一、引入pom依赖
<!-- spring-security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>5.0.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.0.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>5.0.1.RELEASE</version>
</dependency>
<!-- Spring集成Cas单点登录 -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
<version>5.0.1.RELEASE</version>
</dependency>
<!-- cas -->
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.3.3</version>
<!-- 排除log4j包冲突 -->
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency>
二、配置web.xml,添加SpringSecurity配置
<!--SpringSecurity-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/spring-security.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
三、配置SpringSecurity配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- 放行静态资源-->
<http pattern="/css/**" security="none"></http>
<http pattern="/img/**" security="none"></http>
<http pattern="/js/**" security="none"></http>
<http pattern="/plugins/**" security="none"></http>
<http pattern="/fonts/**" security="none"></http>
<http pattern="/index.html" security="none"></http>
<http pattern="/search.html" security="none"></http>
<http pattern="/cart.html" security="none"></http>
<!--放行一些请求-->
<http pattern="/content/findByCategoryId.do" security="none"/>
<!-- entry-point-ref 入口点引用 开始 -->
<http use-expressions="false" entry-point-ref="casProcessingFilterEntryPoint">
<!-- 匿名角色 IS_AUTHENTICATED_ANONYMOUSLY -->
<intercept-url pattern="/cart/*.do" access="IS_AUTHENTICATED_ANONYMOUSLY"></intercept-url>
<intercept-url pattern="/itemSearch/*.do" access="IS_AUTHENTICATED_ANONYMOUSLY"></intercept-url>
<intercept-url pattern="/user/*.do" access="IS_AUTHENTICATED_ANONYMOUSLY"></intercept-url>
<intercept-url pattern="/content/*.do" access="IS_AUTHENTICATED_ANONYMOUSLY"></intercept-url>
<!--配置拦截器, 拦截所有请求, 应该具有ROLE_USER的权限才可以访问我们系统-->
<intercept-url pattern="/**" access="ROLE_USER"/>
<csrf disabled="true"/>
<!-- 过滤器面,custom-filter为过滤器,
position 表示将过滤器放在指定的位置上,
before表示放在指定位置之前 ,
after表示放在指定的位置之后 -->
<custom-filter ref="casAuthenticationFilter" position="CAS_FILTER" />
<!-- 本地登出的过滤器 -->
<custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
<!-- CAS登出的过滤器 -->
<custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
</http>
<!-- entry-point-ref 入口点引用 结束 -->
<!-- CAS入口点 开始 -->
<beans:bean id="casProcessingFilterEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<!-- 单点登录服务器登录URL -->
<beans:property name="loginUrl" value="http://10.30.35.88:9100/cas/login"/>
<!-- service相关属性 -->
<beans:property name="serviceProperties" ref="serviceProperties"/>
</beans:bean>
<beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<!--service 配置自身工程的根地址+/login/cas - 这里是固定写法 -->
<beans:property name="service" value="http://localhost:8084/login/cas"/>
</beans:bean>
<!-- CAS入口点 结束 -->
<!-- 认证过滤器 开始 -->
<beans:bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
</beans:bean>
<!-- 认证管理器 -->
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthenticationProvider"></authentication-provider>
</authentication-manager>
<!-- 认证提供者 -->
<beans:bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<beans:property name="authenticationUserDetailsService">
<beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:constructor-arg ref="userDetailsService" />
</beans:bean>
</beans:property>
<beans:property name="serviceProperties" ref="serviceProperties"/>
<!-- ticketValidator 为票据验证器 -->
<beans:property name="ticketValidator">
<beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<beans:constructor-arg index="0" value="http://10.30.35.88:9100/cas"/>
</beans:bean>
</beans:property>
<beans:property name="key" value="an_id_for_this_auth_provider_only"/>
</beans:bean>
<!-- 认证类 - 这个认证类是来做权限的,认证其实是交给cas来做的 -->
<beans:bean id="userDetailsService" class="pers.liuchengyin.core.service.UserDetailServiceImpl"/>
<!-- 认证过滤器 结束 -->
<!-- 单点登出 开始 -->
<beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
<!-- 经过此配置,当用户在地址栏输入本地工程 /logout/cas -->
<beans:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<!-- CAS服务端登出及跳转 -->
<beans:constructor-arg value="http://10.30.35.88:9100/cas/logout?service=http://localhost:8084"/>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/logout/cas"/>
</beans:bean>
<!-- 单点登出 结束 -->
</beans:beans>
四、创建认证类UserDetailServiceImpl
/**
* 自定义认证类:
* 在之前这里负责用户名密码的校验工作, 并给给当前用户赋予对应的访问权限
* 现在cas和springSecurity集成, 集成后, 用户名密码的校验工作交给cas完成, 所以能够进入到
* 这里类的方法中的都是已经成功认证的用户, 这里只需要给登录过的用户赋予对应的访问权限就可以
*/
public class UserDetailServiceImpl implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
List<GrantedAuthority> authorityList = new ArrayList<>();
//向权限集合中加入访问权限
authorityList.add(new SimpleGrantedAuthority("ROLE_USER"));
return new User(username, "", authorityList);
}
}
五、前端可以通过a标签等进行请求登录
<!-- 直接通过html -->
<a href="/login.html">登录</a>
<!-- 通过请求 -->
<a href="/login/cas">登录</a>
六、前端可以通过a标签进行注销
<!-- 注销 -->
<a href="/logout/cas">注销</a>
七、门户页面(index.html)无需登录可以访问的,登录之后它会默认跳到login.html页面。我们想要的是登录之后还是跳回index.html页面,具体应该怎么配置我也不太清楚
我这里的做法是弄个login.html页面进行中转,因为认证之后它会跳转到login.html页面来,如果后面有更好的方法再更新吧。
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<script>
location.href="index.html";
</script>
</body>
</html>
八、补充第七点,我又有一种做法,那就是不通过href属性进行跳转,而是做个单击事件。
<a href="#" @click="login()" style="padding-left: 10px;">登录</a>
通过发送请求先去查询是否已经登录, 如果没登录就会先去CAS认证中心登录认证。
login:function () {
axios.post("/redirect/login.do").then(response => {
if(!response.data.success){
location.href = '/redirect/back.do';
}else {
alert("已经登录!");
}
}).catch(reason => {
console.log(reason);
})
}
如果获取的登录账户是anonymousUser,则就是未登录。
<!-- 配置文件中需要允许访问这个地址 -->
<intercept-url pattern="/redirect/login.do" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
@RequestMapping("/redirect")
@Controller
public class RedirectController {
@PostMapping("/login")
@ResponseBody
public MessageResult login(){
MessageResult result = null;
String name = SecurityContextHolder.getContext().getAuthentication().getName();
if("anonymousUser".equals(name)){
result = new MessageResult(false,"未登录!请先登录!");
}else{
result = new MessageResult(true,"已经登录!");
}
return result;
}
如果没登录,前端会根据返回结果进行调用下面的方法,该方法里将浏览器的referer接收过来,这个referer就是发送请求前的url,重定向到这里即可。
@RequestMapping("back")
public String back(@RequestHeader(value = "referer",required = false) String referer){
if(!StringUtils.isEmpty(referer)){
return "redirect:" + referer;
}else{
return "/index.html";
}
}