SpringBoot+CAS Client realizes single sign-on

SpringBoot+CAS Client realizes single sign-on

 

 

This article mainly introduces how to integrate CAS Client to realize the single sign-on function in the development process using SpringBoot.

Ready to work

(1) Build the CAS server (reference: https://blog.csdn.net/u014553029/article/details/88102311)
(2) Prepare an ordinary SpringBoot Web project

integrated

1. Introduce CAS client dependency

Introduce the dependency package of CAS Client in pom.xml. code show as below:

<dependency>
    <groupId>net.unicon.cas</groupId>
    <artifactId>cas-client-autoconfig-support</artifactId>
    <version>2.1.0-GA</version>
</dependency>

Two, placement

Add relevant configuration in application.properties or application.yml, the main configuration content includes the relevant address of the server, the relevant address of the client, etc. Here is application.yml, the configuration content is as follows:

cas:
  #后端服务地址
  client-host-url: http://127.0.0.1:8888
  #cas认证中心地址
  server-url-prefix: http://146.56.192.87:8080/cas
  #cas认证中心登录地址
  server-login-url: http://146.56.192.87:8080/cas/login
  validation-type: cas3

Three, add the enable annotation in the startup class

//启用CAS
@EnableCasClient
@SpringBootApplication
public class SpringBootSsoApplication {
    //省略部分内容
}

Fourth, write test methods

@Controller
public class TestController {

    @Value(value = "${cas.server-url-prefix}")
    private String serverUrlPrefix = "";

    @Value(value = "${cas.client-host-url}")
    private String clientHostUrl = "";

    @GetMapping("user")
    @ResponseBody
    public String user(HttpServletRequest request) {
        Assertion assertion = (Assertion) request.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
        String loginName = null;
        if (assertion != null) {
            AttributePrincipal principal = assertion.getPrincipal();
            loginName = principal.getName();
            System.out.println("访问者:" + loginName);
        }
        return "访问者:" + loginName;
    }

    @RequestMapping("/logout")
    public String logout(HttpSession session) {
        session.invalidate();
        return "redirect:" + serverUrlPrefix + "/logout?service=" + clientHostUrl + "/sso-client/user";
    }
}

Five, test login and logout

5.1 Login:

(1) Open the browser to visit: http://127.0.0.1:8888/sso-client/user
(2) Since there is no login, redirect to: http://146.56.192.87:8080/cas/login?service= http://127.0.0.1:8888/sso-client/user
(3) Enter the user name and password, click login, after success, jump to http://127.0.0.1:8888/sso-client/user

5.2 Exit:

(4) Visit: http://127.0.0.1:8888/sso-client/logout
(5) Cas finishes exiting and jumps to http://127.0.0.1:8888/sso-client/user, because of this address Need to log in, will still be redirected to the login interface

5.3 Single point of verification:

(6) When starting a client, the port is 8889 and the project name is sso-client1

(7) Visit: http://127.0.0.1:8889/sso-client1/user, to obtain user information directly without logging in. Single point authentication verification is completed.

note:

(1) Services that are not authenticated and authorized are not allowed to use CAS to authenticate the target application you visit.
Modify WEB-INF\classes\services\HTTPSandIMAPS-10000001.json

"serviceId" : "^(https|imaps)://.*"  
改为 
"serviceId" : "^(https|imaps|http)://.*"

（2）WEB-INF\classes\application.properties

# Service Registry(服务注册)
# 开启识别Json文件，默认false
cas.serviceRegistry.initFromJson=true
# 保存tgc
cas.tgc.secure=false
# 默认情况下退出登录时，页面将会跳转到CAS服务器内部的注销页面 casLogoutView.jsp ，
# 如果我们需要在退出登录后，跳转到指定页面,需要将下列参数设为true,在退出登录的url里需要添加service参数，
# 该参数指定在注销后需要跳转的页面,配置允许登出后跳转到指定页面
cas.logout.followServiceRedirects=true
#跳转到指定页面需要的参数名为 service(default)
cas.logout.redirectParameter=service
#在退出时是否需要 确认一下  true确认 false直接退出
cas.logout.confirmLogout=false
#是否移除子系统的票据
cas.logout.removeDescendantTickets=true