CAS和Shiro在spring中集成
2015-01-09 16:04
399 查看
shiro是权限管理框架,现在已经会利用它如何控制权限。为了能够为多个系统提供统一认证入口,又研究了单点登录框架cas。因为二者都会涉及到对session的管理,所以需要进行集成。
Shiro在1.2.0的时候提供了对cas的集成。因此在项目中添加shiro-cas的依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-cas</artifactId>
<version>${shiro.version}</version>
</dependency>
Shiro对cas集成后,cas
client的配置更加简单了。原理就是将casFilter添加到到shiroFilter的filterChain中。 shiroFilter是在web.xml中定义的,前文已经讲过。
在Spring项目中集成Shiro和CAS
[html] view
plaincopy
<?xmlversionxmlversion="1.0" encoding="UTF-8"?>
<beansxmlnsbeansxmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans-2.5.xsd"
default-lazy-init="true">
<beanidbeanid="shiroFilter"class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<propertynamepropertyname="securityManager" ref="securityManager" />
<!--没有单点登录下的配置:没有权限或者失败后跳转的页面 -->
<!--<property name="loginUrl" value="/login/toLoginAction"/> -->
<!--有单点登录的配置:登录 CAS 服务端地址,参数 service 为服务端的返回地址 -->
<propertynamepropertyname="loginUrl"
value="http://localhost:18080/cas/login?service=http://localhost:8080/gxpt_web_qx_login/shiro-cas"/>
<!--<property name="successUrl" value="/page/index.jsp"/> -->
<propertynamepropertyname="successUrl" value="/indexAction" />
<propertynamepropertyname="filters">
<map>
<!--添加casFilter到shiroFilter -->
<entrykeyentrykey="casFilter" value-ref="casFilter">
</entry>
</map>
</property>
<propertynamepropertyname="filterChainDefinitions">
<value>
/shiro-cas= casFilter
/styles/**= anon
/**= user
</value>
</property>
<!--没有单点登录下的配置: -->
<!--<property name="filterChainDefinitions">
<value>
/styles/**= anon
/login/loginAction= anon
/login/logoutAction= logout
/**= user
</value>
</property>-->
</bean>
<beanidbeanid="casFilter" class="org.apache.shiro.cas.CasFilter">
<!--配置验证错误时的失败页面(Ticket 校验不通过时展示的错误页面) -->
<propertynamepropertyname="failureUrl" value="/page/error.jsp" />
</bean>
<beanidbeanid="securityManager"class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!--Single realm app. If you have multiple realms, use the 'realms' property
instead.-->
<!--没有单点登录下的配置: -->
<!--<property name="realm" ref="shiroDbRealm" /> -->
<propertynamepropertyname="realm" ref="casRealm" />
<propertynamepropertyname="subjectFactory" ref="casSubjectFactory" />
<propertynamepropertyname="cacheManager" ref="shiroEhcacheManager" />
</bean>
<beanidbeanid="casRealm" class="web.qx.login.shiro.MyCasRealm">
<propertynamepropertyname="defaultRoles" value="ROLE_USER"/>
<propertynamepropertyname="casServerUrlPrefix"value="http://localhost:18080/cas" />
<!--客户端的回调地址设置,必须和上面的shiro-cas过滤器拦截的地址一致 -->
<propertynamepropertyname="casService"
value="http://localhost:8080/gxpt_web_qx_login/shiro-cas"/>
</bean>
<!--Define the realm you want to use to connect to your back-end security
datasource:-->
<!--
<beanidbeanid="shiroDbRealm"class="web.qx.login.shiro.ShiroDbRealm">
<propertynamepropertyname="loginService"ref="login-loginBean"></property>
</bean>
-->
<beanidbeanid="casSubjectFactory"class="org.apache.shiro.cas.CasSubjectFactory" />
<!--用户授权/认证信息Cache, 采用EhCache 缓存 -->
<beanidbeanid="shiroEhcacheManager"class="org.apache.shiro.cache.ehcache.EhCacheManager">
<propertynamepropertyname="cacheManagerConfigFile"value="classpath:config/ehcache-shiro.xml" />
</bean>
<!--保证实现了Shiro内部lifecycle函数的bean执行 -->
<beanidbeanid="lifecycleBeanPostProcessor"class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<!--AOP式方法级权限检查 -->
<!--Enable Shiro Annotations for Spring-configured beans. Only run after -->
<!--the lifecycleBeanProcessor has run: -->
<bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor">
<propertynamepropertyname="proxyTargetClass" value="true" />
</bean>
<bean
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<propertynamepropertyname="securityManager" ref="securityManager" />
</bean>
</beans>
没有单点登录情况下的话,登录认证和授权认证默认在AuthorizingRealm的doGetAuthorizationInfo和doGetAuthenticationInfo中进行,所以我这里是通过shiroDbRealm(继承AuthorizingRealm的自定义类)覆写doGetAuthorizationInfo和doGetAuthenticationInfo,实现自定义登录认证和授权认证。
有单点登录情况下,登录认证是在casserver进行的,那么执行流程是这样的:用户从 cas
server登录成功后,跳到cas client的CasRealm执行默认的doGetAuthorizationInfo和doGetAuthenticationInfo,此时doGetAuthenticationInfo做的工作是把登录用户信息传递给shiro,保持默认即可,而对于授权的处理,可以通过MyCasRealm(继承CasRealm的自定义类)覆写doGetAuthorizationInfo进行自定义授权认证。
转载链接:http://blog.csdn.net/tch918/article/details/22311747
Shiro在1.2.0的时候提供了对cas的集成。因此在项目中添加shiro-cas的依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-cas</artifactId>
<version>${shiro.version}</version>
</dependency>
Shiro对cas集成后,cas
client的配置更加简单了。原理就是将casFilter添加到到shiroFilter的filterChain中。 shiroFilter是在web.xml中定义的,前文已经讲过。
在Spring项目中集成Shiro和CAS
[html] view
plaincopy
<?xmlversionxmlversion="1.0" encoding="UTF-8"?>
<beansxmlnsbeansxmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans-2.5.xsd"
default-lazy-init="true">
<beanidbeanid="shiroFilter"class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<propertynamepropertyname="securityManager" ref="securityManager" />
<!--没有单点登录下的配置:没有权限或者失败后跳转的页面 -->
<!--<property name="loginUrl" value="/login/toLoginAction"/> -->
<!--有单点登录的配置:登录 CAS 服务端地址,参数 service 为服务端的返回地址 -->
<propertynamepropertyname="loginUrl"
value="http://localhost:18080/cas/login?service=http://localhost:8080/gxpt_web_qx_login/shiro-cas"/>
<!--<property name="successUrl" value="/page/index.jsp"/> -->
<propertynamepropertyname="successUrl" value="/indexAction" />
<propertynamepropertyname="filters">
<map>
<!--添加casFilter到shiroFilter -->
<entrykeyentrykey="casFilter" value-ref="casFilter">
</entry>
</map>
</property>
<propertynamepropertyname="filterChainDefinitions">
<value>
/shiro-cas= casFilter
/styles/**= anon
/**= user
</value>
</property>
<!--没有单点登录下的配置: -->
<!--<property name="filterChainDefinitions">
<value>
/styles/**= anon
/login/loginAction= anon
/login/logoutAction= logout
/**= user
</value>
</property>-->
</bean>
<beanidbeanid="casFilter" class="org.apache.shiro.cas.CasFilter">
<!--配置验证错误时的失败页面(Ticket 校验不通过时展示的错误页面) -->
<propertynamepropertyname="failureUrl" value="/page/error.jsp" />
</bean>
<beanidbeanid="securityManager"class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!--Single realm app. If you have multiple realms, use the 'realms' property
instead.-->
<!--没有单点登录下的配置: -->
<!--<property name="realm" ref="shiroDbRealm" /> -->
<propertynamepropertyname="realm" ref="casRealm" />
<propertynamepropertyname="subjectFactory" ref="casSubjectFactory" />
<propertynamepropertyname="cacheManager" ref="shiroEhcacheManager" />
</bean>
<beanidbeanid="casRealm" class="web.qx.login.shiro.MyCasRealm">
<propertynamepropertyname="defaultRoles" value="ROLE_USER"/>
<propertynamepropertyname="casServerUrlPrefix"value="http://localhost:18080/cas" />
<!--客户端的回调地址设置,必须和上面的shiro-cas过滤器拦截的地址一致 -->
<propertynamepropertyname="casService"
value="http://localhost:8080/gxpt_web_qx_login/shiro-cas"/>
</bean>
<!--Define the realm you want to use to connect to your back-end security
datasource:-->
<!--
<beanidbeanid="shiroDbRealm"class="web.qx.login.shiro.ShiroDbRealm">
<propertynamepropertyname="loginService"ref="login-loginBean"></property>
</bean>
-->
<beanidbeanid="casSubjectFactory"class="org.apache.shiro.cas.CasSubjectFactory" />
<!--用户授权/认证信息Cache, 采用EhCache 缓存 -->
<beanidbeanid="shiroEhcacheManager"class="org.apache.shiro.cache.ehcache.EhCacheManager">
<propertynamepropertyname="cacheManagerConfigFile"value="classpath:config/ehcache-shiro.xml" />
</bean>
<!--保证实现了Shiro内部lifecycle函数的bean执行 -->
<beanidbeanid="lifecycleBeanPostProcessor"class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<!--AOP式方法级权限检查 -->
<!--Enable Shiro Annotations for Spring-configured beans. Only run after -->
<!--the lifecycleBeanProcessor has run: -->
<bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor">
<propertynamepropertyname="proxyTargetClass" value="true" />
</bean>
<bean
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<propertynamepropertyname="securityManager" ref="securityManager" />
</bean>
</beans>
没有单点登录情况下的话,登录认证和授权认证默认在AuthorizingRealm的doGetAuthorizationInfo和doGetAuthenticationInfo中进行,所以我这里是通过shiroDbRealm(继承AuthorizingRealm的自定义类)覆写doGetAuthorizationInfo和doGetAuthenticationInfo,实现自定义登录认证和授权认证。
有单点登录情况下,登录认证是在casserver进行的,那么执行流程是这样的:用户从 cas
server登录成功后,跳到cas client的CasRealm执行默认的doGetAuthorizationInfo和doGetAuthenticationInfo,此时doGetAuthenticationInfo做的工作是把登录用户信息传递给shiro,保持默认即可,而对于授权的处理,可以通过MyCasRealm(继承CasRealm的自定义类)覆写doGetAuthorizationInfo进行自定义授权认证。
转载链接:http://blog.csdn.net/tch918/article/details/22311747
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 单点登录cas与权限管理框架shiro集成------spring项目方式
- 七、spring boot 1.5.4 集成shiro+cas,实现单点登录和权限控制
- [原]CAS和Shiro在spring中集成
- Spring Boot 集成Shiro和CAS
- CAS和Shiro在spring中集成
- Spring Boot 集成Shiro和CAS
- 十一、Spring Boot 集成Shiro和CAS
- Spring Boot 集成Shiro和CAS
- Shiro + CAS + (Spring) 集成
- CAS和Shiro在spring中集成
- spring boot 1.5.4 集成shiro+cas,实现单点登录和权限控制
- 单点登录cas与权限管理框架shiro集成-spring项目方式
- Spring Boot 集成Shiro和CAS
- CAS和Shiro在spring中集成+Hibernate缓存优化
- Spring Shiro CAS 客户端集成配置
- Spring Boot 集成Shiro和CAS
- 单点登录CAS与权限管理框架Shiro集成------Spring项目方式
- shiro 与spring集成
- Spring集成Shiro时内存溢出的问题分析
- Shiro集成Spring,Spring,MVC myBatis