Detailed explanation of spring boot configuration single sign-on case sharing-javaTutorial-php.cn

Home

Java

javaTutorial

Detailed explanation of spring boot configuration single sign-on case sharing

黄舟

Mar 24, 2017 am 10:36 AM

This article mainly introduces the detailed explanation of spring boot configuration single sign-on, commonly used Security FrameworkThere are spring security and apache shiro. The configuration and use of shiro are relatively simple. This article uses shrio to connect CAS services.

Overview

Enterprise. There is generally a single sign-on system internally (a commonly used implementation is apereo cas), and all internal system login authentications are connected to it. This article introduces how the spring boot program connects to CAS services.

Commonly used. The security frameworks include spring security and apache shiro. The configuration and use of shiro are relatively simple. This article uses shrio to connect to the CAS service.

Configuration

##New dependencies.

pom.

xmlNew:

<properties>
  <shiro.version>1.2.4</shiro.version>
 </properties>
<dependencies>
<!--Apache Shiro -->
  <dependency>
   <groupId>org.apache.shiro</groupId>
   <artifactId>shiro-spring</artifactId>
   <version>${shiro.version}</version>
  </dependency>
  <dependency>
   <groupId>org.apache.shiro</groupId>
   <artifactId>shiro-ehcache</artifactId>
   <version>${shiro.version}</version>
  </dependency>
  <dependency>
   <groupId>org.apache.shiro</groupId>
   <artifactId>shiro-cas</artifactId>
   <version>${shiro.version}</version>
  </dependency>
</dependencies>

spring boot configuration

application.properties

shiro.cas=https://cas.xxx.com # 这是CAS服务的地址
shiro.server=http://127.0.0.1:8080 # 自己应用的地址，测试使用127即可

Application configuration

Initialize shiro bean, just put the file under any sub-package, such as xxx.config, spring boot will automatically scan and load

@Configuration
public class ShiroCasConfiguration {
 private static final String casFilterUrlPattern = "/shiro-cas";

 @Bean
 public FilterRegistrationBean filterRegistrationBean() {
  FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
  filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter"));
  filterRegistration.addInitParameter("targetFilterLifecycle", "true");
  filterRegistration.setEnabled(true);
  filterRegistration.addUrlPatterns("/*");
  return filterRegistration;
 }

 @Bean(name = "lifecycleBeanPostProcessor")
 public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
  return new LifecycleBeanPostProcessor();
 }

 @Bean(name = "securityManager")
 public DefaultWebSecurityManager getDefaultWebSecurityManager(@Value("${shiro.cas}") String casServerUrlPrefix,
                 @Value("${shiro.server}") String shiroServerUrlPrefix) {
  DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
  CasRealm casRealm = new CasRealm();
  casRealm.setDefaultRoles("ROLE_USER");
  casRealm.setCasServerUrlPrefix(casServerUrlPrefix);
  casRealm.setCasService(shiroServerUrlPrefix + casFilterUrlPattern);
  securityManager.setRealm(casRealm);
  securityManager.setCacheManager(new MemoryConstrainedCacheManager());
  securityManager.setSubjectFactory(new CasSubjectFactory());
  return securityManager;
 }

 private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean) {
  Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();

  filterChainDefinitionMap.put(casFilterUrlPattern, "casFilter");
  filterChainDefinitionMap.put("/login", "anon");
  filterChainDefinitionMap.put("/bower_components/**", "anon");//可以将不需要拦截的静态文件目录加进去
  filterChainDefinitionMap.put("/logout","logout");
  filterChainDefinitionMap.put("/**", "authc");
  shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
 }

 /**
  * CAS Filter
  */
 @Bean(name = "casFilter")
 public CasFilter getCasFilter(@Value("${shiro.cas}") String casServerUrlPrefix,
         @Value("${shiro.server}") String shiroServerUrlPrefix) {
  CasFilter casFilter = new CasFilter();
  casFilter.setName("casFilter");
  casFilter.setEnabled(true);
  String loginUrl = casServerUrlPrefix + "/login?service=" + shiroServerUrlPrefix + casFilterUrlPattern;
  casFilter.setFailureUrl(loginUrl);
  return casFilter;
 }

 @Bean(name = "shiroFilter")
 public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager,
               CasFilter casFilter,
               @Value("${shiro.cas}") String casServerUrlPrefix,
               @Value("${shiro.server}") String shiroServerUrlPrefix) {
  ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
  shiroFilterFactoryBean.setSecurityManager(securityManager);
  String loginUrl = casServerUrlPrefix + "/login?service=" + shiroServerUrlPrefix + casFilterUrlPattern;
  shiroFilterFactoryBean.setLoginUrl(loginUrl);
  shiroFilterFactoryBean.setSuccessUrl("/");
  Map<String, Filter> filters = new HashMap<>();
  filters.put("casFilter", casFilter);
  LogoutFilter logoutFilter = new LogoutFilter();
  logoutFilter.setRedirectUrl(casServerUrlPrefix + "/logout?service=" + shiroServerUrlPrefix);
  filters.put("logout",logoutFilter);
  shiroFilterFactoryBean.setFilters(filters);

  loadShiroFilterChain(shiroFilterFactoryBean);
  return shiroFilterFactoryBean;
 }
}

Get the login user name in the program

After the above configuration is completed, you can get the login user name in the program

public String getUsername() {
  Subject subject = SecurityUtils.getSubject();
  if (subject == null || subject.getPrincipals() == null) {
   return DEFAULTUSER;
  }
  return (String) subject.getPrincipals().getPrimaryPrincipal();
 }

Summary

Shiro is relatively simple to use. When using it, you only need to modify application.properties

The above is the detailed content of Detailed explanation of spring boot configuration single sign-on case sharing. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Treatment of x² in curve integral: Why can the standard answer be ignored (1/3) x³?Apr 19, 2025 pm 08:06 PM

Questions about a curve integral This article will answer a curve integral question. The questioner had a question about the standard answer to a sample question...

What should I do if the Redis cache of OAuth2Authorization object fails in Spring Boot?Apr 19, 2025 pm 08:03 PM

In SpringBoot, use Redis to cache OAuth2Authorization object. In SpringBoot application, use SpringSecurityOAuth2AuthorizationServer...

In JDBC's PreparedStatement, why do you need to use a specific parameter type setting method instead of the general setObject method?Apr 19, 2025 pm 08:00 PM

JDBC...

Why can't the main class be found after copying and pasting the package in IDEA? Is there any solution?Apr 19, 2025 pm 07:57 PM

Why can't the main class be found after copying and pasting the package in IDEA? Using IntelliJIDEA...

Java multi-interface call: How to ensure that interface A is executed before interface B is executed?Apr 19, 2025 pm 07:54 PM

State synchronization between Java multi-interface calls: How to ensure that interface A is called after it is executed? In Java development, you often encounter multiple calls...

In Java programming, how to stop subsequent code execution when student ID is repeated?Apr 19, 2025 pm 07:51 PM

How to stop subsequent code execution when ID is repeated in Java programming. When learning Java programming, you often encounter such a requirement: when a certain condition is met,...

Ultimate consistency: What business scenarios are applicable to? How to ensure the consistency of the final data?Apr 19, 2025 pm 07:48 PM

In-depth discussion of final consistency: In the distributed system of application scenarios and implementation methods, ensuring data consistency has always been a major challenge for developers. This article...

After the Spring Boot service is running for a period of time, how to troubleshoot?Apr 19, 2025 pm 07:45 PM

The troubleshooting idea of SSH connection failure after SpringBoot service has been running for a period of time has recently encountered a problem: a Spring...

See all articles