apereo cas客户端登出url重定向

作者: 说你还是说我 | 来源:发表于2018-04-27 00:07 被阅读35次

apereo cas客户端登出url重定向
springboot整合CAS5.3单点登出
Federated 的登出后重定向
统一认证 - Apereo CAS 小试
网络安全之反序列化漏洞复现
单点登录CAS简介
CAS-5.3单点登录服务端搭建
中心认证服务--CAS原理
cas4.2.7 maven cas-overlay myecl
使用spring sercurity+cas实现SSO单点登录

前面几篇文章都是在讲apereo cas服务端的认证，今天笔者就来说说cas客户端的一些内容。首先是集成cas客户端(spring boot + spring securty + cas client)这是笔者用框架。
在spring boot 文档中没有详细介绍spring security的cas认证协议的认证，而是集成oauth2的认证授权。所以只能去参考spring security文档cas认证章节，然后通过编程的方式来替换配置文件的认证的方式。
总的来说，也就是在spring boot中用编程的方式来代替xml。

参考文章:
https://blog.csdn.net/cl_andywin/article/details/53998986
https://docs.spring.io/spring-security/site/docs/4.2.5.RELEASE/reference/htmlsingle/#cas
https://apereo.github.io/cas/5.2.x/installation/Logout-Single-Signout.html
https://apereo.github.io/cas/5.2.x/protocol/CAS-Protocol-Specification.html

实现步骤

cas 客户端

1 配置ServiceProperties

    @Bean
    public ServiceProperties serviceProperties(){
        ServiceProperties serviceProperties = new ServiceProperties();
        serviceProperties.setSendRenew(false);
        serviceProperties.setService("http://localhost:8090/login");   //当前客户端登录地址
        serviceProperties.setAuthenticateAllArtifacts(true);
        return serviceProperties;
    }

2 配置CasAuthenticationFilter

    @Bean
    public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
        CasAuthenticationFilter filter = new CasAuthenticationFilter();
        filter.setAuthenticationManager(authenticationManager());
        filter.setFilterProcessesUrl("/login");  //处理cas客户端的登录地址
        return filter;
    }

3 配置CasAuthenticationEntryPoint

   @Bean
    public CasAuthenticationEntryPoint casAuthenticationEntryPoint(){
        CasAuthenticationEntryPoint point = new CasAuthenticationEntryPoint();
        point.setLoginUrl("http://localhost:8080/login");  //cas服务端登录地址
        point.setServiceProperties(serviceProperties());  //设置cas客户端信息
        return point;
    }

*4 创建一个认证成功，授权类
这个类需要实现特定的service，因为在provider中需要设置这个授权类。

public class UserServiceImpl implements AuthenticationUserDetailsService<CasAssertionAuthenticationToken> {

    @Override
    public UserDetails loadUserDetails(CasAssertionAuthenticationToken casAssertionAuthenticationToken) throws UsernameNotFoundException {
        System.out.println(casAssertionAuthenticationToken.toString());
        //登录成功，设置用户权限
        UserDetails user =
                User.withDefaultPasswordEncoder()
                        .username(casAssertionAuthenticationToken.getName())
                        .password("password")
                        .roles("USER")
                        .build();
        return user;
    }
}

5 配置CasAuthenticationProvider

    @Bean
    public CasAuthenticationProvider casAuthenticationProvider(){
        //cas票据认证地址设置
        Cas30ServiceTicketValidator validator = new Cas30ServiceTicketValidator("http://localhost:8080");
        CasAuthenticationProvider provider = new CasAuthenticationProvider();
        //cas客户端用户授权方法
        provider.setAuthenticationUserDetailsService(new UserServiceImpl());
        provider.setServiceProperties(serviceProperties());
        provider.setTicketValidator(validator);
        provider.setKey("cas_an_id_for_this_auth_provider_only");
        return provider;
    }

6 配置单点登出SingleSignOutFilter

    @Bean
    public SingleSignOutFilter singleSignOutFilter(){
        SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
        singleSignOutFilter.setCasServerUrlPrefix("http://localhost:8090");
        singleSignOutFilter.setIgnoreInitConfiguration(true);
        return singleSignOutFilter;
    }

7 配置登出LogoutFilter

    @Bean
    public LogoutFilter logoutFilter() throws UnsupportedEncodingException {
        String s = URLEncoder.encode("http://localhost:8090/","utf8");
        //添加service，使cas能够重定向
        String logoutUrl = "http://localhost:8080/logout?service="+s;
        LogoutFilter logoutFilter = new LogoutFilter(logoutUrl,new SecurityContextLogoutHandler());
        //拦截退出的url
        logoutFilter.setFilterProcessesUrl("/logout");
        return logoutFilter;
    }

8 配置spring security拦截

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        super.configure(auth);
        //添加cas认证
        auth.authenticationProvider(casAuthenticationProvider());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint())  //添加cas认证切面
                .and()
                .addFilter(casAuthenticationFilter())   //添加cas认证filter
                .addFilterBefore(logoutFilter(), LogoutFilter.class)    //添加cas登出filter
                .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class)   //添加cas单点登录filter
            .authorizeRequests()
                .antMatchers("/", "/home").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
            .logout()
                .permitAll();
    }