cas+shiro集成_CASshiro资源-CSDN下载

共49个文件

xml：11个

class：7个

java：7个

cas

shiro

需积分: 10 43 浏览量 2018-08-01 15:20:01 上传评论收藏 84KB ZIP 举报

CAS（Central Authentication Service）和Apache Shiro都是在Java领域中广泛使用的安全框架，它们各自有着不同的侧重点。CAS主要用于集中式身份验证，而Shiro则更专注于应用内部的安全管理，如授权、会话管理和安全控制。将两者集成，可以构建出一套强大的安全管理体系。 CAS是一个开源的单点登录（Single Sign-On，SSO）协议实现，它允许用户通过一个认证服务器进行一次登录，然后就能访问所有支持CAS的系统，无需再次输入凭证。这大大提升了用户体验并简化了身份验证的管理。 Shiro是Apache软件基金会的一个项目，它提供了一个简单易用但功能强大的安全框架，包括身份验证、授权、会话管理和加密工具。Shiro可以在不侵入应用程序代码的情况下进行安全控制，使得开发者能更专注于业务逻辑。集成CAS和Shiro，主要目的是利用CAS的SSO能力，同时借助Shiro进行更细粒度的权限控制和会话管理。下面将详细介绍这个集成过程中的关键知识点： 1. CAS配置：你需要在CAS服务器端进行配置，确保它可以处理来自客户端的认证请求。这包括设置服务注册、认证处理器和Ticket验证机制。 2. 客户端配置：在应用中，你需要配置Shiro来使用CAS作为其认证机制。这通常涉及配置`CasRealm`，并指定CAS服务器的URL和其他相关参数。 3. SSO登录流程：用户首次访问受保护资源时，会被重定向到CAS服务器进行登录。登录成功后，CAS会返回一个Ticket，应用通过验证这个Ticket来确认用户的身份。 4. Shiro的授权：Shiro提供了基于角色的访问控制（RBAC），你可以定义角色和权限，并在Shiro配置中指定哪些URL或操作需要特定的角色权限。Shiro的过滤器链可以实现这些控制。 5. 会话管理：Shiro可以管理用户的会话，包括会话超时、跨域会话同步等。在CAS+Shiro的环境中，可以利用Shiro处理会话相关的复杂问题，比如会话固定攻击防护。 6. 自定义逻辑：可能需要根据实际需求编写自定义的Cas Realm或者Filter，以便处理特定的业务逻辑，比如用户信息的获取、权限的动态加载等。 7. 整合测试：集成完成后，进行详细的测试是非常必要的，包括正常登录、登出、权限验证、会话管理等多个方面，以确保系统的稳定性和安全性。以上就是CAS与Shiro集成的核心知识点。这个集成方案可以为大型分布式系统提供高效、安全的身份验证和授权管理，同时减少了用户重复登录的繁琐步骤，提高了用户体验。

资源推荐

资源详情

资源评论

收起资源包目录

casloginShiro3.zip （49个子文件）

casloginShiro

.project 1KB

.springBeans 550B

src

test

resources

java

TestMain.java 788B

test.html 6B

main

webapp

WEB-INF

spring-shiro.xml 5KB

spring-core-config.xml 3KB

views

error.jsp 66B

index.jsp 2KB

success.jsp 68B

list.jsp 513B

lib

spring-mvc-config.xml 1KB

web.xml 7KB

static

jquery-1.8.3.min.js 91KB

resources

ehcache-shiro.xml 2KB

shiro.properties 936B

application.properties 398B

logback.xml 3KB

java

com

yunlu

demo

User.java 2KB

IndexController.java 5KB

MzCasRealm.java 8KB

org

jasig

cas

client

filter

CasTicketCheckFilter.java 3KB

validation

Cas20ServiceTicketValidator.java 8KB

CasTicketValidationFilter.java 2KB

target

m2e-wtp

web-resources

META-INF

MANIFEST.MF 115B

maven

caslogin2

pom.properties 234B

pom.xml 5KB

classes

ehcache-shiro.xml 2KB

shiro.properties 936B

application.properties 398B

com

yunlu

demo

User.class 2KB

IndexController.class 5KB

MzCasRealm.class 6KB

org

jasig

cas

client

filter

CasTicketCheckFilter.class 3KB

validation

CasTicketValidationFilter.class 3KB

Cas20ServiceTicketValidator.class 6KB

logback.xml 3KB

test-classes

TestMain.class 1KB

.settings

org.eclipse.wst.jsdt.ui.superType.container 49B

org.eclipse.wst.common.project.facet.core.xml 252B

org.eclipse.m2e.core.prefs 90B

org.eclipse.jdt.core.prefs 430B

org.eclipse.wst.validation.prefs 50B

org.eclipse.wst.jsdt.ui.superType.name 6B

org.eclipse.core.resources.prefs 98B

org.eclipse.wst.common.component 686B

.jsdtscope 639B

pom.xml 5KB

.classpath 1KB

package com.yunlu.demo; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.cas.CasAuthenticationException; import org.apache.shiro.cas.CasRealm; import org.apache.shiro.cas.CasToken; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.SimplePrincipalCollection; import org.apache.shiro.util.CollectionUtils; import org.jasig.cas.client.authentication.AttributePrincipal; import org.jasig.cas.client.validation.Assertion; import org.jasig.cas.client.validation.TicketValidationException; import org.jasig.cas.client.validation.TicketValidator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.util.Assert; //import org.springframework.transaction.annotation.Transactional; /*import com.ld.nhmz.ebo.SusRoleEntity; import com.ld.nhmz.ebo.SusUserEntity; import com.ld.nhmz.service.SusRolePermissionService; import com.ld.nhmz.service.SusRoleService; import com.ld.nhmz.service.SusUserService;*/ //@Service @SuppressWarnings("deprecation") //@Transactional(value = "nhmzTM") public class MzCasRealm extends CasRealm { /* @Autowired private SusUserService userService; @Autowired private SusRolePermissionService rolePermissionService; @Autowired private SusRoleService roleService;*/ private Logger log = LoggerFactory.getLogger(MzCasRealm.class); private TicketValidator ticketValidator; private HttpServletRequest request; protected TicketValidator ensureTicketValidator() { if(ticketValidator == null) ticketValidator = createTicketValidator(); return ticketValidator; } /* *//** * 授权访问控制，用于对用户进行的操作进行人证授权，证明该用户是否允许进行当前操作，如访问某个链接，某个资源文件等 *//* @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { String username = (String) principals.getPrimaryPrincipal(); // SusUserEntity user = userService.findByUsername(username); System.out.println("doGetAuthorizationInfo"); User user=new User(); user.setAccount("confadmin"); user.setPassword("yw123456"); if (user != null) { SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); // 设置用户的角色 //String roleId = userService.getRoleIdFromUserId(user.getId()); // SusRoleEntity roleEntity = roleService.getRole(roleId); if (null != user) //authorizationInfo.addRole(roleEntity.getRolecode()); // 设置用户对应的角色的权限集合 // List<String> permissons; try { //permissons = rolePermissionService.getPermissionIds2(roleId); for (String permission : permissons) { authorizationInfo.addStringPermission(permission); } } catch (Exception e) { e.printStackTrace(); } return authorizationInfo; } return null; } *//** * 验证用户身份 *//* @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { return super.doGetAuthenticationInfo(token); }*/ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException { CasToken casToken = (CasToken) authcToken; if (authcToken == null) return null; String ticket = (String) casToken.getCredentials(); TicketValidator ticketValidator = ensureTicketValidator(); try { Assertion casAssertion = ticketValidator.validate(ticket, getCasService()); System.out.println(casAssertion); AttributePrincipal casPrincipal = casAssertion.getPrincipal(); String userId = casPrincipal.getName(); log.debug("Validate ticket : {} in CAS server : {} to retrieve user : {}", new Object[] { ticket, getCasServerUrlPrefix(), userId }); Map<String, Object> attributes = casPrincipal.getAttributes(); casToken.setUserId(userId); String rememberMeAttributeName = getRememberMeAttributeName(); String rememberMeStringValue = (String)attributes.get(rememberMeAttributeName); boolean isRemembered = rememberMeStringValue != null && Boolean.parseBoolean(rememberMeStringValue); if(isRemembered) casToken.setRememberMe(true); /** 此处是封装用户信息 sUsr su = new sUsr(); su.setUsrCde(userId); sUsr susr = isUsrService.findByCode(su); AccessTokenInfo atInfo = new AccessTokenInfo(); atInfo.setUsrCde(userId); //获取apikey AccessTokenInfo ati = accessTokenInfoService.selectOneByObject(atInfo); //构建ShiroUserAccount ShiroUserAccount sua = new ShiroUserAccount(susr,ati); */ User user=new User(); user.setAccount("confadmin"); user.setPassword("yw123456"); List<Object> principals = CollectionUtils.asList(new Object[] { user, attributes }); PrincipalCollection principalCollection = new SimplePrincipalCollection(principals, getName()); return new SimpleAuthenticationInfo(principalCollection, ticket); } catch(TicketValidationException e) { throw new CasAuthenticationException((new StringBuilder()).append("Unable to validate ticket [").append(ticket).append("]").toString(), e); } } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) { /*SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();*/ //获取登录用户的Shiro对象 ---主体身份信息(验权) /* User shiroUser = (User)principal.getPrimaryPrincipal(); request.getSession().setAttribute("current_user", shiroUser); //断言，若对象为空则直接抛出异常 Assert.notNull(shiroUser,"找不到principal中的SessionVariable---shiroUser");*/ //添加用户拥有的role /*addRoles(info,shiroUser); addPermissions(info,shiroUser);*/ String userName = (String)principal.getPrimaryPrincipal(); System.out.println(userName); // User user = userService.getUserByUserName (userName ); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); /* authorizationInfo.setRoles(userService.findRolesByUserId(user.getId())); authorizationInfo.setStringPermissions(userService.findPermissionsByUserId(user.getId()));*/ return authorizationInfo; // return info; } @Override public void clearCachedAuthorizationInfo(PrincipalCollection principals) { super.clearCachedAuthorizationInfo(principals); } @Override public void clearCachedAuthenticationInfo(PrincipalCollection principals) { super.clearCachedAuthenticationInfo(principals); } @Override public void clearCache(PrincipalCollection principals) { super.clearCache(principals); } public void clearAllCachedAuthorizationInfo() { getAuthorizationCache()

评论收藏

内容反馈