cas+tomcat+shiro實現單點登陸-4-Apache Shiro 集成Cas做爲cas client端實現
目錄
4.Apache Shiro 集成Cas做爲cas client端實現web
Apache Shiro 集成Cas做爲cas client端實現
第一步、添加maven依賴
<!-- shiro依賴包 --> <!-- <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-quartz</artifactId> <version>${shiro.version}</version> </dependency> --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>${shiro.version}</version> </dependency> <!-- shiro-cas集成依賴包 --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-cas</artifactId> <version>${shiro.version}</version> </dependency>
第二步、添加spring-shiro.xml配置文件
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd" default-lazy-init="true"> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <!-- 設定角色的登陸連接,這裏爲cas登陸頁面的連接可配置回調地址 --> <property name="loginUrl" value="http://192.168.20.248:8080/cas/login?service=http://127.0.0.1:8080/nhmz/shiro-cas" /> <property name="successUrl" value="/index.htm"></property> <property name="filters"> <util:map> <entry key="casFilter" value-ref="casFilter" /> <entry key="logout" value-ref="logout" /> </util:map> </property> <property name="filterChainDefinitions"> <value> /shiro-cas=casFilter /logout.htm=logout /login.htm=authc /xzqh/**=authc /tjfx/**=authc /gxfw/**=authc /xtsz/**=authc /region/**=authc /shareApi/**=authc /**=anon </value> </property> </bean> <!-- shiro-cas登陸過濾器 --> <bean id="casFilter" class="org.apache.shiro.cas.CasFilter"> <!-- 配置驗證錯誤時的失敗頁面 ,這裏配置爲登陸頁面 --> <property name="failureUrl" value="http://192.168.20.248:8080/cas/login?service=http://127.0.0.1:8080/nhmz/shiro-cas" /> </bean> <!-- 退出登陸過濾器 --> <bean id="logout" class="org.apache.shiro.web.filter.authc.LogoutFilter"> <property name="redirectUrl" value="http://192.168.20.248:8080/cas/logout?service=http://127.0.0.1:8080/nhmz/index.htm" /> </bean>
<!-- 自定義casRealm --> <bean id="casRealm" class="com.ld.nhmz.shiro.MzCasRealm"> <!-- <property name="defaultRoles" value="ROLE_USER" /> --> <!-- 配置cas服務器地址 --> <property name="casServerUrlPrefix" value="http://192.168.20.248:8080/cas" /> <!-- 客戶端的回調地址設置,必須和上面的shiro-cas過濾器casFilter攔截的地址一致 --> <property name="casService" value="http://127.0.0.1:8080/nhmz/shiro-cas" /> </bean> <!--緩存機制 --> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml" /> </bean> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="casRealm" /> <property name="subjectFactory" ref="casSubjectFactory" /> <property name="cacheManager" ref="cacheManager" /> </bean> <!-- 若是要實現cas的remember me的功能,須要用到下面這個bean,並設置到securityManager的subjectFactory中 --> <bean id="casSubjectFactory" class="org.apache.shiro.cas.CasSubjectFactory" /> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager" /> <property name="arguments" ref="securityManager" /> </bean> </beans>
這裏因爲前端的每個操做shiro都會作登陸和權限認證,因此上面配置添加了緩存機制spring
因此在classpath目錄下還要添加緩存而配置文件ehcache-shiro.xml,配置以下:apache
<?xml version="1.1" encoding="UTF-8"?> <ehcache name="shirocache"> <diskStore path="java.io.tmpdir"/> <defaultCache maxElementsInMemory="2000" eternal="false" timeToIdleSeconds="120" timeToLiveSeconds="120" overflowToDisk="true" /> <!-- <cache name="diskCache" maxEntriesLocalHeap="2000" eternal="false" timeToIdleSeconds="300" timeToLiveSeconds="0" overflowToDisk="false" statistics="true"> </cache> --> <cache name="passwordRetryCache" maxElementsInMemory="2000" eternal="false" timeToIdleSeconds="300" timeToLiveSeconds="0" overflowToDisk="false" > </cache> <cache name="authorizationCache" maxElementsInMemory="2000" eternal="false" timeToIdleSeconds="1800" timeToLiveSeconds="0" overflowToDisk="false" > </cache> <cache name="authenticationCache" maxElementsInMemory="2000" eternal="false" timeToIdleSeconds="1800" timeToLiveSeconds="0" overflowToDisk="false" > </cache> <cache name="shiro-activeSessionCache" maxElementsInMemory="2000" eternal="false" timeToIdleSeconds="1800" timeToLiveSeconds="0" overflowToDisk="false" > </cache> </ehcache>
第三步、添加<bean id="casRealm" class="com.ld.nhmz.shiro.MzCasRealm">配置的自定義實現類
package com.ld.nhmz.shiro; import java.util.List; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.cas.CasRealm; import org.apache.shiro.subject.PrincipalCollection; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.transaction.annotation.Transactional; import com.ld.nhmz.ebo.SusRoleEntity; import com.ld.nhmz.ebo.SusUserEntity; import com.ld.nhmz.service.SusRolePermissionService; import com.ld.nhmz.service.SusRoleService; import com.ld.nhmz.service.SusUserService; //@Service @SuppressWarnings("deprecation") @Transactional(value = "nhmzTM") public class MzCasRealm extends CasRealm { @Autowired private SusUserService userService; @Autowired private SusRolePermissionService rolePermissionService; @Autowired private SusRoleService roleService; /** * 受權訪問控制,用於對用戶進行的操做進行人證受權,證實該用戶是否容許進行當前操做,如訪問某個連接,某個資源文件等 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { String username = (String) principals.getPrimaryPrincipal(); SusUserEntity user = userService.findByUsername(username); if (user != null) { SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); // 設置用戶的角色 String roleId = userService.getRoleIdFromUserId(user.getId()); SusRoleEntity roleEntity = roleService.getRole(roleId); if (null != roleEntity) authorizationInfo.addRole(roleEntity.getRolecode()); // 設置用戶對應的角色的權限集合 List<String> permissons; try { permissons = rolePermissionService.getPermissionIds2(roleId); for (String permission : permissons) { authorizationInfo.addStringPermission(permission); } } catch (Exception e) { e.printStackTrace(); } return authorizationInfo; } return null; } /** * 驗證用戶身份 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { return super.doGetAuthenticationInfo(token); } @Override public void clearCachedAuthorizationInfo(PrincipalCollection principals) { super.clearCachedAuthorizationInfo(principals); } @Override public void clearCachedAuthenticationInfo(PrincipalCollection principals) { super.clearCachedAuthenticationInfo(principals); } @Override public void clearCache(PrincipalCollection principals) { super.clearCache(principals); } public void clearAllCachedAuthorizationInfo() { getAuthorizationCache().clear(); } public void clearAllCachedAuthenticationInfo() { getAuthenticationCache().clear(); } public void clearAllCachedKickoutInfo() { } public void clearAllCache() { clearAllCachedAuthenticationInfo(); clearAllCachedAuthorizationInfo(); clearAllCachedKickoutInfo(); } }
第四步、將spring-shiro.xml配置文件導入到spring的配置文件中,注意配置文件間的相對路徑
第五步、web.xml中添加shiro過濾器
<!-- shiro filter的名字是shiroFilter,那麼在spring的配置文件中要有一個名字爲shiroFilter的bean --> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
以上步驟完成,shiro集成cas的步驟就完成了,實現了單點登陸和單點註銷登陸。緩存
相關文章
- 1. cas+tomcat+shiro實現單點登錄-4-Apache Shiro 集成Cas作爲cas client端實現
- 2. springboot 集成CAS 實現單點登陸
- 3. spring + shiro + cas 實現sso單點登陸
- 4. cas單點登陸實現
- 5. CAS實現單點登陸
- 6. springMVC集成shiro與cas實現SSO單點登陸
- 7. Shiro 集成 Cas 實現單點
- 8. springboot 集成CAS 實現單點登錄
- 9. CAS Client實現單點登錄原理
- 10. cas+shiro+spring 單點登陸
- 更多相關文章...
- • Hibernate實現增刪改查 - Hibernate教程
- • 現實生活中的 XML - XML 教程
- • ☆基於Java Instrument的Agent實現
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 字節跳動21屆秋招運營兩輪面試經驗分享
- 2. Java 3 年,25K 多嗎?
- 3. mysql安裝部署
- 4. web前端開發中父鏈和子鏈方式實現通信
- 5. 3.1.6 spark體系之分佈式計算-scala編程-scala中trait特性
- 6. dataframe2
- 7. ThinkFree在線
- 8. 在線畫圖
- 9. devtools熱部署
- 10. 編譯和鏈接
歡迎關注本站公眾號,獲取更多信息
