springmvc集成cas,並解決先後端分離狀況
1.最近項目須要集成已經存在的cas系統。 可是目前已集成的系統都是jsp。而咱們項目是先後端分離開發(僞),沒有分開部署。javascript
2.cas原理就不介紹了 網上例子不少。基本都是使用302重定向實現的。html
下面介紹一下本身是怎麼解決先後端分離的cas集成方式。前端
springmvc集成cas配置:java
<security:http create-session="always" auto-config='false' entry-point-ref="casEntryPoint" use-expressions="true">
<security:intercept-url pattern="/index.html" access="hasRole('APP_USER')" />
<security:intercept-url pattern="/redirect.html" access="hasRole('APP_USER')" />//由於是僞先後端分離 這2個url攔截是爲了用戶直接刷新頁面時觸發未登陸狀況跳轉cas登陸頁使用。 index.html是個人主頁
<security:intercept-url pattern="/mvc/dispatch/**" access="hasRole('APP_USER')" /> --5.0不用帶ROLE_開頭
<security:csrf disabled="true" />
<security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<security:custom-filter ref="casFilter" position="CAS_FILTER" />
<security:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
<security:custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />
<security:session-management
session-authentication-strategy-ref="sas" />
</security:http>
<!-- <security:global-method-security pre-post-annotations="enabled" /> -->
<bean id="redirectSessionInformationExpiredStrategy"
class="org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy">
<constructor-arg name="invalidSessionUrl" value="/goLogin.html" />
</bean>
<bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<constructor-arg name="sessionInformationExpiredStrategy" ref="redirectSessionInformationExpiredStrategy" />
</bean>
<bean id="sas"
class="org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy">
<constructor-arg>
<list>
<bean
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy">
<constructor-arg ref="sessionRegistry" />
<property name="maximumSessions" value="1" />
</bean>
<!-- <bean
class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy">
</bean> -->
<bean
class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy">
<constructor-arg ref="sessionRegistry" />
</bean>
</list>
</constructor-arg>
</bean>
<bean id="sessionRegistry"
class="org.springframework.session.security.SpringSessionBackedSessionRegistry">
<constructor-arg ref="sessionRepository" />
</bean>
<security:authentication-manager alias="authManager">
<security:authentication-provider ref="casAuthProvider" />
</security:authentication-manager>
<bean id="singleLogoutFilter" class="com.cas.XXSingleSignOutFilter" />
<bean id="XXUrlLogoutSuccessHandler" class="com.cas.XXUrlLogoutSuccessHandler">
<constructor-arg value="${cas.server.protocol}://${cas.server.host}/cas/logout?service=" />
</bean>
<bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter" p:filterProcessesUrl="/j_spring_cas_security_logout"> 單點登出地址。
<constructor-arg ref="XXUrlLogoutSuccessHandler" />
<constructor-arg>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
</constructor-arg>
</bean>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties" p:sendRenew="false" p:service="${cas.service.protocol}://${cas.service.host}/${cas.service.web}/mvc/dispatch/login/cas" p:authenticateAllArtifacts="true" /> cas回調驗證地址 5.0版本默認是攔截 /login/cas路徑。若是要重寫 需定義與filterProcessesUrl一致
<bean id="casEntryPoint" class="com.cas.XXCasAuthenticationEntryPoint" p:serviceProperties-ref="serviceProperties" p:loginUrl="${cas.server.protocol}://${cas.server.host}/cas/login" /> cas登陸地址
<bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"
p:authenticationManager-ref="authManager"
p:serviceProperties-ref="serviceProperties"
p:filterProcessesUrl="/mvc/dispatch/login/cas">
<property name="authenticationDetailsSource">
<bean class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource">
<constructor-arg ref="serviceProperties" />
</bean>
</property>
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" p:defaultFailureUrl="/casfailed.html" /> cas回調驗證失敗地址
</property>
</bean>
<bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider" p:serviceProperties-ref="serviceProperties" p:key="an_id_for_this_auth_provider_only">
<property name="authenticationUserDetailsService">
<bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<constructor-arg ref="casUserDetailsService" />
</bean>
</property>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg value="${cas.server.protocol}://${cas.server.host}/cas" />
</bean>
</property>
</bean>
重點講幾個配置。因爲先後端分離採用json交互,而cas是302重定向。 則咱們須要改變cas入口點,不能使用默認的point。重寫 CasAuthenticationEntryPoint爲XXCasAuthenticationEntryPoint。jquery
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jasig.cas.client.util.CommonUtils;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.util.Assert;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URLEncoder;
/**
* 重寫默認的實現,添加了向CAS註冊服務時候參數帶上sessionId,sessionId主要用於配合單點登出時候兼容集羣模式
*/
public class XXCasAuthenticationEntryPoint implements AuthenticationEntryPoint, InitializingBean {
private static final Log logger = LogFactory.getLog(XXCasAuthenticationEntryPoint.class);
private ServiceProperties serviceProperties;
private String loginUrl;
@Value("${cas.portal.url}")
private String casPortalUrl;
/**
* @deprecated
*/
@Deprecated
private boolean encodeServiceUrlWithSessionId = true;
public HisCasAuthenticationEntryPoint() {
}
public void afterPropertiesSet() throws Exception {
Assert.hasLength(this.loginUrl, "loginUrl must be specified");
Assert.notNull(this.serviceProperties, "serviceProperties must be specified");
Assert.notNull(this.serviceProperties.getService(), "serviceProperties.getService() cannot be null.");
}
public final void commence(HttpServletRequest servletRequest, HttpServletResponse response, AuthenticationException authenticationException) throws IOException, ServletException {
System.out.println(servletRequest.getRequestURI()+"-"+servletRequest.getRequestURL());
HttpSession session=servletRequest.getSession();
DefaultSavedRequest saveReq=(DefaultSavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST");
String urlEncodedService = this.createServiceUrl(servletRequest, response);
String redirectUrl = this.createRedirectUrl(urlEncodedService);
this.preCommence(servletRequest, response);
System.out.println("hisCAsAUTH---------------------------------------------");
if(servletRequest.getParameter("sso_ticket")!=null){//爲電力醫院統一平臺認證添加票據號
response.sendRedirect(redirectUrl + "&ticket=" + servletRequest.getParameter("sso_ticket"));
}else{
if("/index.html".equals(saveReq.getServletPath())){//若是是主頁則跳轉redirect.html獲取token信息
response.sendRedirect(saveReq.getRequestURL()+"redirect.html");
}else if("/redirect.html".equals(saveReq.getServletPath())){ //若是當前是redirect且未登陸則直接跳轉cas登陸頁。這樣cas登陸成功後跳轉到redirect.html會直接觸發頁面ajax請求獲取到token,而後跳轉主頁
response.sendRedirect(redirectUrl + "?" + servletRequest.getSession().getId());
}else{
//設置重定向url加上sessionId
//response.sendRedirect(redirectUrl + "?" + servletRequest.getSession().getId());
response.setContentType("application/json");
response.setStatus(200);
PrintWriter writer = response.getWriter(); //URLEncoder.encode(serviceUrl, "UTF-8")
writer.write("{\"casError\":\"4111\",\"redirect\":\"" + redirectUrl + "?" + servletRequest.getSession().getId() + "\",\"portalUrl\":\""+casPortalUrl+ "?" + servletRequest.getSession().getId() +"\"}");
}
}
}
protected String createServiceUrl(HttpServletRequest request, HttpServletResponse response) {
return CommonUtils.constructServiceUrl((HttpServletRequest) null, response, this.serviceProperties.getService(), (String) null, this.serviceProperties.getArtifactParameter(), this.encodeServiceUrlWithSessionId);
}
protected String createRedirectUrl(String serviceUrl) {
return CommonUtils.constructRedirectUrl(this.loginUrl, this.serviceProperties.getServiceParameter(), serviceUrl, this.serviceProperties.isSendRenew(), false);
}
protected void preCommence(HttpServletRequest request, HttpServletResponse response) {
}
public final String getLoginUrl() {
return this.loginUrl;
}
public final ServiceProperties getServiceProperties() {
return this.serviceProperties;
}
public final void setLoginUrl(String loginUrl) {
this.loginUrl = loginUrl;
}
public final void setServiceProperties(ServiceProperties serviceProperties) {
this.serviceProperties = serviceProperties;
}
/**
* @deprecated
*/
@Deprecated
public final void setEncodeServiceUrlWithSessionId(boolean encodeServiceUrlWithSessionId) {
this.encodeServiceUrlWithSessionId = encodeServiceUrlWithSessionId;
}
/**
* @deprecated
*/
@Deprecated
protected boolean getEncodeServiceUrlWithSessionId() {
return this.encodeServiceUrlWithSessionId;
}
}
如上,若是觸發cas跳轉則改爲返回json數據 。前端判斷指定狀態碼,而後進行對應操做。具體 看下方前端介紹。 cas-client 3.5.0版本提供了這種接口。我這裏使用的是 3.2.1版本。 angularjs
requestSingleLogoutFilter是登出處理過濾器。主要是用來過濾客戶端發起登出請求。XXUrlLogoutSuccessHandler 主要是用來處理登出後,再次登陸跳轉地址問題。web
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.util.StringUtils;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URLEncoder;
/**
* Handles the navigation on logout by delegating to the
* {@link org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler} base class logic.
*
*/
public class HisUrlLogoutSuccessHandler extends AbstractAuthenticationTargetUrlRequestHandler implements LogoutSuccessHandler {
@Value("${cas.portal.url}")
private String casPortalUrl;
private String casUrl;
public HisUrlLogoutSuccessHandler(String casUrl) {
this.casUrl = casUrl;
}
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
String result = casUrl + URLEncoder.encode(casPortalUrl, "UTF-8");
if (StringUtils.hasText(result)) {
setDefaultTargetUrl(result);
}
super.handle(request, response, authentication);
}
}
XXSingleSignOutFilter主要用來處理單點登出。官方默認實現是 做廢當前session。我集成了spring session。使用官方默認就能夠。這裏記錄一下一種集羣session刪除思路。(redis)ajax
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jasig.cas.client.session.SessionMappingStorage;
import org.jasig.cas.client.session.SingleSignOutHandler;
import org.jasig.cas.client.util.AbstractConfigurationFilter;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.util.XmlUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.session.data.redis.RedisOperationsSessionRepository;
import com.asdc.jbp.hisLogin.util.CommonHelper;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.concurrent.atomic.AtomicBoolean;
/**
* 過濾器用於配置判斷請求是不是退出系統請求,若是是退出系統請求將清空session緩存。
*/
public class XXSingleSignOutFilter extends AbstractConfigurationFilter {
private static final Log logger = LogFactory.getLog(HisSingleSignOutFilter.class);
@Autowired
private RedisOperationsSessionRepository repository;
@Value("${local.ip:000.000.000.000}")
private String localIp;
private static final SingleSignOutHandler handler = new SingleSignOutHandler();
private AtomicBoolean handlerInitialized = new AtomicBoolean(false);
public HisSingleSignOutFilter() {
}
public void init(FilterConfig filterConfig) throws ServletException {
if (!this.isIgnoreInitConfiguration()) {
handler.setArtifactParameterName(this.getPropertyFromInitParams(filterConfig, "artifactParameterName", "ticket"));
handler.setLogoutParameterName(this.getPropertyFromInitParams(filterConfig, "logoutParameterName", "logoutRequest"));
}
handler.init();
}
public void setArtifactParameterName(String name) {
handler.setArtifactParameterName(name);
}
public void setLogoutParameterName(String name) {
handler.setLogoutParameterName(name);
}
public void setSessionMappingStorage(SessionMappingStorage storage) {
handler.setSessionMappingStorage(storage);
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
if (handler.isTokenRequest(request)) {
handler.recordSession(request);
} else {
if (handler.isLogoutRequest(request)) {
handler.destroySession(request);
/**
* 配合session共享機制,經過cas server記錄的sessionId刪除session在redis中的緩存,這一步驟主要用於業務集羣后,在反向代理狀況下,單點登出時候cas server登出請求隨機請求.
**/
String logoutMessage = CommonUtils.safeGetParameter(request, "logoutRequest");
String sessionId = XmlUtils.getTextForElement(logoutMessage, "SessionId");
System.out.println("單點刪除-----------------------------------");
repository.delete(sessionId);
logger.info("logout session id is:" + sessionId +";local is is :" + this.localIp + ";cas server ip is:" + CommonHelper.analyzeClientIpAddress(request) + ";logout project is:" + ((HttpServletRequest) servletRequest).getContextPath());
return;
}
this.log.trace("Ignoring URI " + request.getRequestURI());
}
filterChain.doFilter(servletRequest, servletResponse);
}
public void destroy() {
}
protected static SingleSignOutHandler getSingleSignOutHandler() {
return handler;
}
}
cas配置基本如上。記錄一下spring security 登陸部分。redis
import java.util.Collection;
import java.util.LinkedList;
import javax.annotation.Resource;
import org.springframework.beans.factory.config.ConfigurableBeanFactory;
import org.springframework.context.annotation.Scope;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@Service("casUserDetailsService")
@Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
@Transactional(readOnly = false)
public class CasUserDetailsServiceImpl implements UserDetailsService {
@Resource
private UserService userService;
@SuppressWarnings("finally")
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserDetailImpl userDetail = new UserDetailImpl();
try {
System.out.println("查詢用戶信息--------------------------");
User user = userService.queryUserByAccount(username);
// 複製查詢到的用戶信息到實現類
userDetail.setUserId(user.getUserId());
userDetail.setPassword(user.getPasswd());
userDetail.setUserName(username);
Collection<GrantedAuthority> authorities = new LinkedList<GrantedAuthority>();
/* List<GrantedAuthority> authorities = authorizationService.getAuthorities(token.getFunc());*/
authorities.add(new SimpleGrantedAuthority("ROLE_APP_USER"));
userDetail.setAuthorities(authorities);
/*Token token = authorizationService.getUserTokenByUserId(user);
Authentication auth = new PreAuthenticatedAuthenticationToken(token, token.getUser(), authorities);
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);*/
} catch (ServiceException e) {
e.printStackTrace();
} finally {
return userDetail;
}
}
}
根據cas返回的用戶名查詢 用戶信息。 此處角色名稱必須帶上 ROLE_.spring
因爲項目中獲取用戶信息時本身組裝的 sessionDTO。並且是直接從httpsession中獲取。故須要設置攔截器,注入用戶信息。
servlet.xml中配置
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/dispatch/**" />
<bean class="com.xx.interceptor.UserSessionInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
public class UserSessionInterceptor extends HandlerInterceptorAdapter {
@Resource
private AuthorizationService authorizationService;
@Resource(name = "")
private UserService userService;
@Autowired
private CompositeSessionAuthenticationStrategy sas;
static Logger log=LoggerFactory.getLogger(UserSessionInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
HttpSession session = request.getSession();
Object user = session.getAttribute("tUser");
if(user==null){
UserDetailImpl userDetail=(UserDetailImpl) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
User originalUser =new User();
originalUser.setUserCode(userDetail.getUsername());
originalUser.setPasswd(userDetail.getPassword());
try {
originalUser = userService.queryTUserbyUserCodeAndPwd(originalUser);
userService.queryAllDeptsAndAreas(originalUser);
//根據userId構造session用戶。
Token token = authorizationService.getUserTokenByUserId(originalUser);
long loginTime = System.currentTimeMillis();
session.setAttribute("tUser", token.getUser());
session.setAttribute("loginUserCode", token.getUser().getUserCode());
session.setAttribute("token", token);
session.setAttribute("loginTime", loginTime);
Authentication auth = new PreAuthenticatedAuthenticationToken(token.getUser().getAccount(), token.getUser(),
null);
auth.setAuthenticated(true);
sas.onAuthentication(auth, request, response);
} catch (Exception e) {
log.error("session攔截器查詢用戶信息出錯"+e);
}finally{
return true;
}
}
return true;
}
}
這樣就能保證 cas回調回來訪問 controller能跟普通登陸獲取的session值同樣。
重點來了!!前端如何處理
前面說了是返回json數據。那麼前端必須攔截請求返回值,而且在返回以前 處理好cas單點登陸。
我前端使用的是angularjs。故設置一個http請求攔截器便可。angular也有對應的攔截器。
var MetronicApp = angular.module("MetronicApp", [ "ui.router", "ui.bootstrap",
"pascalprecht.translate",// 國際化
'mgcrea.ngStrap' // 彈框插件
]);
/*
*添加http攔截
*/
MetronicApp.config([ '$httpProvider', function($httpProvider) {
$httpProvider.interceptors.push('httpInterceptor');
$httpProvider.defaults.headers.post = {
'Content-Type' : 'application/x-www-form-urlencoded'
}
if (!$httpProvider.defaults.headers.get) {
$httpProvider.defaults.headers.get = {};
}
;
$httpProvider.defaults.headers.common["X-Requeste-with"] = "XMLHttpRequest";
$httpProvider.defaults.headers.get['Cache-Control'] = 'no-cache';
$httpProvider.defaults.headers.get['pragma'] = 'no-cache'
} ]);
MetronicApp.factory('httpInterceptor', [ '$q', '$injector', '$rootScope', '$window', '$timeout', function($q, $injector, $rootScope, $window, $timeout) {
var httpInterceptor = {
'responseError' : function(response) {
var sign = 1;
if (response.status == 404) {
var rootScope = $injector.get('$rootScope');
console.info(rootScope);
var state = $injector.get('$rootScope').$state.current.name;
console.info(state);
rootScope.stateBeforLogin = state;
rootScope.$state.go("home");
return $q.reject(response);
} else if (response.status == 417) {
return $q.reject(response);
} else if (response.status == 401) {
$window.location.href = "./#/403.html";
return $q.reject(response);
} else if (response.status == 500)
return $q.reject(response);
}
;
return $q.reject(response);
},
'response' : function(response) {
if(response.status==200 && response.data.casError=='4111'){ //前端先判斷當前是否登陸,若是未登陸獲取後端url進行cas跳轉判斷。 4111是後端定義的返回碼
$.ajax({
//幾個參數須要注意一下
type: "GET",//方法類型
dataType: "html",//預期服務器返回的數據類型
async: false, //同步是爲了給當前業務請求返回數據。
url: response.data.redirect+"&method=POST" ,//url 加上method=POST 可讓cas將ST以頁面形式返回。 注意我這裏將 cas服務端作了跨域處理。 必須設置授信證書。要不ajax有時候被瀏覽器攔截沒法訪問cas。
xhrFields: {
withCredentials: true // 這裏設置了withCredentials 爲了帶上cookie
},
success: function (result) {
console.log(result);//打印服務端返回的數據(調試用)
if(result.indexOf("id=\"fm1\"")>0){ //判斷是否cas登陸頁。若是是登陸頁則跳轉登陸頁。
alert("當前帳號未登陸,請先登陸");
window.location.href="./redirect.html";
}
//若是不是登陸頁我這裏直接正則匹配了返回的請求回調地址。
var reg=/action=\"(.*?)\"/g;
console.log(result.match(reg));
var url=result.match(reg)[0].replace(/action=\"/,"").replace(/\"/,"");
console.log(url);
var st_reg=/ST(.*?)\<\/textarea\>/g;
var st_val=result.match(st_reg)[0].replace(/\<\/textarea\>/,"");
console.log(st_val);
//拿到回調地址 拼接ticket 再次訪問便可拿到 業務請求的返回值。
$.ajax({
//幾個參數須要注意一下
type: "POST",//方法類型
dataType: "json",//預期服務器返回的數據類型
async: false,
url: url+"&ticket="+st_val ,//url
xhrFields: {
withCredentials: true // 這裏設置了withCredentials
},
success: function (result) {
console.log(result);//打印服務端返回的數據(調試用)
response.data=result; //將業務請求返回值返回。 response是當前業務請求的響應。
},
error : function(error) {
alert("異常!");
}
});
},
error : function(error) {
alert("異常!");
}
});
}
return response;
},
'request' : function(config) {
//處理AJAX請求(不然後臺IsAjaxRequest()始終false)
config.headers['X-Requested-With'] = 'XMLHttpRequest';
return config || $q.when(config);
},
'requestError' : function(config) {
return $q.reject(config);
}
}
return httpInterceptor;
} ]);
// 登陸
MetronicApp.controller('redirectCtrl',function($scope, $http, $window, $q, $interval, $rootScope,$timeout) {
var storage = window.sessionStorage;
var storageLocal = window.localStorage;
var loginParams = {};
var loginData = mergeReauestData('LoginController','getToken',loginParams);
var loginResult = sendPost($http,loginData, $q);
loginResult.then(function(success) {
var loginResult = JSON.parse(success);
// 登陸成功後,存儲用戶信息到storage的操做放到main.js中,頁面初始化時
var token = loginResult.token;
var userinfo = loginResult.token.user;
storage.setItem('token',JSON.stringify(token));
storage.setItem('userinfo',JSON.stringify(userinfo));
storageLocal.setItem('loginTime',loginResult.loginTime);
// 登陸的時候存放下
setCookie("userId",userinfo.userId);
$window.location.href = "./#/home.html";
},function(error) {
windowAlert(JSON.parse(error).errMsg);
});
});
// # sourceURL=RedirectController.js
由於我是測試可行性故我在前端主頁前加了一層。正常應該在主頁中配置如上方法。由於個人redirect.html被攔截了 因此跳轉會觸發302重定向至cas。而後cas登陸後又會重定向至redirect.html 。最後頁面ajax請求加載token,即實現了登陸。
若是是先後端分開部署應該在ajax請求中再加一層去設置登陸後的跳轉主頁。個人想法是:因爲cas-client是將上一次訪問頁面都存儲在了 session中 (SPRING_SECURITY_SAVED_REQUEST這麼個key值中)。能夠寫一個接口讓security不攔截 去設置主頁 這樣也能夠實現。(DefaultSavedRequest沒有set跳轉路徑的方法,不推薦重寫)或者本身去重寫AuthenticationSuccessHandler 實現本身的回調成功函數。默認是SavedRequestAwareAuthenticationSuccessHandler,拿到以前保存的路徑重定向。
或者直接在後臺定義一個重定一個重定向前端主頁的接口。前端判斷cas沒有登陸後訪問這個接口。讓該接口被攔截。而後再point中特殊判斷是該接口請求的話直接重定向至cas。這樣cas跳轉回來該接口又能重定向至前端。大功告成
爲了解決跨域問題。我對cas服務端作了跨域處理
跳轉頁以下:
<!DOCTYPE html> <!--[if IE 8]> <html lang="en" class="ie8 no-js" data-ng-app="MetronicApp" > <![endif]--> <!--[if IE 9]> <html lang="en" class="ie9 no-js" data-ng-app="MetronicApp"> <![endif]--> <html lang="en" data-ng-app="MetronicApp"> <head> <meta charset="utf-8" /> <title>正在跳轉</title> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta content="width=device-width, initial-scale=1" name="viewport" /> <meta content="" name="description" /> <meta content="" name="author" /> <link rel="shortcut icon" href="favicon.ico" /> </head> <body class="login" > <div ng-controller="redirectCtrl"></div> <script src="resources/global/plugins/respond.min.js"></script> <script src="resources/global/plugins/excanvas.min.js"></script> <script src="resources/global/plugins/jquery.min.js"></script> <script src="resources/global/plugins/bootstrap/js/bootstrap.min.js"></script> <script src="resources/global/plugins/bootstrap-hover-dropdown/bootstrap-hover-dropdown.min.js"></script> <script src="resources/global/plugins/angularjs/angular.min.js"></script> <script src="resources/global/plugins/angularjs/angular-sanitize.min.js"></script> <script src="resources/global/plugins/angularjs/angular-touch.min.js"></script> <script src="resources/global/plugins/angularjs/plugins/angular-ui-router.min.js"></script> <script src="resources/global/plugins/angularjs/plugins/ocLazyLoad.min.js"></script> <script src="resources/global/plugins/angularjs/plugins/ui-bootstrap-tpls.min.js"></script> <script src="packages/index/js/common/CommonService.js"></script> <script src="packages/index/js/main.js"></script> <script src="packages/index/js/directives.js"></script> <script src="resources/global/scripts/app.min.js"></script> <script src="resources/layouts/layout/scripts/layout.min.js"></script> <script src="resources/layouts/global/scripts/quick-sidebar.min.js"></script> <script src="packages/pages/js/controllers/RedirectController.js"></script> <script src="resources/global/plugins/angular-translate.min.js"></script> <script src="resources/global/plugins/angular-translate-loader-static-files.min.js"></script> <script src="packages/index/js/common/json2.js"></script> <script src="packages/index/js/common/MultiLanguage.js"></script> <script src="resources/global/plugins/angularjs/plugins/angular-strap/angular-strap.js"></script> <script src="resources/global/plugins/angularjs/plugins/angular-strap/angular-strap.tpl.js"></script> </body> </html>
cas跨域處理:加個過濾器
package org.jasig.cas.web;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class cascorfFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletResponse response1 = (HttpServletResponse) response;
HttpServletRequest request1=(HttpServletRequest)request;
response1.setHeader("Access-Control-Allow-Origin", request1.getHeader("Origin"));
response1.setHeader("Access-Control-Allow-Credentials", "true");
response1.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response1.setHeader("Access-Control-Max-Age", "3600");
response1.setHeader("Access-Control-Allow-Headers",
"Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,token");
chain.doFilter(request, response);
}
@Override
public void destroy() {
// TODO Auto-generated method stub
}
}
感謝https://gogo1217.iteye.com/blog/2425080提供的思路。雖然代碼不全 可是提供了 method=POST的方法思路
總結: cas服務端是3.X。 method=POST、HEADER、GET 官網上說是5.x提供的方法。可是3.X也能經過ajax獲取,故沒有升級cas。3.x不支持HEADER
cas5.x 設置了POST 返回的是ST跳轉頁面。瀏覽器是看不出來的 建議本身用postman等調試。 設置HEADER時確實在頭信息裏返回了 ST信息等。可是我調試時瘋狂重定向都懵逼了。 cas5.x官網說是在responseType中設置響應類型。能夠在配置文件中指定類型。
下次介紹一下spring boot+spring security+cas的集成方式。
相關文章
- 1. Ajax+SpringMvc先後端分離
- 2. 先後端分離springmvc和RESTful理解
- 3. vue.js+UEditor集成 先後端分離
- 4. springboot集成shiro 先後端分離
- 5. 先後端分離架構:Web 實現先後端分離,先後端解耦
- 6. 先後端分離後的CAS單點登陸流程詳解
- 7. 先後端分離實踐(五)—— 前端與後端的集成
- 8. 先後端分離 -- 跨域 -- 解決
- 9. mui與springMVC先後端分離
- 10. SSM:Spring+SpringMVC+MyBatis(實現先後端分離)
- 更多相關文章...
- • SVN 解決衝突 - SVN 教程
- • SQLite 分離數據庫 - SQLite教程
- • 常用的分佈式事務解決方案
- • Scala 中文亂碼解決
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
