本篇文章主要介紹了詳解spring boot配置單點登錄,常用的安全框架有spring security和apache shiro。內部一般都有一套單一登入系統(常用的實作有apereo cas),所有的內部系統的登入認證都對接它。的安全框架有spring security和apache shiro。
pom.xml
新增:
<properties>
<shiro.version>1.2.4</shiro.version>
</properties>
<dependencies>
<!--Apache Shiro -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-cas</artifactId>
<version>${shiro.version}</version>
</dependency>
</dependencies>登入後複製
#spring boot設定
application.properties#shiro.cas=https://cas.xxx.com # 这是CAS服务的地址
shiro.server=http://127.0.0.1:8080 # 自己应用的地址,测试使用127即可
登入後複製
應用程式設定
初始化shiro bean,將檔案放到任一子包下即可,例如xxx.config,spring boot會自動掃描載入
@Configuration
public class ShiroCasConfiguration {
private static final String casFilterUrlPattern = "/shiro-cas";
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter"));
filterRegistration.addInitParameter("targetFilterLifecycle", "true");
filterRegistration.setEnabled(true);
filterRegistration.addUrlPatterns("/*");
return filterRegistration;
}
@Bean(name = "lifecycleBeanPostProcessor")
public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
@Bean(name = "securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Value("${shiro.cas}") String casServerUrlPrefix,
@Value("${shiro.server}") String shiroServerUrlPrefix) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
CasRealm casRealm = new CasRealm();
casRealm.setDefaultRoles("ROLE_USER");
casRealm.setCasServerUrlPrefix(casServerUrlPrefix);
casRealm.setCasService(shiroServerUrlPrefix + casFilterUrlPattern);
securityManager.setRealm(casRealm);
securityManager.setCacheManager(new MemoryConstrainedCacheManager());
securityManager.setSubjectFactory(new CasSubjectFactory());
return securityManager;
}
private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean) {
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put(casFilterUrlPattern, "casFilter");
filterChainDefinitionMap.put("/login", "anon");
filterChainDefinitionMap.put("/bower_components/**", "anon");//可以将不需要拦截的静态文件目录加进去
filterChainDefinitionMap.put("/logout","logout");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
}
/**
* CAS Filter
*/
@Bean(name = "casFilter")
public CasFilter getCasFilter(@Value("${shiro.cas}") String casServerUrlPrefix,
@Value("${shiro.server}") String shiroServerUrlPrefix) {
CasFilter casFilter = new CasFilter();
casFilter.setName("casFilter");
casFilter.setEnabled(true);
String loginUrl = casServerUrlPrefix + "/login?service=" + shiroServerUrlPrefix + casFilterUrlPattern;
casFilter.setFailureUrl(loginUrl);
return casFilter;
}
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager,
CasFilter casFilter,
@Value("${shiro.cas}") String casServerUrlPrefix,
@Value("${shiro.server}") String shiroServerUrlPrefix) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
String loginUrl = casServerUrlPrefix + "/login?service=" + shiroServerUrlPrefix + casFilterUrlPattern;
shiroFilterFactoryBean.setLoginUrl(loginUrl);
shiroFilterFactoryBean.setSuccessUrl("/");
Map<String, Filter> filters = new HashMap<>();
filters.put("casFilter", casFilter);
LogoutFilter logoutFilter = new LogoutFilter();
logoutFilter.setRedirectUrl(casServerUrlPrefix + "/logout?service=" + shiroServerUrlPrefix);
filters.put("logout",logoutFilter);
shiroFilterFactoryBean.setFilters(filters);
loadShiroFilterChain(shiroFilterFactoryBean);
return shiroFilterFactoryBean;
}
}登入後複製
程式中取得登入的使用者名稱
上述設定完成後,就可以找程式中取得登入使用者的名字了public String getUsername() {
Subject subject = SecurityUtils.getSubject();
if (subject == null || subject.getPrincipals() == null) {
return DEFAULTUSER;
}
return (String) subject.getPrincipals().getPrimaryPrincipal();
}登入後複製
總結
shiro使用還是比較簡單的,使用的時候只需要修改application.properties即可#
以上是詳解spring boot設定單一登入的案例分享的詳細內容。更多資訊請關注PHP中文網其他相關文章!
