SpringBoot中Shiro使用Pac4j集成CAS认证

SpringBoot中Shiro使用Pac4j集成CAS认证

Pac4j 简介

Pac4j与Shiro，Spring Security一样都是权限框架，并且提供了OAuth - SAML - CAS - OpenID Connect - HTTP - OpenID - Google App Engine - Kerberos (SPNEGO) 的认证集成。且可以和shiro,security等权限框架集成。

 

Pac4j CAS认证流程
<ignore_js_op>
代码 关键部分

说明: pac4j-cas与shiro的集成是通过过滤器完成cas认证，提供相应的Pac4jRealm来与shiro集成。代码过多就不一一列出了，详细的请下载附件，附件中代码屏蔽了公司相关代码。自身项目需要保持CAS与非CAS并存所以把CAS登录固定到指定路径了。

POM

[XML] 纯文本查看 复制代码

?

01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68

>[font=-apple-system, system-ui, Segoe UI, Helvetica, Arial, sans-serif][color=#24292e][b]<!--cas认证 -->[/b][/color][/font][/align][align=left][font=-apple-system, system-ui, Segoe UI, Helvetica, Arial, sans-serif][color=#24292e][b]        <dependency>[/b][/color][/font][/align][align=left][font=-apple-system, system-ui, Segoe UI, Helvetica, Arial, sans-serif][color=#24292e][b]            <groupId>org.pac4j</groupId>[/b][/color][/font][/align][align=left][font=-apple-system, system-ui, Segoe UI, Helvetica, Arial, sans-serif][color=#24292e][b]            <artifactId>pac4j-cas</artifactId>[/b][/color][/font][/align][align=left][font=-apple-system, system-ui, Segoe UI, Helvetica, Arial, sans-serif][color=#24292e][b]            <version>3.8.3</version>[/b][/color][/font][/align][align=left][font=-apple-system, system-ui, Segoe UI, Helvetica, Arial, sans-serif][color=#24292e][b]        </dependency>[/b][/color][/font][/align][align=left][font=-apple-system, system-ui, Segoe UI, Helvetica, Arial, sans-serif][color=#24292e][b]<!-- pac4j与shiro集成-->[/b][/color][/font][/align][align=left][font=-apple-system, system-ui, Segoe UI, Helvetica, Arial, sans-serif][color=#24292e][b]        <dependency>[/b][/color][/font][/align][align=left][font=-apple-system, system-ui, Segoe UI, Helvetica, Arial, sans-serif][color=#24292e][b]            <groupId>io.buji</groupId>[/b][/color][/font][/align][align=left][font=-apple-system, system-ui, Segoe UI, Helvetica, Arial, sans-serif][color=#24292e][b]            <artifactId>buji-pac4j</artifactId>[/b][/color][/font][/align][align=left][font=-apple-system, system-ui, Segoe UI, Helvetica, Arial, sans-serif][color=#24292e][b]            <version>4.1.1</version>[/b][/color][/font][/align][align=left][font=-apple-system, system-ui, Segoe UI, Helvetica, Arial, sans-serif][color=#24292e][b]        </dependency>[/b][/color][/font]/mw_shl_code][/align][align=left]JAVA配置[/align][align=left][mw_shl_code=java,true]//Pac4jConfig.java 配置中  @Bean  public CasConfiguration casConfig() {   final CasConfiguration configuration = new CasConfiguration();   //CAS server登录地址   configuration.setLoginUrl(casServerUrl + "/login");   configuration.setAcceptAnyProxy(true);   configuration.setPrefixUrl(casServerUrl + "/");   //监控CAS服务端登出，登出后销毁本地session实现双向登出   DefaultLogoutHandler logoutHandler = new DefaultLogoutHandler();   logoutHandler.setDestroySession(true);   configuration.setLogoutHandler(logoutHandler);   return configuration;  } //ShiroConfig.java 中 //shiro 过滤器配置中增加SecurityFilter，CallbackFilter ，LogoutFilter  @Bean("shiroFilter")  public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {   ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();   shiroFilterFactoryBean.setSecurityManager(securityManager);   //获取filters   Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();   filters.put("authc", new MySystemFilter());   // cas 资源认证拦截器   SecurityFilter securityFilter = new SecurityFilter();   securityFilter.setConfig(exPac4jConfig);   securityFilter.setClients(clientName);   filters.put("securityFilter", securityFilter);   //cas 认证后回调拦截器   CallbackFilter callbackFilter = new CallbackFilter();   callbackFilter.setConfig(exPac4jConfig);   filters.put("callbackFilter", callbackFilter);   shiroFilterFactoryBean.setFilters(filters);   // 本地登出同步登出CAS服务器   LogoutFilter pac4jCentralLogout = new LogoutFilter();   pac4jCentralLogout.setConfig(exPac4jConfig);   pac4jCentralLogout.setCentralLogout(true);   pac4jCentralLogout.setLocalLogout(true);   filters.put("pac4jCentralLogout", pac4jCentralLogout);   //拦截器.   Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();   filterChainDefinitionMap.put("/logout", "logout");   filterChainDefinitionMap.put("/pac4jCentralLogout", "pac4jCentralLogout");   filterChainDefinitionMap.put("/cas", "securityFilter");   filterChainDefinitionMap.put("/callback", "callbackFilter");   filterChainDefinitionMap.put("/**", "authc");   shiroFilterFactoryBean.setLoginUrl("/login");   shiroFilterFactoryBean.setSuccessUrl("index");   shiroFilterFactoryBean.setUnauthorizedUrl("/error/403");   shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);   return shiroFilterFactoryBean;  }  @Bean  public SecurityManager securityManager() {   DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();   securityManager.setAuthenticator(exModularRealmAuthenticator());   List<Realm> realms = new ArrayList<>();   realms.add(exSystemRealm());  // casRealm继承Pac4jRealm 与shiro的Realm使用方法相同   realms.add(casRealm);   securityManager.setRealms(realms);   securityManager.setCacheManager(redisCacheManager());  //增加pac4jSubjectFactory   securityManager.setSubjectFactory(pac4jSubjectFactory);   securityManager.setRememberMeManager(cookieRememberMeManager());   securityManager.setSessionManager(sessionManager());   return securityManager;  }

问题

• 默认配置不支持CAS登出本地项目退出

重写ShiroSessionStore见ExShiroSessionStore.java

附件：链接: https://pan.baidu.com/s/1E-6uTYpOFn2ldAxd_k0XvQ 提取码: 8nhx

更多技术资讯可关注:itheimaGZ获取