Pac4j CAS集成与Shiro的配置教程 -- 知识铺
简介:
Pac4j 简介
Pac4j与Shiro,Spring Security一样都是权限框架,并且提供了OAuth - SAML - CAS - OpenID Connect - HTTP - OpenID - Google App Engine - Kerberos (SPNEGO) 的认证集成。且可以和shiro,security等权限框架集成。
Pac4j CAS认证流程
代码 关键部分
说明: pac4j-cas与shiro的集成是通过过滤器完成cas认证,提供相应的Pac4jRealm来与shiro集成。代码过多就不一一列出了,详细的请下载附件,附件中代码屏蔽了公司相关代码。自身项目需要保持CAS与非CAS并存所以把CAS登录固定到指定路径了。
POM
<span><!--cas认证 --></span>
<span><<span>dependency</span>></span>
<span><<span>groupId</span>></span>org.pac4j<span></<span>groupId</span>></span>
<span><<span>artifactId</span>></span>pac4j-cas<span></<span>artifactId</span>></span>
<span><<span>version</span>></span>3.8.3<span></<span>version</span>></span>
<span></<span>dependency</span>></span>
<span><!-- pac4j与shiro集成--></span>
<span><<span>dependency</span>></span>
<span><<span>groupId</span>></span>io.buji<span></<span>groupId</span>></span>
<span><<span>artifactId</span>></span>buji-pac4j<span></<span>artifactId</span>></span>
<span><<span>version</span>></span>4.1.1<span></<span>version</span>></span>
<span></<span>dependency</span>></span>
JAVA配置
<span>//Pac4jConfig.java 配置中</span>
<span>@Bean</span>
<span><span>public</span> CasConfiguration <span>casConfig</span><span>()</span> </span>{
<span>final</span> CasConfiguration configuration = <span>new</span> CasConfiguration();
<span>//CAS server登录地址</span>
configuration.setLoginUrl(casServerUrl + <span>"/login"</span>);
configuration.setAcceptAnyProxy(<span>true</span>);
configuration.setPrefixUrl(casServerUrl + <span>"/"</span>);
<span>//监控CAS服务端登出,登出后销毁本地session实现双向登出</span>
DefaultLogoutHandler logoutHandler = <span>new</span> DefaultLogoutHandler();
logoutHandler.setDestroySession(<span>true</span>);
configuration.setLogoutHandler(logoutHandler);
<span>return</span> configuration;
}
<span>//ShiroConfig.java 中</span>
<span>//shiro 过滤器配置中增加SecurityFilter,CallbackFilter ,LogoutFilter </span>
<span>@Bean</span>(<span>"shiroFilter"</span>)
<span><span>public</span> ShiroFilterFactoryBean <span>shirFilter</span><span>(SecurityManager securityManager)</span> </span>{
ShiroFilterFactoryBean shiroFilterFactoryBean = <span>new</span> ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
<span>//获取filters</span>
Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();
filters.put(<span>"authc"</span>, <span>new</span> MySystemFilter());
<span>// cas 资源认证拦截器</span>
SecurityFilter securityFilter = <span>new</span> SecurityFilter();
securityFilter.setConfig(exPac4jConfig);
securityFilter.setClients(clientName);
filters.put(<span>"securityFilter"</span>, securityFilter);
<span>//cas 认证后回调拦截器</span>
CallbackFilter callbackFilter = <span>new</span> CallbackFilter();
callbackFilter.setConfig(exPac4jConfig);
filters.put(<span>"callbackFilter"</span>, callbackFilter);
shiroFilterFactoryBean.setFilters(filters);
<span>// 本地登出同步登出CAS服务器</span>
LogoutFilter pac4jCentralLogout = <span>new</span> LogoutFilter();
pac4jCentralLogout.setConfig(exPac4jConfig);
pac4jCentralLogout.setCentralLogout(<span>true</span>);
pac4jCentralLogout.setLocalLogout(<span>true</span>);
filters.put(<span>"pac4jCentralLogout"</span>, pac4jCentralLogout);
<span>//拦截器.</span>
Map<String, String> filterChainDefinitionMap = <span>new</span> LinkedHashMap<String, String>();
filterChainDefinitionMap.put(<span>"/logout"</span>, <span>"logout"</span>);
filterChainDefinitionMap.put(<span>"/pac4jCentralLogout"</span>, <span>"pac4jCentralLogout"</span>);
filterChainDefinitionMap.put(<span>"/cas"</span>, <span>"securityFilter"</span>);
filterChainDefinitionMap.put(<span>"/callback"</span>, <span>"callbackFilter"</span>);
filterChainDefinitionMap.put(<span>"/**"</span>, <span>"authc"</span>);
shiroFilterFactoryBean.setLoginUrl(<span>"/login"</span>);
shiroFilterFactoryBean.setSuccessUrl(<span>"index"</span>);
shiroFilterFactoryBean.setUnauthorizedUrl(<span>"/error/403"</span>);
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
<span>return</span> shiroFilterFactoryBean;
}
<span>@Bean</span>
<span><span>public</span> SecurityManager <span>securityManager</span><span>()</span> </span>{
DefaultWebSecurityManager securityManager = <span>new</span> DefaultWebSecurityManager();
securityManager.setAuthenticator(exModularRealmAuthenticator());
List<Realm> realms = <span>new</span> ArrayList<>();
realms.add(exSystemRealm());
<span>// casRealm继承Pac4jRealm 与shiro的Realm使用方法相同</span>
realms.add(casRealm);
securityManager.setRealms(realms);
securityManager.setCacheManager(redisCacheManager());
<span>//增加pac4jSubjectFactory</span>
securityManager.setSubjectFactory(pac4jSubjectFactory);
securityManager.setRememberMeManager(cookieRememberMeManager());
securityManager.setSessionManager(sessionManager());
<span>return</span> securityManager;
}
问题
- 默认配置不支持CAS登出本地项目退出
重写ShiroSessionStore见ExShiroSessionStore.java
附件:链接: https://pan.baidu.com/s/1E-6uTYpOFn2ldAxd_k0XvQ 提取码: 8nhx
参考资料
https://www.cnblogs.com/suiyueqiannian/p/9359597.html
http://www.pac4j.org/docs/index.html
https://github.com/bujiio/buji-pac4j
https://github.com/gkaigk1987/shiro-pac4j-cas-demo
- 原文作者:知识铺
- 原文链接:https://index.zshipu.com/geek001/post/20240428/Pac4j-CAS%E9%9B%86%E6%88%90%E4%B8%8EShiro%E7%9A%84%E9%85%8D%E7%BD%AE%E6%95%99%E7%A8%8B--%E7%9F%A5%E8%AF%86%E9%93%BA/
- 版权声明:本作品采用知识共享署名-非商业性使用-禁止演绎 4.0 国际许可协议进行许可,非商业转载请注明出处(作者,原文链接),商业转载请联系作者获得授权。
- 免责声明:本页面内容均来源于站内编辑发布,部分信息来源互联网,并不意味着本站赞同其观点或者证实其内容的真实性,如涉及版权等问题,请立即联系客服进行更改或删除,保证您的合法权益。转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。也可以邮件至 sblig@126.com
