前言
因为前段时间工作需要,需要使用Shiro来集成单点登录系统,本篇文章记录一下集成中如何使用。
关于Shiro的基本使用,在这里也有一篇文章来介绍:超详细springboot+apache shiro+redis
有需要的朋友可以看看。
下面就直接附上代码,关键地方代码中都有注释。
@Configurationpublic class ShiroCasConfiguration {private Logger log = LoggerFactory.getLogger(ShiroCasConfiguration.class);//Cas服务器地址@Value("${sso_server}")private String casServerUrlPrefix;//触发本地进行Cas认证的地址@Value("${self_server}")private String casService;//成功后需要返回的页面@Value("${cas_successUrl}")private String successUrl;// 登录地址public static String loginUrl;@Bean(name = "casRealm")public CasRealm myShiroCasRealm() {// 如需要可以自定义认证Realm来继承CasRealm// CustomCasRealm realm = new CustomCasRealm();CasRealm realm = new CasRealm();realm.setCachingEnabled(true);realm.setAuthenticationCachingEnabled(true);realm.setAuthenticationCacheName("authenticationCache");realm.setAuthorizationCachingEnabled(true);realm.setAuthorizationCacheName("authorizationCache");//此出的IP地址一定是CAS 认证的地址。realm.setCasServerUrlPrefix("http://xx.xx.xx/cas");realm.setCasService(casService);loginUrl = casServerUrlPrefix + "/login?service=" + casService;log.info("loginUrl:[{}]", loginUrl);return realm;}@Beanpublic FilterRegistrationBean filterRegistrationBean() {FilterRegistrationBean filterRegistration = new FilterRegistrationBean();filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter"));// 该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理filterRegistration.addInitParameter("targetFilterLifecycle", "true");filterRegistration.setEnabled(true);filterRegistration.addUrlPatterns("/*");return filterRegistration;}@Bean(name = "lifecycleBeanPostProcessor")public static LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {return new LifecycleBeanPostProcessor();}@Beanpublic DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator();daap.setProxyTargetClass(true);return daap;}@Bean(name = "securityManager")public DefaultWebSecurityManager getDefaultWebSecurityManager(CasRealm casRealm) {DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager();dwsm.setRealm(casRealm);//<!-- 用户授权/认证信息Cache, 采用EhCache 缓存 -->// dwsm.setCacheManager(getEhCacheManager());// 指定 SubjectFactorydwsm.setSubjectFactory(new CasSubjectFactory());return dwsm;}/*** 不配置也行,看需要** @param securityManager* @return*/@Beanpublic AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();aasa.setSecurityManager(securityManager);return aasa;}@Bean(name = "shiroFilter")public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager,CasFilter casFilter) {ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();// 必须设置 SecurityManagershiroFilterFactoryBean.setSecurityManager(securityManager);// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面shiroFilterFactoryBean.setLoginUrl(loginUrl);// 登录成功后要跳转的连接shiroFilterFactoryBean.setSuccessUrl(successUrl);shiroFilterFactoryBean.setUnauthorizedUrl(loginUrl);// 添加casFilter到shiroFilter中Map<String, Filter> filters = new HashMap<String, Filter>();//触发进行本地cas认证Filter的urlfilters.put("casFilter", casFilter);// authcFilterFormAuthenticationFilter authcFilter = new FormAuthenticationFilter();authcFilter.setLoginUrl(loginUrl);authcFilter.setSuccessUrl(successUrl);filters.put("authc", authcFilter);// logoutFilterLogoutFilter logoutFilter = new LogoutFilter();logoutFilter.setRedirectUrl(loginUrl);filters.put("logout", logoutFilter);shiroFilterFactoryBean.setFilters(filters);loadShiroFilterChain(shiroFilterFactoryBean);return shiroFilterFactoryBean;}@Bean(name = "casFilter")public CasFilter getCasFilter() {CasFilter casFilter = new CasFilter();casFilter.setName("casFilter");casFilter.setEnabled(true);// 登录失败后跳转的URL,也就是 Shiro 执行 CasRealm 的 doGetAuthenticationInfo// 方法向CasServer验证tiketcasFilter.setFailureUrl(loginUrl);// 我们选择认证失败后再打开登录页面return casFilter;}private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean) {Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();filterChainDefinitionMap.put("/cas", "casFilter");// shiro集成cas后,首先添加该规则filterChainDefinitionMap.put("/**", "authc");// authc /anon /可以理解为不拦截shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);}@Beanpublic ServletListenerRegistrationBean singleSignOutHttpSessionListener() {ServletListenerRegistrationBean bean = new ServletListenerRegistrationBean();bean.setListener(new SingleSignOutHttpSessionListener());// bean.setName(""); //默认为bean namebean.setEnabled(true);// bean.setOrder(Ordered.HIGHEST_PRECEDENCE); //设置优先级return bean;}/*** 注册单点登出filter** @return*/@Beanpublic FilterRegistrationBean singleSignOutFilter() {FilterRegistrationBean bean = new FilterRegistrationBean();bean.setName("singleSignOutFilter");bean.setFilter(new SingleSignOutFilter());bean.addUrlPatterns("/*");bean.setEnabled(true);bean.setOrder(Ordered.HIGHEST_PRECEDENCE);// 防止其他filter冲突return bean;}}
