搭建cas服务:
下地址:https://pan.baidu.com/s/1KknAn9lHNHUYKsqeJOqrHw 提取码:jz8u
dos窗口打开
D:projectguangfacas-overlay-template-5.2 执行命令build.cmd run
页面:http://127.0.0.1:8443/cas/login
默认用户名和密码:casuser/Mellon
spring-shiro.xml:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd" default-lazy-init="true"> <!-- 注册自定义CasRealm --> <bean id="casRealm" class="com.micropattern.urp.common.shiro.UserRealm"> <property name="casServerUrlPrefix" value="${shiro.cas.casServerUrlPrefix}" /> <property name="casService" value="${shiro.cas.casService}" /> </bean> <!-- Session DAO 继承自EnterpriseCacheSessionDAO--> <bean id="shiroSessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO" /> <!-- sessionIdCookie的实现,用于重写覆盖容器默认的JSESSIONID --> <bean id="shiroSimpleCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> <constructor-arg name="name" value="SHAREJSESSIONID" /> <property name="maxAge" value="-1" /> </bean> <!-- shiro结合session会话管理 --> <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> <property name="globalSessionTimeout" value="-1" /> <property name="sessionDAO" ref="shiroSessionDAO" /> <property name="sessionIdCookie" ref="shiroSimpleCookie" /> <property name="sessionValidationSchedulerEnabled" value="true" /> </bean> <!-- 如果要实现cas的remember me的功能,需要用到下面这个bean,并设置到securityManager的subjectFactory中 --> <bean id="casSubjectFactory" class="org.apache.shiro.cas.CasSubjectFactory" /> <!-- shiro缓存管理 --> <bean id="shiroCacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager" /> <!-- 配置securityManager --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="casRealm" /> <property name="sessionManager" ref="sessionManager" /> <property name="cacheManager" ref="shiroCacheManager" /> <property name="subjectFactory" ref="casSubjectFactory" /> </bean> <!-- 单点登录过滤器 --> <bean id="casFilter" class="org.apache.shiro.cas.CasFilter"> <property name="failureUrl" value="${shiro.failureUrl}" /> <property name="successUrl" value="${shiro.successUrl}" /> </bean> <!--单点登出过滤器--> <bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter"> <!-- <property name="redirectUrl" value="http://127.0.0.1:8443/cas/login/logout?service=http://127.0.0.1:8080/urp/login" /> --> <property name="redirectUrl" value="${shiro.logoutUrl}" /> </bean> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="${shiro.loginUrl}" /> <property name="successUrl" value="/" /> <property name="filters"> <map> <entry key="logout" value-ref="logoutFilter" /> <entry key="cas" value-ref="casFilter" /> </map> </property> <property name="filterChainDefinitions"> <value> /logouts = logout /login = cas /logout = anon /manage/* = anon /** = authc </value> </property> </bean> <!-- 配置lifecycleBeanPostProcessor,shiro bean的生命周期管理器 --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> <!-- 配置DefaultAdvisorAutoProxyCreator,必须配置了lifecycleBeanPostProcessor才能使用 --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true" /> </bean> <!-- 配置AuthorizationAttributeSourceAdvisor --> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager" /> </bean> <!-- 自动注入properties属性文件 --> <bean id="configProperties" class="org.springframework.beans.factory.config.PropertiesFactoryBean"> <property name="locations"> <list> <value>classpath:conf/shiro.properties</value> </list> </property> </bean> </beans>
UserRealm:
/** * Copyright (c) 2020, All Rights Reserved. * */ package com.micropattern.urp.common.shiro; import java.util.HashSet; import java.util.Set; import org.apache.commons.lang3.StringUtils; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.cas.CasRealm; import org.apache.shiro.subject.PrincipalCollection; import org.springframework.beans.factory.annotation.Autowired; import com.micropattern.urp.domain.entity.cas.CasUser; import com.micropattern.urp.domain.entity.permission.Permission; import com.micropattern.urp.domain.entity.role.Role; import com.micropattern.urp.domain.service.cas.CasUserService; import com.micropattern.urp.facade.cas.CasUserFacade; /** * shiro管理<br/> * * @author zuo * @Date 2020年4月13日 下午2:10:29 * @since 1.0.0 * */ @SuppressWarnings("deprecation") public class UserRealm extends CasRealm { @Autowired private CasUserFacade casUserFacade; @Autowired private CasUserService casUserService; // 授权认证 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { System.out.println("=============执行授权逻辑================"); Set<String> set = new HashSet<>();// 权限集合 // 给资源进行授权 SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(); String userName = (String) principals.getPrimaryPrincipal(); CasUser user = casUserService.findByUserName(userName); Set<Role> roles = user.getRoles(); for (Role role : roles) { Set<Permission> permissions = role.getPermissions(); for (Permission permission : permissions) { set.add(permission.getUrl()); } } simpleAuthorizationInfo.addStringPermissions(set); return simpleAuthorizationInfo; } // 登录认证 @Override public AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) { System.out.println("=============执行认证逻辑================"); //调用CasRealm实现的认证方法,其包含验证ticket、填充CasToken的principal等操作) AuthenticationInfo authc = super.doGetAuthenticationInfo(token); if(authc == null){ return null; } String username = (String) authc.getPrincipals().getPrimaryPrincipal(); if(StringUtils.isBlank(username)){ return null; } CasUser user = casUserService.findByUserName(username); if(user == null){ casUserFacade.save(username); user = casUserService.findByUserName(username); } if (user != null) { //将用户信息放在session SecurityUtils.getSubject().getSession().setAttribute("user", user); return authc; } else { return null; } } // 自定义密码校验 /*@Override public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) { super.setCredentialsMatcher(new CustomCredentialsMatcher()); }*/ // 清空权限缓存 public void clearCachedAuthorization() { clearCachedAuthorizationInfo(SecurityUtils.getSubject().getPrincipals()); } }
shiro.properties:
#dev shiro.cas.casServerUrlPrefix=http://127.0.0.1:8443/cas shiro.cas.casService=http://127.0.0.1:8080/urp/login shiro.successUrl=manage/home shiro.failureUrl=http://127.0.0.1:8443/cas/login?service=http://127.0.0.1:8080/urp/login shiro.loginUrl=http://127.0.0.1:8443/cas/login?service=http://127.0.0.1:8080/urp/login shiro.logoutUrl=http://127.0.0.1:8443/cas/logout?service=http://127.0.0.1:8080/urp/logout #uat #shiro.cas.casServerUrlPrefix=http://jichen.test.smart-zone.gf.com.cn:8090/cas #shiro.cas.casService=http://10.2.145.28:8080/gf-oms/login #shiro.successUrl=manage/home #shiro.failureUrl=http://jichen.test.smart-zone.gf.com.cn:8090/cas/login?service=http://10.2.145.28:8080/gf-oms/login #shiro.loginUrl=http://jichen.test.smart-zone.gf.com.cn:8090/cas/login?service=http://10.2.145.28:8080/gf-oms/login #shiro.logoutUrl=http://jichen.test.smart-zone.gf.com.cn:8090/cas/logout?service=http://10.2.145.28:8080/gf-oms/logout #prod #shiro.cas.casServerUrlPrefix=http://127.0.0.1:8443/cas #shiro.cas.casService=http://127.0.0.1:8080/urp/login #shiro.successUrl=manage/home #shiro.failureUrl=http://127.0.0.1:8443/cas/login?service=http://127.0.0.1:8080/urp/login #shiro.loginUrl=http://127.0.0.1:8443/cas/login?service=http://127.0.0.1:8080/urp/login #shiro.logoutUrl=http://127.0.0.1:8443/cas/logout?service=http://127.0.0.1:8080/urp/logout