CAS客户端是maven工程
pom.xml
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.gaopeng</groupId> <artifactId>springsecurity</artifactId> <version>1.0-SNAPSHOT</version> <packaging>war</packaging> <name>springsecurity Maven Webapp</name> <properties> <spring.version>4.2.4.RELEASE</spring.version> </properties> <dependencies> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context-support</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-jdbc</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>2.5</version> <scope>provided</scope> </dependency> <dependency> <groupId>org.jasig.cas.client</groupId> <artifactId>cas-client-core</artifactId> <version>3.3.3</version> <exclusions> <exclusion> <groupId>org.slf4j</groupId> <artifactId>log4j-over-slf4j</artifactId> </exclusion> </exclusions> </dependency> <!-- Spring Security相关依赖--> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-cas</artifactId> <version>${spring.version}</version> </dependency> </dependencies> </project>
web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0"> <display-name>SpringSecurity</display-name> <!-- 加載spring security的配置文件(其实就是spring配置文件) --> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring/spring-security.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!--Spring Security过滤器,做资源权限的拦截和验证,过滤所有的请求--> <!-- filter-name是spring security内置好的过滤器名称,固定要是:springSecurityFilterChain --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 字符编码过滤器 --> <filter> <filter-name>encodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> <init-param> <param-name>forceEncoding</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- spring前端控制器(分发器) --> <servlet> <servlet-name>springmvc</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <!-- contextConfigLocation配置springmvc加载的配置文件(配置文件中需要配置处理器映射器、适配器等等) 如果不配置contextConfigLocation,默认加载的是/WEB-INF/servlet名称-servlet.xml(springmvc-servlet.xml) --> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring/springmvc.xml</param-value> </init-param> <!-- 1.表示tomcat服务器启动时加载当前的Servlet(Servlet默认是在被访问的时候才会创建) 2.数字表示加载的顺序 1为优先加载 --> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>springmvc</servlet-name> <!-- 第一种:*.do 访问.do结尾的DispatcherServlet进行解析 第二种:/ 所有访问的地址都由DispatcherServlet进行解析,对于静态文件的解析需要配置不让DispatcherServlet进行解析 使用此种方式可以实现RESTful风格的url,但这导致了静态资源被拦截 第三种:/* 这样配置不对,使用这种配置,最终转发到一个jsp页面时,仍然会由DispatcherServlet解析jsp,不能根据jsp页面找到handler,会报错。 --> <url-pattern>/</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> </welcome-file-list> </web-app>
spring/spring-security.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:p="http://www.springframework.org/schema/p" xmlns:util="http://www.springframework.org/schema/util" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd "> <!-- 扫描包 --> <context:component-scan base-package="com.gaopeng.controller"/> <!--配置静态资源路径--> <mvc:resources location="/images/" mapping="/images/**" /> <!-- 注解驱动 --> <mvc:annotation-driven></mvc:annotation-driven> <!-- 视图解析器:对转向页面的路径解析。prefix:前缀, suffix:后缀 --> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix" value="/WEB-INF/view/"/> <property name="suffix" value=".jsp"/> </bean> <!--引入SpringSecurity配置文件--> <!--<import resource="spring-security.xml"/>--> </beans>
spring/springmvc.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:p="http://www.springframework.org/schema/p" xmlns:util="http://www.springframework.org/schema/util" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd "> <!-- 扫描包 --> <context:component-scan base-package="com.gaopeng.controller"/> <!--配置静态资源路径--> <mvc:resources location="/images/" mapping="/images/**" /> <!-- 注解驱动 --> <mvc:annotation-driven></mvc:annotation-driven> <!-- 视图解析器:对转向页面的路径解析。prefix:前缀, suffix:后缀 --> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix" value="/WEB-INF/view/"/> <property name="suffix" value=".jsp"/> </bean> <!--引入SpringSecurity配置文件--> <!--<import resource="spring-security.xml"/>--> </beans>
index.jsp
<%@ page contentType="text/html; charset=gb2312"%> <html> <head> <meta http-equiv="Content-Type" content="text/html charset=gb2312"> <title>首页</title> </head> <body> list list list..... <br/> <br/> <br/> <a href="/logout/cas">退出登录</a> </body> </html>
WEB-INF/view/list.jsp
<%@ page contentType="text/html; charset=gb2312"%> <html> <head> <meta http-equiv="Content-Type" content="text/html charset=gb2312"> <title>首页</title> </head> <body> list list list..... <br/> <br/> <br/> <a href="/logout/cas">退出登录</a> </body> </html>
WEB-INF/view/login.jsp
<%@ page contentType="text/html; charset=gb2312"%> <html> <head> <meta http-equiv="Content-Type" content="text/html charset=gb2312"> <title>首页</title> </head> <body> 您已经登录成功... <br/> <br/> <br/> <a href="/logout/cas">退出登录</a> </body> </html>
WEB-INF/view/logout.jsp
<%@ page contentType="text/html; charset=gb2312"%> <html> <head> <meta http-equiv="Content-Type" content="text/html charset=gb2312"> <title>退出</title> </head> <body> <h2>您已经退出了系统</h2> </body> </html>
com.gaopeng.controller.UserController
package com.gaopeng.controller; import com.gaopeng.service.UserDetailServiceImpl; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletResponse; @Controller @RequestMapping("/admin/user") public class UserController { @RequestMapping("/login") public String login(HttpServletResponse response) { return "login"; } @RequestMapping("/list") public String list(HttpServletResponse response) { System.out.println(UserDetailServiceImpl.userMap); Cookie cookie = new Cookie("username", UserDetailServiceImpl.userMap.get("username")); cookie.setDomain("localhost"); response.addCookie(cookie); return "list"; } }
com.gaopeng.service.UserDetailServiceImpl
package com.gaopeng.service; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import java.io.UnsupportedEncodingException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; public class UserDetailServiceImpl implements UserDetailsService { public static Map<String, String> userMap = new HashMap<String, String>(); public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { try { username = new String(username.getBytes(), "utf-8"); System.out.println(System.currentTimeMillis() + "=用户名:" + username); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } String password = ""; //这里可以加载用户的角色或者做一些其它的校验 List<GrantedAuthority> grantedList = new ArrayList<GrantedAuthority>(); grantedList.add(new SimpleGrantedAuthority("ROLE_ADMIN")); grantedList.add(new SimpleGrantedAuthority("ROLE_USER")); User user = new User(username, password, grantedList); userMap.put("username", username); return user; } }
spring/spring-security.xml