CAS客户端对接

**需求：**输入项目地址(例：127.0.0.1:8080)时，判断有没有登录CAS，没有则跳转CAS登录，登录完成再返回项目地址，且需要获取到CAS登录用户的用户名。
实现：
第一步：搭建好CAS服务，这个在上一篇博客写了如何搭建，传送门CAS服务部署以及配置登陆成功跳转地址
第二步：接入客户端可以常用第三方的库cas-client-autoconfig-support来对接，比较快捷，迅速实现，或者可以用cas-client-support-springboot集成到boot项目
  首先pom文件中添加依赖

<!-- CAS依赖包 -->
        <dependency>
            <groupId>net.unicon.cas</groupId>
            <artifactId>cas-client-autoconfig-support</artifactId>
            <version>1.5.0-GA</version>
        </dependency>
1
2
3
4
5
6

  然后在application.properties中添加配置

#cas服务端的登录地址
cas.server-login-url=http://127.0.0.1:8070/login
#cas服务端的地址
cas.server-url-prefix: http://127.0.0.1:8070
#当前服务器的地址(客户端)
cas.client-host-url: http://127.0.0.1:8801
1
2
3
4
5
6

  然后自定义一个重定向策略类，这里还是和默认的策略一样，可以根据项目需要自行更改

import org.jasig.cas.client.authentication.AuthenticationRedirectStrategy;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @ClassName: CustomAuthticationRedirectStrategy
 * @Description:
 * @author: zhang zihao
 * @date: 2022/8/6  11:05
 */
public class CustomAuthticationRedirectStrategy implements AuthenticationRedirectStrategy {

    @Override
    public void redirect(HttpServletRequest request, HttpServletResponse response, String potentialRedirectUrl) throws IOException {
//        response.setCharacterEncoding("utf-8");
//        response.setContentType("application/json; charset=utf-8");
//        PrintWriter out = response.getWriter();
//        out.write("401");
        //response重定向
        response.sendRedirect(potentialRedirectUrl);
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

  最后编写拦截器，其中@EnableCasClient注解一定要加，开启CAS支持，这里我的CAS登录地址和客户端地址(当前项目地址)我都写在application.properties配置文件里面

import ktw.micro.service.proxy.center.feign.AuthFeign;
import net.unicon.cas.client.configuration.CasClientConfigurerAdapter;
import net.unicon.cas.client.configuration.EnableCasClient;
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.HashMap;
import java.util.Map;

/**
 * @ClassName: CASConfig
 * @Description:
 * @author: zhang zihao
 * @date: 2022/8/6  11:06
 */
@Configuration
@EnableCasClient
public class CASConfig extends CasClientConfigurerAdapter {
    @Value("${cas.server-login-url}")
    private String CAS_SERVER_URL_LOGIN;
    @Value("${cas.client-host-url}")
    private String SERVER_NAME;

    private static final String AUTHENTICATION_REDIRECT_STRATEGY_CLASS  = "org.muses.jeeplatform.oa.cas.CustomAuthticationRedirectStrategy";

    @Override
    public void configureAuthenticationFilter(FilterRegistrationBean authenticationFilter) {
        super.configureAuthenticationFilter(authenticationFilter);
        authenticationFilter.getInitParameters().put("authenticationRedirectStrategyClass",AUTHENTICATION_REDIRECT_STRATEGY_CLASS);
    }

    @Override
    public void configureValidationFilter(FilterRegistrationBean validationFilter) {
        Map<String, String> initParameters = validationFilter.getInitParameters();
        initParameters.put("encodeServiceUrl", "false");
    }

    @Bean
    public FilterRegistrationBean filterRegistrationBean(){
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        registrationBean.setFilter(new AuthenticationFilter());
        registrationBean.addUrlPatterns("/*");
        Map<String, String> initParameters = new HashMap<String,String>(4);
        initParameters.put("casServerLoginUrl",CAS_SERVER_URL_LOGIN);
        initParameters.put("serverName",SERVER_NAME);
        initParameters.put("ignorePattern","/logoutSuccess/*");
        // 自定义重定向策略
        initParameters.put("authenticationRedirectStrategyClass", AUTHENTICATION_REDIRECT_STRATEGY_CLASS);
        registrationBean.setInitParameters(initParameters);
        registrationBean.setOrder(1);
        return registrationBean;
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

第三步：上述步骤完成后，启动项目，请求项目接口，我这里使用的是以下这个接口（127.0.0.1:8080/proxy），CAS未登录的情况下，首先跳到CAS登录界面，登录完成后重定向到127.0.0.1:8080/proxy

@RestController
public class ProxyController {
    @Resource
    private ProxyService proxyService;
    /**
    * @param servletResponse
    * @param url 去往系统的地址
    * @description
    * @return void
    * @author zhang zihao
    * @date 2022/8/3
     * http://host:port/proxy?url=xxxx
    **/
    @GetMapping("/proxy")
    public void proxy(HttpServletRequest request, HttpServletResponse servletResponse, String url) {
        proxyService.proxy(request,servletResponse,url);
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

第四步：客户端如何获取到CAS登录用户，CAS5.3会在配置文件里面配置一个默认的用户casuser，以下代码就是获取到这个用户。

Principal principal=request.getUserPrincipal();
String name=principal.getName();
1
2