第一步:引入jar包

    <dependency>
      <groupId>net.unicon.cas</groupId>
      <artifactId>cas-client-autoconfig-support</artifactId>
      <version>2.3.0-GA</version>
    </dependency>

第二步:配置文件application.yaml

server:
  port: 7070
  servlet:
    context-path: /child01

cas:
  #后端服务地址
  client-host-url: http://127.0.0.1:7070
  #cas认证中心地址
  server-url-prefix: https://192.168.194.104:8443/cas
  #cas认证中心登录地址
  server-login-url: https://192.168.194.104:8443/cas/login
  validation-type: cas3

第三步:再启动类添加注解

@EnableCasClient
@SpringBootApplication
public class ChildApplication{

    public static void main( String[] args ){
        SpringApplication.run(ChildApplication.class, args);
    }
}

第四步:添加Controller测试接口

@Controller
public class LoginController {

    @Value(value = "${cas.server-url-prefix}")
    private String serverUrlPrefix = "";

    @Value(value = "${cas.client-host-url}")
    private String clientHostUrl = "";

    @GetMapping("/user")
    @ResponseBody
    public String user(HttpServletRequest request) {
        Assertion assertion = (Assertion) request.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
        String loginName = null;
        if (assertion != null) {
            AttributePrincipal principal = assertion.getPrincipal();
            loginName = principal.getName();
            System.out.println("访问者:" + loginName);
        }
        return "访问者:" + loginName;
    }

    @RequestMapping("/logout")
    public String logout(HttpSession session) {
        session.invalidate();
        return "redirect:" + serverUrlPrefix + "/logout?service=" + clientHostUrl + "/child01/user";
    }
}

第五步:服务端不允许客户端的http协议的请求。需要对服务端做以下修改apache-tomcat-9.0.52/web-app/WEB-INF/classes/services/HTTPSandIMAPS-10000001.json

"serviceId" 由原来的"^(https|imaps)://.*"改成 "^(https|imaps|http)://.*"

apache-tomcat-9.0.52/webapps/cas/WEB-INF/classes/application.properties文件添加2行

cas.serviceRegistry.initFromJson=true
cas.tgc.secure=false

 第六步:客户端代码添加过滤SSL

public class IgnoreSSLValidateFilter implements Filter {

    static {
        //执行设置,禁用ssl认证
        try {
            TrustManager[] trustAllCerts = {new X509TrustManager() {
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
                public void checkClientTrusted(X509Certificate[] arg0, String arg1)
                        throws CertificateException {
                }
                public void checkServerTrusted(X509Certificate[] arg0, String arg1)
                        throws CertificateException {
                }
            }};
            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, trustAllCerts, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

            HostnameVerifier allHostsValid = new HostnameVerifier() {
                public boolean verify(String hostname, SSLSession session) {
                    return true;
                }
            };
            HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        }
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        filterChain.doFilter(servletRequest, servletResponse);
    }

    @Override
    public void destroy() {
    }
}
@Configuration
@Component
public class FilterConfig {

    @Bean
    public FilterRegistrationBean ignoreSSLValidateFilter(){
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        registrationBean.setFilter(new IgnoreSSLValidateFilter());
        registrationBean.setName("ignoreSSLValidateFilter");
        //过滤器顺序
        registrationBean.setOrder(0);
        //拦截规则
        registrationBean.setUrlPatterns(Arrays.asList("/*"));
        return registrationBean;

    }
}

第七步:自行验证

Logo

华为开发者空间,是为全球开发者打造的专属开发空间,汇聚了华为优质开发资源及工具,致力于让每一位开发者拥有一台云主机,基于华为根生态开发、创新。

更多推荐