Shulou(Shulou.com)06/01 Report--

This article mainly introduces springboot integration cas5.3 how to achieve sso single sign-on, the article is very detailed, has a certain reference value, interested friends must read it!

What is single sign-on?

Single sign-on (Single Sign On), referred to as SSO for short, is one of the most popular solutions for enterprise business integration. SSO is defined as that in multiple application systems, users only need to log in once to access all the applications that trust each other.

There are many subsystems in our current system, and these subsystems are deployed in different servers, so it is impossible to use the traditional session, we need to use the relevant single sign-on technology to solve.

The SSO single sign-on access process mainly includes the following steps:

Access service: the SSO client sends a request to access the service resources provided by the application system.

Directed authentication: the SSO client redirects the user request to the SSO server.

User authentication: user identity authentication.

Issue a ticket: the SSO server generates a random Service Ticket.

Authentication ticket: the SSO server verifies the validity of the ticket Service Ticket and allows the client to access the service after the verification is passed.

Transfer user information: after the SSO server verifies the ticket, it transmits the user authentication result information to the client.

Cas server deployment

Address: https://github.com/apereo/cas-overlay-template/tree/5.3

1. Decompress the downloaded zip package

2. Use the maven command to package after decompression

Mvn package

3. Rename the war package generated under target to cas.war and put it under tomcat

4. Start tomcat

5. Find the extracted file

Since cas is based on https protocol by default, you need to change it to be compatible with http protocol. Open your corresponding directory file:

D:\ tomcat8\ webapps\ cas\ WEB-INF\ classes\ application.properties

Modify the application.properties file to add the following configuration, using http

# using http protocol cas.tgc.secure=falsecas.serviceRegistry.initFromJson=true# since the default port used by https protocol is 8443, we still need to modify it to port 8080 server.port=8080 of tomcat

Modify the HTTPSandIMAPS-10000001.json file

D:\ tomcat8\ webapps\ cas\ WEB-INF\ classes\ services directory HTTPSandIMAPS-10000001.json

Change the original serviceId content to the following

"serviceId": "^ (https | http | imaps): / /. *"

Compatible with http modification completed.

Modify the login user name and password in the configuration

Cas.authn.accept.users=yyh::123456

After the cas server has been built, restart tomcat for testing. Enter the following address in the browser to access it.

Http://localhost:8080/cas/login

The server has been set up and can be logged out by login.

Cas client building

Add the following dependency to the pom.xml of the newly created springboot project (match the corresponding version)

Net.unicon.cas cas-client-autoconfig-support 2.3.0-GA

Create a new application.properties under resources

Server.port=8088#cas server address cas.server-url-prefix= http://localhost:8080/cas#cas server login address cas.server-login-url= http://localhost:8080/cas/login# current server address (client) cas.client-host-url= http://localhost:8081#Ticket verifier uses Cas30ProxyReceivingTicketValidationFiltercas.validation-type=cas3

Add comments to the Application startup class

Import net.unicon.cas.client.configuration.EnableCasClient;import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication;// enables cas@EnableCasClient@SpringBootApplicationpublic class CasClient2Application {public static void main (String [] args) {SpringApplication.run (CasClient2Application.class, args);}}

Controller of the first client

Import org.jasig.cas.client.authentication.AttributePrincipal;import org.jasig.cas.client.validation.Assertion;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RestController;import javax.servlet.http.HttpSession;import static org.jasig.cas.client.util.AbstractCasFilter.CONST_CAS_ASSERTION;@RestControllerpublic class controller {@ RequestMapping ("/ sso-test1") public String test1 (HttpSession session) {Assertion assertion = (Assertion) session.getAttribute (CONST_CAS_ASSERTION) AttributePrincipal principal = assertion.getPrincipal (); String loginName = principal.getName (); return "sso-test1, current login account" + loginName;}}

Just add one client, add another client exit port, and the rest is basically the same.

Controller of the second client

Import org.jasig.cas.client.authentication.AttributePrincipal;import org.jasig.cas.client.validation.Assertion;import org.springframework.boot.autoconfigure.EnableAutoConfiguration;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RestController;import javax.servlet.http.HttpSession;import static org.jasig.cas.client.util.AbstractCasFilter.CONST_CAS_ASSERTION @ RestControllerpublic class controller {@ RequestMapping ("/ sso-test2") public String test1 (HttpSession session) {Assertion assertion = (Assertion) session.getAttribute (CONST_CAS_ASSERTION); AttributePrincipal principal = assertion.getPrincipal (); String loginName = principal.getName (); return "sso-test222222, current login account" + loginName;}}

Effect.

Access http://localhost:8081/sso-test1 without logging in

Skip directly to the login interface and bring the callback address with it.

Access the second client http://localhost:8082/sso-test2

It's the same as the first one. This time we'll log in to any one.

After logging in, the callback interface is executed to refresh the address of the first client

Also logged in successfully.

Configure unified logout

Add logout interface controller

/ * * automatically redirect the custom interface * @ param request * @ return * / @ RequestMapping ("/ system/logout1") public String logout1 (HttpServletRequest request) {HttpSession session = request.getSession (); session.invalidate (); return "redirect: http://localhost:8080/cas/logout?service=http://localhost:8081/system/logoutSuccess"; after exit } / * * exit success page * @ return * / @ RequestMapping ("/ system/logoutSuccess") @ ResponseBodypublic String logoutSuccess () {return "test1 quit successfully!" ;}

Set cas Certification Authority to allow redirect redirection

Open the application.properties file in your cas certification authority and add the following configuration

# allow you to jump to cas.logout.followServiceRedirects=true after logging out

Create a new config profile

Import org.jasig.cas.client.authentication.AuthenticationFilter;import org.jasig.cas.client.session.SingleSignOutFilter;import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;import org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter;import org.springframework.boot.web.servlet.FilterRegistrationBean;import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import java.util.EventListener;import java.util.HashMap Import java.util.Map;@Configurationpublic class config {/ / cas Certification Service Center address private static final String CAS_SERVER_URL_PREFIX = "http://localhost:8080/cas/"; / / cas Certification Service Center system login address private static final String CAS_SERVER_URL_LOGIN =" http://localhost:8080/cas/login"; / / the address of your own client 1 private static final String SERVER_NAME = "http://localhost:8081/"; / * description: login filter * @ param: [] * @ return: org.springframework.boot.web.servlet.FilterRegistrationBean * / @ Bean public FilterRegistrationBean filterSingleRegistration () {FilterRegistrationBean registration = new FilterRegistrationBean (); registration.setFilter (new SingleSignOutFilter ()) / / set the matching path registration.addUrlPatterns ("/ *"); Map initParameters = new HashMap (); initParameters.put ("casServerUrlPrefix", CAS_SERVER_URL_PREFIX); registration.setInitParameters (initParameters); / / set the loading order registration.setOrder (1); return registration } / * description: filter verifier * * @ param: [] * @ return: org.springframework.boot.web.servlet.FilterRegistrationBean * / @ Bean public FilterRegistrationBean filterValidationRegistration () {FilterRegistrationBean registration = new FilterRegistrationBean (); registration.setFilter (new Cas30ProxyReceivingTicketValidationFilter ()); / / set matching path registration.addUrlPatterns ("/ *") Map initParameters = new HashMap (); initParameters.put ("casServerUrlPrefix", CAS_SERVER_URL_PREFIX); initParameters.put ("serverName", SERVER_NAME); initParameters.put ("useSession", "true"); registration.setInitParameters (initParameters); / / set loading order registration.setOrder (1); return registration } / * description: authorization filter * @ param: [] * @ return: org.springframework.boot.web.servlet.FilterRegistrationBean * / @ Bean public FilterRegistrationBean filterAuthenticationRegistration () {FilterRegistrationBean registration = new FilterRegistrationBean (); registration.setFilter (new AuthenticationFilter ()); / / set matching path registration.addUrlPatterns ("/ *"); Map initParameters = new HashMap () InitParameters.put ("casServerLoginUrl", CAS_SERVER_URL_LOGIN); initParameters.put ("serverName", SERVER_NAME); / / set ignore logout and do not log in to initParameters.put ("ignorePattern", "/ system/*"); registration.setInitParameters (initParameters); / / set the loading order registration.setOrder (1); return registration } / * wraper filter * @ return * / @ Bean public FilterRegistrationBean filterWrapperRegistration () {FilterRegistrationBean registration = new FilterRegistrationBean (); registration.setFilter (new HttpServletRequestWrapperFilter ()); / / set matching path registration.addUrlPatterns ("/ *"); / / set loading order registration.setOrder (1); return registration } / * add listeners * @ return * / @ Bean public ServletListenerRegistrationBean singleSignOutListenerRegistration () {ServletListenerRegistrationBean registrationBean = new ServletListenerRegistrationBean (); registrationBean.setListener (new SingleSignOutHttpSessionListener ()); registrationBean.setOrder (1); return registrationBean;}}

Client 2 is much the same as client 1, so that you can log out one system, and all systems log out.

The above is all the content of the article "how to achieve sso single sign-on with springboot Integrated cas5.3". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.