security和CAS本质上都是一堆过滤器,只需要正确的配置这些过滤器就可以
第一步:导包
导入spring相关包,导入spring-security包,导入CAS客户端包
<properties>
<spring.version>4.2.4.RELEASE</spring.version>
</properties>
<artifactId>client3_security</artifactId>
<packaging>war</packaging>
<dependencies>
<!-- Spring -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aspects</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
</dependency>
<!--测试包-->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
<dependency>
<groupId>javassist</groupId>
<artifactId>javassist</artifactId>
<version>3.4.GA</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.5</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
</dependency>
<!--spring:security-->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.version}</version>
</dependency>
<!--引入依赖,security和cas的结合包-->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
<version>4.1.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.3.3</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.2</version>
<configuration>
<!-- 指定端口 -->
<port>9003</port>
<!-- 请求路径 -->
<path>/</path>
</configuration>
</plugin>
</plugins>
</build>
第二步: web.xml配置文件
tomcat启动之后过滤器会先执行,我们配置的是过滤器链,然后监听器检测到content有变动,所以会加载其他的配置文件
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"> <!-- 解决post乱码 --> <filter> <filter-name>CharacterEncodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>utf-8</param-value> </init-param> <init-param> <param-name>forceEncoding</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>CharacterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!--用户通过浏览器访问,所以需要有dispatcher--> <servlet> <servlet-name>springmvc</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring/springmvc.xml</param-value> </init-param> <load-on-startup>2</load-on-startup> </servlet> <servlet-mapping> <servlet-name>springmvc</servlet-name> <url-pattern>*.do</url-pattern> </servlet-mapping> <!--将springsecurity导入进来--> <!--监听器--> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring/spring-security.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!--过滤器部分--> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>
第三步:配置spiring-security.xml
tomcat只要一启动通过xml的监听器检测到content容器变化,然后就加载spring-security.xml
spring-security.xml 中的http标签就加载了xml中的过滤器
1 http 开始调用cas切入点,切入点过滤器就加载cas服务器地址和加载自身工程的根地址
2 http开始调用认证过滤器
3 http开始调用登出过滤器
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!--设置匿名访问--> <http pattern="index2.jsp" security="none"></http> <!--总调用,调用切入点--> <http use-expressions="false" entry-point-ref="casProcessingFilterEntryPoint"> <!--拦截所有路径,通过需要有ROLE_USER权限才可以访问--> <intercept-url pattern="/**" access="ROLE_USER"/> <!--此处设置过滤器,position表示指定位置,befor表示指定位置前,atter指定位置后--> <!--1 调用认证过滤器--> <custom-filter ref="casAuthenticationFilter" position="CAS_FILTER"/> <!--2 调用登出过滤器:CAS提供--> <custom-filter ref="singleLogoutFilter" after="CAS_FILTER"/> <!--3 调用登出过滤器:spring框架提供,请求登出--> <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/> </http> <!--==================一:以下是CAS切入点的二个bean:spring框架提供============================--> <!--1 CAS切入口bean--> <beans:bean id="casProcessingFilterEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"> <!--单击登录服务器登录url--> <beans:property name="loginUrl" value="http://localhost:9100/cas/login"/> <beans:property name="serviceProperties" ref="serviceProperties"/> </beans:bean> <!--2 用户自身工程配置类--> <beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"> <!--配置自身工程的根地址--> <beans:property name="service" value="http://localhost:9003/login/cas"/> </beans:bean> <!--CAS切入点结束--> <!--==================二:以下是认证过滤器的bean==都是spring框架提供的==========================--> <!--解释: 第一个bean:认证过滤器找=====>第二个bean认证管理器=====>找第三个bean:认证提供者--> <!--认证过滤器--> <beans:bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"> <beans:property name="authenticationManager" ref="authenticationManager"/> </beans:bean> <!--认证管理类--> <authentication-manager alias="authenticationManager"> <authentication-provider ref="casAuthenticationProvider"> </authentication-provider> </authentication-manager> <!--认证提供者--> <beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> <!--1 认证类:spring框架提供--> <beans:property name="authenticationUserDetailsService"> <beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper"> <beans:constructor-arg ref="userDetailsService"/> </beans:bean> </beans:property> <!--2 票据验证器类:CAS提供--> <beans:property name="ticketValidator"> <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <!--cas服务器地址,客户端拿票据验证的地址--> <beans:constructor-arg index="0" value="http://localhost:9100/cas"/> </beans:bean> </beans:property> <!--3 用户自身工程配置类--> <beans:property name="serviceProperties" ref="serviceProperties"/> <!--4 固定写法--> <beans:property name="key" value="an_id_for_this_auth_provider_only"/> </beans:bean> <!-- 认证类,用户自己定义的类,上面的bean引用此处,spring框架--> <beans:bean id="userDetailsService" class="cn.itcast.demo.service.UserDetailsServiceImpl"/> <!--==========================以下是单击登出2个bean====================================--> <!--1 登出过滤器,CAS提供--> <beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/> <!--2 请求登出过滤器,spring框架提供--> <beans:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <beans:constructor-arg value="http://localhost:9100/cas/logout?service=http://www.baidu.com"/> <beans:constructor-arg> <beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/> </beans:constructor-arg> <beans:property name="filterProcessesUrl" value="/logout/cas"/> </beans:bean> </beans:beans>
第四步:创建认证类
上面成配置文件中需要配置用户自定义认证类,所以这个就是配置的用户自定义认证类,注意这个不用加标签,实现接口就可以
package cn.itcast.demo.service; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.UserDetailsService; import java.util.ArrayList; import java.util.List; //用户自定义认证类 public class UserDetailsServiceImpl implements UserDetailsService{ //构建角色集合,正常开放从数据库获取角色权限 public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { List<GrantedAuthority> authorityList=new ArrayList(); authorityList.add(new SimpleGrantedAuthority("ROLE_USER")); //返回用户名,密码,和权限 //spring-security和cas结合之后,分工,用户名密码验证交给了cas,权限控制交给了security return new User(username,"",authorityList); } }
第五步:测试
浏览器直接访问本项目的地址,就会跳转到登录页面,直接登录后另外两个项目都可以直接进入,而不用登录