分享Spring Boot使用Spring security 集成CAS实例

本篇文章主要介绍了详解spring boot 使用spring security 集成cas，具有一定的参考价值，感兴趣的小伙伴们可以参考一下

1.创建工程

创建Maven工程：springboot-security-cas

2.加入依赖

创建工程后，打开pom.xml，在pom.xml中加入以下内容：

 
    org.springframework.boot 
    spring-boot-starter-parent 
    1.4.3.RELEASE 
   
   
    UTF-8 
    1.8 
   
   
     
      org.springframework.boot 
      spring-boot-starter 
     
     
      org.springframework.boot 
      spring-boot-starter-web 
     
     
     
      org.springframework.boot 
      spring-boot-starter-security 
     
     
     
      org.springframework.security 
      spring-security-cas 
     
     
     
      org.springframework.security 
      spring-security-taglibs 
     
     
     
      org.springframework.boot 
      spring-boot-devtools 
      true 
     
     
      org.springframework.boot 
      spring-boot-configuration-processor 
      true 
     
   
   
     
       
        org.springframework.boot 
        spring-boot-maven-plugin 
       
     
  

3.创建application.properties

创建application.properties文件，加入以下内容：

#CAS服务地址 
cas.server.host.url=http://localhost:8081/cas 
#CAS服务登录地址 
cas.server.host.login_url=${cas.server.host.url}/login 
#CAS服务登出地址 
cas.server.host.logout_url=${cas.server.host.url}/logout?service=${app.server.host.url} 
#应用访问地址 
app.server.host.url=http://localhost:8080 
#应用登录地址 
app.login.url=/login 
#应用登出地址 
app.logout.url=/logout

4.创建入口启动类（MainConfig）

创建入口启动类MainConfig，完整代码如下：

package com.chengli.springboot; 
 
import org.springframework.boot.SpringApplication; 
import org.springframework.boot.autoconfigure.SpringBootApplication; 
import org.springframework.security.access.prepost.PreAuthorize; 
import org.springframework.web.bind.annotation.RequestMapping; 
import org.springframework.web.bind.annotation.RestController; 
 
@RestController 
@SpringBootApplication 
public class MainConfig { 
  public static void main(String[] args) { 
    SpringApplication.run(MainConfig.class, args); 
  } 
 
  @RequestMapping("/") 
  public String index() { 
    return "访问了首页哦"; 
  } 
 
  @RequestMapping("/hello") 
  public String hello() { 
    return "不验证哦"; 
  } 
 
  @PreAuthorize("hasAuthority('TEST')")//有TEST权限的才能访问 
  @RequestMapping("/security") 
  public String security() { 
    return "hello world security"; 
  } 
 
  @PreAuthorize("hasAuthority('ADMIN')")//必须要有ADMIN权限的才能访问 
  @RequestMapping("/authorize") 
  public String authorize() { 
    return "有权限访问"; 
  } 
   
  /**这里注意的是，TEST与ADMIN只是权限编码，可以自己定义一套规则，根据实际情况即可*/ 
}

5.创建Security配置类（SecurityConfig）

创建Security配置类SecurityConfig，完整代码如下：

package com.chengli.springboot.security; 
 
import org.jasig.cas.client.session.SingleSignOutFilter; 
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator; 
import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.context.annotation.Bean; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.security.cas.ServiceProperties; 
import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken; 
import org.springframework.security.cas.authentication.CasAuthenticationProvider; 
import org.springframework.security.cas.web.CasAuthenticationEntryPoint; 
import org.springframework.security.cas.web.CasAuthenticationFilter; 
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService; 
import org.springframework.security.web.authentication.logout.LogoutFilter; 
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler; 
 
import com.chengli.springboot.custom.CustomUserDetailsService; 
import com.chengli.springboot.properties.CasProperties; 
 
@Configuration 
@EnableWebSecurity //启用web权限 
@EnableGlobalMethodSecurity(prePostEnabled = true) //启用方法验证 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 
  @Autowired 
  private CasProperties casProperties; 
   
  /**定义认证用户信息获取来源，密码校验规则等*/ 
  @Override 
  protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
    super.configure(auth); 
    auth.authenticationProvider(casAuthenticationProvider()); 
    //inMemoryAuthentication 从内存中获取 
    //auth.inMemoryAuthentication().withUser("chengli").password("123456").roles("USER") 
    //.and().withUser("admin").password("123456").roles("ADMIN"); 
     
    //jdbcAuthentication从数据库中获取，但是默认是以security提供的表结构 
    //usersByUsernameQuery 指定查询用户SQL 
    //authoritiesByUsernameQuery 指定查询权限SQL 
    //auth.jdbcAuthentication().dataSource(dataSource).usersByUsernameQuery(query).authoritiesByUsernameQuery(query); 
     
    //注入userDetailsService，需要实现userDetailsService接口 
    //auth.userDetailsService(userDetailsService); 
  } 
   
  /**定义安全策略*/ 
  @Override 
  protected void configure(HttpSecurity http) throws Exception { 
    http.authorizeRequests()//配置安全策略 
      //.antMatchers("/","/hello").permitAll()//定义/请求不需要验证 
      .anyRequest().authenticated()//其余的所有请求都需要验证 
      .and() 
    .logout() 
      .permitAll()//定义logout不需要验证 
      .and() 
    .formLogin();//使用form表单登录 
     
    http.exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint()) 
      .and() 
      .addFilter(casAuthenticationFilter()) 
      .addFilterBefore(casLogoutFilter(), LogoutFilter.class) 
      .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class); 
     
    //http.csrf().disable(); //禁用CSRF 
  } 
   
  /**认证的入口*/ 
  @Bean 
  public CasAuthenticationEntryPoint casAuthenticationEntryPoint() { 
    CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint(); 
    casAuthenticationEntryPoint.setLoginUrl(casProperties.getCasServerLoginUrl()); 
    casAuthenticationEntryPoint.setServiceProperties(serviceProperties()); 
    return casAuthenticationEntryPoint; 
  } 
   
  /**指定service相关信息*/ 
  @Bean 
  public ServiceProperties serviceProperties() { 
    ServiceProperties serviceProperties = new ServiceProperties(); 
    serviceProperties.setService(casProperties.getAppServerUrl() + casProperties.getAppLoginUrl()); 
    serviceProperties.setAuthenticateAllArtifacts(true); 
    return serviceProperties; 
  } 
   
  /**CAS认证过滤器*/ 
  @Bean 
  public CasAuthenticationFilter casAuthenticationFilter() throws Exception { 
    CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter(); 
    casAuthenticationFilter.setAuthenticationManager(authenticationManager()); 
    casAuthenticationFilter.setFilterProcessesUrl(casProperties.getAppLoginUrl()); 
    return casAuthenticationFilter; 
  } 
   
  /**cas 认证 Provider*/ 
  @Bean 
  public CasAuthenticationProvider casAuthenticationProvider() { 
    CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider(); 
    casAuthenticationProvider.setAuthenticationUserDetailsService(customUserDetailsService()); 
    //casAuthenticationProvider.setUserDetailsService(customUserDetailsService()); //这里只是接口类型，实现的接口不一样，都可以的。 
    casAuthenticationProvider.setServiceProperties(serviceProperties()); 
    casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator()); 
    casAuthenticationProvider.setKey("casAuthenticationProviderKey"); 
    return casAuthenticationProvider; 
  } 
   
  /*@Bean 
  public UserDetailsService customUserDetailsService(){ 
    return new CustomUserDetailsService(); 
  }*/ 
   
  /**用户自定义的AuthenticationUserDetailsService*/ 
  @Bean 
  public AuthenticationUserDetailsService customUserDetailsService(){ 
    return new CustomUserDetailsService(); 
  } 
   
  @Bean 
  public Cas20ServiceTicketValidator cas20ServiceTicketValidator() { 
    return new Cas20ServiceTicketValidator(casProperties.getCasServerUrl()); 
  } 
   
  /**单点登出过滤器*/ 
  @Bean 
  public SingleSignOutFilter singleSignOutFilter() { 
    SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter(); 
    singleSignOutFilter.setCasServerUrlPrefix(casProperties.getCasServerUrl()); 
    singleSignOutFilter.setIgnoreInitConfiguration(true); 
    return singleSignOutFilter; 
  } 
   
  /**请求单点退出过滤器*/ 
  @Bean 
  public LogoutFilter casLogoutFilter() { 
    LogoutFilter logoutFilter = new LogoutFilter(casProperties.getCasServerLogoutUrl(), new SecurityContextLogoutHandler()); 
    logoutFilter.setFilterProcessesUrl(casProperties.getAppLogoutUrl()); 
    return logoutFilter; 
  } 
}

6.用户自定义类

MagicLight AI

AI动画视频创作平台

下载

（1）定义CasProperties，用于将properties文件指定的内容注入以方便使用，这里不注入也是可以的，可以获取Spring 当前的环境，代码如下：

package com.chengli.springboot.properties; 
import org.springframework.beans.factory.annotation.Value; 
import org.springframework.stereotype.Component; 
 
/** 
 * CAS的配置参数 
 * @author ChengLi 
 */ 
@Component 
public class CasProperties { 
  @Value("${cas.server.host.url}") 
  private String casServerUrl; 
 
  @Value("${cas.server.host.login_url}") 
  private String casServerLoginUrl; 
 
  @Value("${cas.server.host.logout_url}") 
  private String casServerLogoutUrl; 
 
  @Value("${app.server.host.url}") 
  private String appServerUrl; 
 
  @Value("${app.login.url}") 
  private String appLoginUrl; 
 
  @Value("${app.logout.url}") 
  private String appLogoutUrl; 
......省略 getters setters 方法 
}

（2）定义CustomUserDetailsService类，代码如下：

package com.chengli.springboot.custom; 
 
import java.util.HashSet; 
import java.util.Set; 
 
import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken; 
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService; 
import org.springframework.security.core.userdetails.UserDetails; 
import org.springframework.security.core.userdetails.UsernameNotFoundException; 
 
/** 
 * 用于加载用户信息 实现UserDetailsService接口，或者实现AuthenticationUserDetailsService接口 
 * @author ChengLi 
 * 
 */ 
public class CustomUserDetailsService /* 
  //实现UserDetailsService接口，实现loadUserByUsername方法 
  implements UserDetailsService { 
  @Override 
  public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 
    System.out.println("当前的用户名是："+username); 
    //这里我为了方便，就直接返回一个用户信息，实际当中这里修改为查询数据库或者调用服务什么的来获取用户信息 
    UserInfo userInfo = new UserInfo(); 
    userInfo.setUsername("admin"); 
    userInfo.setName("admin"); 
    Set authorities = new HashSet(); 
    AuthorityInfo authorityInfo = new AuthorityInfo("TEST"); 
    authorities.add(authorityInfo); 
    userInfo.setAuthorities(authorities); 
    return userInfo; 
  }*/ 
   
   
  //实现AuthenticationUserDetailsService，实现loadUserDetails方法 
  implements AuthenticationUserDetailsService { 
 
  @Override 
  public UserDetails loadUserDetails(CasAssertionAuthenticationToken token) throws UsernameNotFoundException { 
    System.out.println("当前的用户名是："+token.getName()); 
    /*这里我为了方便，就直接返回一个用户信息，实际当中这里修改为查询数据库或者调用服务什么的来获取用户信息*/ 
    UserInfo userInfo = new UserInfo(); 
    userInfo.setUsername("admin"); 
    userInfo.setName("admin"); 
    Set authorities = new HashSet(); 
    AuthorityInfo authorityInfo = new AuthorityInfo("TEST"); 
    authorities.add(authorityInfo); 
    userInfo.setAuthorities(authorities); 
    return userInfo; 
  } 
 
}

（3）定义AuthorityInfo类，用于加载当前登录用户的权限信息，实现GrantedAuthority接口，代码如下：

package com.chengli.springboot.custom; 
 
import org.springframework.security.core.GrantedAuthority; 
 
/** 
 * 权限信息 
 * 
 * @author ChengLi 
 * 
 */ 
public class AuthorityInfo implements GrantedAuthority { 
  private static final long serialVersionUID = -175781100474818800L; 
 
  /** 
   * 权限CODE 
   */ 
  private String authority; 
 
  public AuthorityInfo(String authority) { 
    this.authority = authority; 
  } 
 
  @Override 
  public String getAuthority() { 
    return authority; 
  } 
 
  public void setAuthority(String authority) { 
    this.authority = authority; 
  } 
 
}

（4）定义UserInfo类，用于加载当前用户信息，实现UserDetails接口，代码如下：

package com.chengli.springboot.custom; 
 
import java.util.Collection; 
import java.util.HashSet; 
import java.util.Set; 
 
import org.springframework.security.core.GrantedAuthority; 
import org.springframework.security.core.userdetails.UserDetails; 
 
/** 
 * 用户信息 
 * @、这里我写了几个较为常用的字段，id，name，username，password，可以根据实际的情况自己增加 
 * @author ChengLi 
 * 
 */ 
public class UserInfo implements UserDetails { 
  private static final long serialVersionUID = -1041327031937199938L; 
 
  /** 
   * 用户ID 
   */ 
  private Long id; 
 
  /** 
   * 用户名称 
   */ 
  private String name; 
 
  /** 
   * 登录名称 
   */ 
  private String username; 
 
  /** 
   * 登录密码 
   */ 
  private String password; 
 
  private boolean isAccountNonExpired = true; 
 
  private boolean isAccountNonLocked = true; 
 
  private boolean isCredentialsNonExpired = true; 
 
  private boolean isEnabled = true; 
 
  private Set authorities = new HashSet(); 
....省略getters setters 方法 
}

到这里基本就已经完成了，运行CAS Server ，将以上的application.properties文件中的地址修改为实际的地址即可运行。

【相关推荐】

1. Bootstrap Table使用心得总结

2. 详解使用spring aop实现业务层mysql 读写分离

3. Spring Boot添加MySQL数据库及JPA实例的示例代码分享

4. 分享利用Spring Boot开发Restful程序的实例教程