springboot集成CAS客户端实现单点登录

1. pom中引入依赖

<!-- cas -->
        <dependency>
            <groupId>org.jasig.cas.client</groupId>
            <artifactId>cas-client-core</artifactId>
            <version>3.6.2</version>
        </dependency>

2. yml中添加cas配置

#cas配置
cas:
  resName: demo
  casServerLoginUrl: http://localhost:8888/cas/login
  casServerUrlPrefix: http://localhost:8888/cas
  casClientLoginUrl: http://localhost:10011/loginCas
  casClientLogoutUrl: http://localhost:8888/cas/logout?service=http://localhost:10011/loginCas

3. 读取CAS相关配置

@Component
@ConfigurationProperties(prefix = "cas")
public class CasPropertiesConfig {
    /**
     * 资源名称
     */
    private String resName;
    /**
     * cas服务登录地址
     */
    private String casServerLoginUrl;
    /**
     * cas服务地址前缀
     */
    private String casServerUrlPrefix;
    /**
     * cas客户端登录地址
     */
    private String casClientLoginUrl;
    /**
     * cas客户端登出地址
     */
    private String casClientLogoutUrl;

    public String getResName() {
        return resName;
    }

    public void setResName(String resName) {
        this.resName = resName;
    }

    public String getCasServerLoginUrl() {
        return casServerLoginUrl;
    }

    public void setCasServerLoginUrl(String casServerLoginUrl) {
        this.casServerLoginUrl = casServerLoginUrl;
    }

    public String getCasServerUrlPrefix() {
        return casServerUrlPrefix;
    }

    public void setCasServerUrlPrefix(String casServerUrlPrefix) {
        this.casServerUrlPrefix = casServerUrlPrefix;
    }

    public String getCasClientLoginUrl() {
        return casClientLoginUrl;
    }

    public void setCasClientLoginUrl(String casClientLoginUrl) {
        this.casClientLoginUrl = casClientLoginUrl;
    }

    public String getCasClientLogoutUrl() {
        return casClientLogoutUrl;
    }

    public void setCasClientLogoutUrl(String casClientLogoutUrl) {
        this.casClientLogoutUrl = casClientLogoutUrl;
    }
}

4. cas配置类

@Configuration
public class CasConfig {
    public static Boolean fileFlag = true;
    private static Logger logger = LoggerFactory.getLogger(CasConfig.class);
    
    @Autowired
    private CasPropertiesConfig casPropertiesConfig;
    

    @Bean
    public ServletListenerRegistrationBean servletListenerRegistrationBean() {
        ServletListenerRegistrationBean listenerRegistrationBean = new ServletListenerRegistrationBean();
        listenerRegistrationBean.setListener(new SingleSignOutHttpSessionListener());
        listenerRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
        return listenerRegistrationBean;
    }

    /**
     * 单点登录身份认证
     *
     * @return org.springframework.boot.web.servlet.FilterRegistrationBean
     */
    @Bean
    public FilterRegistrationBean authenticationFilter() {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        registrationBean.setFilter(new AuthenticationFilter());
        registrationBean.addUrlPatterns("/*");
        registrationBean.setName("CAS Authentication Filter");
        registrationBean.addInitParameter("casServerLoginUrl", casPropertiesConfig.getCasServerLoginUrl());
        registrationBean.addInitParameter("service", casPropertiesConfig.getCasClientLoginUrl());
        registrationBean.setOrder(3);
        return registrationBean;
    }

    /**
     * 单点登录票据校验
     *
     * @return org.springframework.boot.web.servlet.FilterRegistrationBean
     */
    @Bean
    public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        registrationBean.setFilter(new Cas30ProxyReceivingTicketValidationFilter());
        registrationBean.addUrlPatterns("/*");
        registrationBean.setName("CAS Validation Filter");
        registrationBean.addInitParameter("casServerUrlPrefix", casPropertiesConfig.getCasServerUrlPrefix());
        registrationBean.addInitParameter("service", casPropertiesConfig.getCasClientLoginUrl());
        registrationBean.setOrder(4);
        return registrationBean;
    }

    /**
     * 单点登录请求包装
     *
     * @return org.springframework.boot.web.servlet.FilterRegistrationBean
     */
    @Bean
    public FilterRegistrationBean httpServletRequestWrapperFilter() {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        registrationBean.setFilter(new HttpServletRequestWrapperFilter());
        registrationBean.addUrlPatterns("/*");
        registrationBean.setName("CAS HttpServletRequest Wrapper Filter");
        registrationBean.setOrder(5);
        return registrationBean;
    }
}

5. 单点登录接口demo

@Slf4j
@RestController
public class LoginCasController {
    @Autowired
    private CasPropertiesConfig casPropertiesConfig;
    @Autowired
    private SysLoginService loginService;
    //前端地址
    @Value("${casLoginUrl}")
    private String casLoginUrl;

    @RequestMapping("/loginCas")
    public void loginCas(HttpServletRequest request, HttpServletResponse response) throws Exception {
        // CAS统一认证登录帐号，即登录页面用户输入的帐号
        String loginName = "";
        Assertion assertion = (Assertion) request.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
        if (assertion == null) {
            log.error("assertion为空！");
        }
        AttributePrincipal principal = assertion.getPrincipal();
        if (principal == null) {
            log.error("principal为空！");
        }
        loginName = principal.getName();
        request.getSession().setAttribute("loginName", loginName);
        //此处写自己系统的登录逻辑
        ***
        //目前使用重定向带参数进行跳转
        String url = casLoginUrl + "?tokenCas=" + tokenCas;
        log.info("url:{}", url);
        response.sendRedirect(url);
    }
}

访问loingCas接口时，若未在CASserver登录，则会被拦截跳转到CAS的登陆页面，登陆成功后放行继续访问loginCas接口