager;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.stereotype.Controller;import org.springframework.ui.ModelMap;import org.springframework.web.bind.annotation.RequestMapping;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpSession;/**
 * Created by hdwang on 2017/6/19. */@Controller
@RequestMapping("/home")public class HomeController {

    @Autowired
    UserService userService;

    @RequestMapping("")public String index(HttpSession session, ModelMap map, HttpServletRequest request){//        User user = (User) session.getAttribute("user");System.out.println(request.getUserPrincipal().getName());
        System.out.println(SecurityUtils.getSubject().getPrincipal());

        User loginUser = userService.getLoginUser();
        System.out.println(JSONObject.toJSONString(loginUser));

        map.put("user",loginUser);return "home";
    }



}
Copy after login

6. Run verification

Login

Visit: http://localhost:8081/home

Jump to: https://localhost:8443/cas/login?service=http://localhost:8081/cas

Enter the correct username and password to log in and jump back to: http: //localhost:8081/cas?ticket=ST-203-GUheN64mOZec9IWZSH1B-cas01.example.org

Finally jumps back to: http://localhost:8081/home

Logout

Visit: http://localhost:8081/logout

Jump to: https://localhost:8443/cas/logout?service=http: //localhost:8081

Since you are not logged in and the login steps are performed again, https://localhost:8443/cas/login?service=http://localhost:8081/cas
# is finally returned.

##After successful login this time, return: http://localhost:8081/

Log out from the cas server (also OK)

Access: https ://localhost:8443/cas/logout

Visit again: http://localhost:8081/home will jump to the login page, perfect!

Reference Article

1.

Spring Boot integrates Shiro and CAS

2.

Cas Server and Cas Client Configuration and deployment

3. Chapter 1 Introduction to Shiro - "Learn Shiro from me"

4.shiro-cas single point exit

5.

CAS Shiro’s problem of not being able to log out during single sign-on

The above is the detailed content of How to install cas-server-3.5.2?. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template