要在Spring Boot 2和MyBatis中集成CAS单点登录,你需要遵循以下步骤:
在你的pom.xml文件中添加Java CAS客户端库和Spring Security依赖:
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.6.3</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
创建一个名为CasConfig.java的新类,并添加以下代码:
import org.jasig.cas.client.cas20.Cas20ServiceTicketValidator;
import org.jasig.cas.client.config.Cas20Configuration;
import org.jasig.cas.client.config.Cas20ServiceRegistry;
import org.jasig.cas.client.config.SingleSignOutConfiguration;
import org.jasig.cas.client.util.CommonUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import javax.sql.DataSource;
import java.util.HashMap;
import java.util.Map;
@Configuration
public class CasConfig {
@Value("${cas.server.prefix}")
private String casServerPrefix;
@Bean
public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
return new Cas20ServiceTicketValidator(casServerPrefix);
}
@Bean
public Cas20Configuration cas20Configuration() {
Cas20Configuration configuration = new Cas20Configuration();
configuration.setServiceRegistry(casServiceRegistry());
configuration.setSingleSignOutEnabled(true);
configuration.setSignOutUrl(casServerPrefix + "/cas/logout");
return configuration;
}
@Bean
public Cas20ServiceRegistry casServiceRegistry() {
Map<String, String> serviceRegistry = new HashMap<>();
serviceRegistry.put("your-service-id", "http://localhost:8080/your-service-path");
return new Cas20ServiceRegistry(serviceRegistry);
}
@Bean
public SingleSignOutConfiguration singleSignOutConfiguration() {
SingleSignOutConfiguration configuration = new SingleSignOutConfiguration();
configuration.setCasServerLoginUrl(casServerPrefix + "/cas/login");
return configuration;
}
}
请根据你的CAS服务器信息替换casServerPrefix和your-service-id。
创建一个名为SecurityConfig.java的新类,并添加以下代码:
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Autowired
private UserDetailsService userDetailsService;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public SecurityContextLogoutHandler securityContextLogoutHandler() {
return new SecurityContextLogoutHandler();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login?logout")
.logoutHandler(securityContextLogoutHandler())
.permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public Cas20AuthenticationProvider cas20AuthenticationProvider() {
Cas20AuthenticationProvider provider = new Cas20AuthenticationProvider();
provider.setTicketValidator(cas20ServiceTicketValidator());
provider.setServiceRegistry(casServiceRegistry());
provider.setAuthenticationStrategy(new Cas20AuthenticationStrategy(cas20ServiceTicketValidator(), cas20Configuration(), casServiceRegistry()));
return provider;
}
}
在你的application.properties文件中添加以下配置,以便将CAS认证与MyBatis集成:
mybatis.mapper-locations=classpath:mapper/*.xml
mybatis.type-aliases-package=com.example.yourproject.domain
spring.datasource.url=jdbc:mysql://localhost:3306/your_database?useSSL=false&serverTimezone=UTC
spring.datasource.username=your_username
spring.datasource.password=your_password
创建一个名为LoginController.java的新类,并添加以下代码:
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
@Controller
public class LoginController {
@Autowired
private UserDetailsService userDetailsService;
@GetMapping("/login")
public String login() {
return "login";
}
@PostMapping("/login")
public String loginPost(AttributePrincipal principal) {
String username = principal.getName();
// 在这里验证用户凭据并设置UserDetails对象
return "redirect:/home";
}
@GetMapping("/logout")
public String logout() {
return "redirect:/login?logout";
}
}
创建一个名为HomeController.java的新类,并添加以下代码:
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
@Controller
public class HomeController {
@GetMapping("/home")
public String home() {
return "home";
}
}
现在,你已经成功地将Spring Boot 2、MyBatis和CAS单点登录集成在一起。用户可以通过访问/login URL进行登录,然后访问受保护的资源,如/home。用户还可以通过访问/logout URL进行注销。
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。
