CAS和Shiro在spring中集成
来源:互联网 发布:重庆淘宝运营收徒弟 编辑:程序博客网 时间:2024/05/16 11:03
shiro是权限管理框架,现在已经会利用它如何控制权限。为了能够为多个系统提供统一认证入口,又研究了单点登录框架cas。因为二者都会涉及到对session的管理,所以需要进行集成。
Shiro在1.2.0的时候提供了对cas的集成。因此在项目中添加shiro-cas的依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-cas</artifactId>
<version>${shiro.version}</version>
</dependency>
Shiro对cas集成后,cas client的配置更加简单了。原理就是将casFilter添加到到shiroFilter的filterChain中。 shiroFilter是在web.xml中定义的,前文已经讲过。
在Spring项目中集成Shiro和CAS
- <?xmlversionxmlversion="1.0" encoding="UTF-8"?>
- <beansxmlnsbeansxmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans-2.5.xsd"
- default-lazy-init="true">
- <beanidbeanid="shiroFilter"class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
- <propertynamepropertyname="securityManager" ref="securityManager" />
- <!--没有单点登录下的配置:没有权限或者失败后跳转的页面 -->
- <!--<property name="loginUrl" value="/login/toLoginAction"/> -->
- <!--有单点登录的配置:登录 CAS 服务端地址,参数 service 为服务端的返回地址 -->
- <propertynamepropertyname="loginUrl"
- value="http://localhost:18080/cas/login?service=http://localhost:8080/gxpt_web_qx_login/shiro-cas"/>
- <!--<property name="successUrl" value="/page/index.jsp"/> -->
- <propertynamepropertyname="successUrl" value="/indexAction" />
- <propertynamepropertyname="filters">
- <map>
- <!--添加casFilter到shiroFilter -->
- <entrykeyentrykey="casFilter" value-ref="casFilter">
- </entry>
- </map>
- </property>
- <propertynamepropertyname="filterChainDefinitions">
- <value>
- /shiro-cas= casFilter
- /styles/**= anon
- /**= user
- </value>
- </property>
- <!--没有单点登录下的配置: -->
- <!--<property name="filterChainDefinitions">
- <value>
- /styles/**= anon
- /login/loginAction= anon
- /login/logoutAction= logout
- /**= user
- </value>
- </property>-->
- </bean>
- <beanidbeanid="casFilter" class="org.apache.shiro.cas.CasFilter">
- <!--配置验证错误时的失败页面(Ticket 校验不通过时展示的错误页面) -->
- <propertynamepropertyname="failureUrl" value="/page/error.jsp" />
- </bean>
- <beanidbeanid="securityManager"class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
- <!--Single realm app. If you have multiple realms, use the 'realms' property
- instead.-->
- <!--没有单点登录下的配置: -->
- <!--<property name="realm" ref="shiroDbRealm" /> -->
- <propertynamepropertyname="realm" ref="casRealm" />
- <propertynamepropertyname="subjectFactory" ref="casSubjectFactory" />
- <propertynamepropertyname="cacheManager" ref="shiroEhcacheManager" />
- </bean>
- <beanidbeanid="casRealm" class="web.qx.login.shiro.MyCasRealm">
- <propertynamepropertyname="defaultRoles" value="ROLE_USER"/>
- <propertynamepropertyname="casServerUrlPrefix"value="http://localhost:18080/cas" />
- <!--客户端的回调地址设置,必须和上面的shiro-cas过滤器拦截的地址一致 -->
- <propertynamepropertyname="casService"
- value="http://localhost:8080/gxpt_web_qx_login/shiro-cas"/>
- </bean>
- <!--Define the realm you want to use to connect to your back-end security
- datasource:-->
- <!--
- <beanidbeanid="shiroDbRealm"class="web.qx.login.shiro.ShiroDbRealm">
- <propertynamepropertyname="loginService"ref="login-loginBean"></property>
- </bean>
- -->
- <beanidbeanid="casSubjectFactory"class="org.apache.shiro.cas.CasSubjectFactory" />
- <!--用户授权/认证信息Cache, 采用EhCache 缓存 -->
- <beanidbeanid="shiroEhcacheManager"class="org.apache.shiro.cache.ehcache.EhCacheManager">
- <propertynamepropertyname="cacheManagerConfigFile"value="classpath:config/ehcache-shiro.xml" />
- </bean>
- <!--保证实现了Shiro内部lifecycle函数的bean执行 -->
- <beanidbeanid="lifecycleBeanPostProcessor"class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
- <!--AOP式方法级权限检查 -->
- <!--Enable Shiro Annotations for Spring-configured beans. Only run after -->
- <!--the lifecycleBeanProcessor has run: -->
- <bean
- class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
- depends-on="lifecycleBeanPostProcessor">
- <propertynamepropertyname="proxyTargetClass" value="true" />
- </bean>
- <bean
- class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
- <propertynamepropertyname="securityManager" ref="securityManager" />
- </bean>
- </beans>
没有单点登录情况下的话,登录认证和授权认证默认在AuthorizingRealm的doGetAuthorizationInfo和doGetAuthenticationInfo中进行,所以我这里是通过shiroDbRealm(继承AuthorizingRealm的自定义类)覆写doGetAuthorizationInfo和doGetAuthenticationInfo,实现自定义登录认证和授权认证。
有单点登录情况下,登录认证是在casserver进行的,那么执行流程是这样的:用户从 cas server登录成功后,跳到cas client的CasRealm执行默认的doGetAuthorizationInfo和doGetAuthenticationInfo,此时doGetAuthenticationInfo做的工作是把登录用户信息传递给shiro,保持默认即可,而对于授权的处理,可以通过MyCasRealm(继承CasRealm的自定义类)覆写doGetAuthorizationInfo进行自定义授权认证。
转载链接:http://blog.csdn.net/tch918/article/details/22311747
- CAS和Shiro在spring中集成
- CAS和Shiro在spring中集成
- CAS和Shiro在spring中集成
- CAS和Shiro在spring中集成
- CAS和Shiro在spring中集成+Hibernate缓存优化
- Spring Boot 集成Shiro和CAS
- Spring Boot 集成Shiro和CAS
- Spring Boot 集成Shiro和CAS
- Spring Boot 集成Shiro和CAS
- Spring Boot 集成Shiro和CAS
- Spring Boot 集成Shiro和CAS
- Spring Boot 集成Shiro和CAS
- Spring Boot 集成Shiro和CAS
- Spring Boot 集成Shiro和CAS
- shiro和cas集成下配置过滤器
- spring boot 1.5.4 集成shiro+cas,实现单点登录和权限控制
- shiro学习-shiro集成cas
- Apache Shiro 集成-Cas
- _tmain()和main()区别
- CAS单点登录部署说明
- SVN服务器搭建和使用(二)
- Linux 服务器安全操作技巧
- Lucene学习笔记一
- CAS和Shiro在spring中集成
- checkbox设置复选框的只读效果不让用户勾选
- 输出素数
- hadoop面试题整理(五)
- 自动化运维工具SaltStack详细部署
- C#自定义控件
- java
- 【JavaScript】颗粒归仓
- Illegal access: this web application instance has been stopped already .