概述

企业内部一般都有一套单点登录系统（常用的实现有apereo cas），所有的内部系统的登录认证都对接它。本文介绍spring boot的程序如何对接CAS服务。

常用的安全框架有spring security和apache shiro。shiro的配置和使用相对简单，本文使用shrio对接CAS服务。

配置

新增依赖

pom.xml新增：

<properties> <shiro.version>1.2.4</shiro.version> </properties><dependencies><!--Apache Shiro --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-cas</artifactId> <version>${shiro.version}</version> </dependency></dependencies>

spring boot配置

application.properties

shiro.cas=https://cas.xxx.com # 这是CAS服务的地址shiro.server=http://127.0.0.1:8080 # 自己应用的地址，测试使用127即可

应用配置

初始化shiro bean，将文件放到任意子包下即可，比如xxx.config，spring boot会自动扫描加载

@Configurationpublic class ShiroCasConfiguration { private static final String casFilterUrlPattern = "/shiro-cas"; @Bean public FilterRegistrationBean filterRegistrationBean() { FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter")); filterRegistration.addInitParameter("targetFilterLifecycle", "true"); filterRegistration.setEnabled(true); filterRegistration.addUrlPatterns("/*"); return filterRegistration; } @Bean(name = "lifecycleBeanPostProcessor") public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } @Bean(name = "securityManager") public DefaultWebSecurityManager getDefaultWebSecurityManager(@Value("${shiro.cas}") String casServerUrlPrefix, @Value("${shiro.server}") String shiroServerUrlPrefix) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); CasRealm casRealm = new CasRealm(); casRealm.setDefaultRoles("ROLE_USER"); casRealm.setCasServerUrlPrefix(casServerUrlPrefix); casRealm.setCasService(shiroServerUrlPrefix + casFilterUrlPattern); securityManager.setRealm(casRealm); securityManager.setCacheManager(new MemoryConstrainedCacheManager()); securityManager.setSubjectFactory(new CasSubjectFactory()); return securityManager; } private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean) { Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>(); filterChainDefinitionMap.put(casFilterUrlPattern, "casFilter"); filterChainDefinitionMap.put("/login", "anon"); filterChainDefinitionMap.put("/bower_components/**", "anon");//可以将不需要拦截的静态文件目录加进去 filterChainDefinitionMap.put("/logout","logout"); filterChainDefinitionMap.put("/**", "authc"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); } /** * CAS Filter */ @Bean(name = "casFilter") public CasFilter getCasFilter(@Value("${shiro.cas}") String casServerUrlPrefix, @Value("${shiro.server}") String shiroServerUrlPrefix) { CasFilter casFilter = new CasFilter(); casFilter.setName("casFilter"); casFilter.setEnabled(true); String loginUrl = casServerUrlPrefix + "/login?service=" + shiroServerUrlPrefix + casFilterUrlPattern; casFilter.setFailureUrl(loginUrl); return casFilter; } @Bean(name = "shiroFilter") public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager, CasFilter casFilter, @Value("${shiro.cas}") String casServerUrlPrefix, @Value("${shiro.server}") String shiroServerUrlPrefix) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); String loginUrl = casServerUrlPrefix + "/login?service=" + shiroServerUrlPrefix + casFilterUrlPattern; shiroFilterFactoryBean.setLoginUrl(loginUrl); shiroFilterFactoryBean.setSuccessUrl("/"); Map<String, Filter> filters = new HashMap<>(); filters.put("casFilter", casFilter); LogoutFilter logoutFilter = new LogoutFilter(); logoutFilter.setRedirectUrl(casServerUrlPrefix + "/logout?service=" + shiroServerUrlPrefix); filters.put("logout",logoutFilter); shiroFilterFactoryBean.setFilters(filters); loadShiroFilterChain(shiroFilterFactoryBean); return shiroFilterFactoryBean; }}

程序中获取登录的用户名

上述配置完成后，就可以找程序中获取登录用户的名字了

public String getUsername() { Subject subject = SecurityUtils.getSubject(); if (subject == null || subject.getPrincipals() == null) { return DEFAULTUSER; } return (String) subject.getPrincipals().getPrimaryPrincipal(); }

总结

shiro使用还是比较简单的，使用的时候只需要修改application.properties即可

以上就是本文的全部内容，希望对大家的学习有所帮助，也希望大家多多支持。