security和CAS本质上都是一堆过滤器,只需要正确的配置这些过滤器就可以
第一步:导包
导入spring相关包,导入spring-security包,导入CAS客户端包
<properties>
<spring.version>4.2.4.RELEASE</spring.version>
</properties>
<artifactId>client3_security</artifactId>
<packaging>war</packaging>
<dependencies>
<!-- Spring -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aspects</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
</dependency>
<!--测试包-->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
<dependency>
<groupId>javassist</groupId>
<artifactId>javassist</artifactId>
<version>3.4.GA</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.5</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
</dependency>
<!--spring:security-->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.version}</version>
</dependency>
<!--引入依赖,security和cas的结合包-->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
<version>4.1.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.3.3</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.2</version>
<configuration>
<!-- 指定端口 -->
<port>9003</port>
<!-- 请求路径 -->
<path>/</path>
</configuration>
</plugin>
</plugins>
</build>第二步: web.xml配置文件
tomcat启动之后过滤器会先执行,我们配置的是过滤器链,然后监听器检测到content有变动,所以会加载其他的配置文件
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<!-- 解决post乱码 -->
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--用户通过浏览器访问,所以需要有dispatcher-->
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/springmvc.xml</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<!--将springsecurity导入进来-->
<!--监听器-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/spring-security.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!--过滤器部分-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
第三步:配置spiring-security.xml
tomcat只要一启动通过xml的监听器检测到content容器变化,然后就加载spring-security.xml
spring-security.xml 中的http标签就加载了xml中的过滤器
1 http 开始调用cas切入点,切入点过滤器就加载cas服务器地址和加载自身工程的根地址
2 http开始调用认证过滤器
3 http开始调用登出过滤器
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!--设置匿名访问-->
<http pattern="index2.jsp" security="none"></http>
<!--总调用,调用切入点-->
<http use-expressions="false" entry-point-ref="casProcessingFilterEntryPoint">
<!--拦截所有路径,通过需要有ROLE_USER权限才可以访问-->
<intercept-url pattern="/**" access="ROLE_USER"/>
<!--此处设置过滤器,position表示指定位置,befor表示指定位置前,atter指定位置后-->
<!--1 调用认证过滤器-->
<custom-filter ref="casAuthenticationFilter" position="CAS_FILTER"/>
<!--2 调用登出过滤器:CAS提供-->
<custom-filter ref="singleLogoutFilter" after="CAS_FILTER"/>
<!--3 调用登出过滤器:spring框架提供,请求登出-->
<custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
</http>
<!--==================一:以下是CAS切入点的二个bean:spring框架提供============================-->
<!--1 CAS切入口bean-->
<beans:bean id="casProcessingFilterEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<!--单击登录服务器登录url-->
<beans:property name="loginUrl" value="http://localhost:9100/cas/login"/>
<beans:property name="serviceProperties" ref="serviceProperties"/>
</beans:bean>
<!--2 用户自身工程配置类-->
<beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<!--配置自身工程的根地址-->
<beans:property name="service" value="http://localhost:9003/login/cas"/>
</beans:bean>
<!--CAS切入点结束-->
<!--==================二:以下是认证过滤器的bean==都是spring框架提供的==========================-->
<!--解释: 第一个bean:认证过滤器找=====>第二个bean认证管理器=====>找第三个bean:认证提供者-->
<!--认证过滤器-->
<beans:bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
</beans:bean>
<!--认证管理类-->
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthenticationProvider">
</authentication-provider>
</authentication-manager>
<!--认证提供者-->
<beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<!--1 认证类:spring框架提供-->
<beans:property name="authenticationUserDetailsService">
<beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:constructor-arg ref="userDetailsService"/>
</beans:bean>
</beans:property>
<!--2 票据验证器类:CAS提供-->
<beans:property name="ticketValidator">
<beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<!--cas服务器地址,客户端拿票据验证的地址-->
<beans:constructor-arg index="0" value="http://localhost:9100/cas"/>
</beans:bean>
</beans:property>
<!--3 用户自身工程配置类-->
<beans:property name="serviceProperties" ref="serviceProperties"/>
<!--4 固定写法-->
<beans:property name="key" value="an_id_for_this_auth_provider_only"/>
</beans:bean>
<!-- 认证类,用户自己定义的类,上面的bean引用此处,spring框架-->
<beans:bean id="userDetailsService" class="cn.itcast.demo.service.UserDetailsServiceImpl"/>
<!--==========================以下是单击登出2个bean====================================-->
<!--1 登出过滤器,CAS提供-->
<beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
<!--2 请求登出过滤器,spring框架提供-->
<beans:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg value="http://localhost:9100/cas/logout?service=http://www.baidu.com"/>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/logout/cas"/>
</beans:bean>
</beans:beans>
第四步:创建认证类
上面成配置文件中需要配置用户自定义认证类,所以这个就是配置的用户自定义认证类,注意这个不用加标签,实现接口就可以
package cn.itcast.demo.service;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.core.userdetails.UserDetailsService;
import java.util.ArrayList;
import java.util.List;
//用户自定义认证类
public class UserDetailsServiceImpl implements UserDetailsService{
//构建角色集合,正常开放从数据库获取角色权限
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
List<GrantedAuthority> authorityList=new ArrayList();
authorityList.add(new SimpleGrantedAuthority("ROLE_USER"));
//返回用户名,密码,和权限
//spring-security和cas结合之后,分工,用户名密码验证交给了cas,权限控制交给了security
return new User(username,"",authorityList);
}
}
第五步:测试
浏览器直接访问本项目的地址,就会跳转到登录页面,直接登录后另外两个项目都可以直接进入,而不用登录