//第一步：写入pom文件jar包坐标

<!-- 单点登录安全框架 -->

<dependency>

  <groupId>org.springframework.security</groupId>

  <artifactId>spring-security-web</artifactId>

</dependency>

<!--cas的客户端 -->

<dependency>

    <groupId>net.unicon.cas</groupId>

    <artifactId>cas-client-autoconfig-support</artifactId>

    <version>2.2.0-GA</version>

    <exclusions>

        <exclusion>

            <groupId>org.jasig.cas.client</groupId>

            <artifactId>cas-client-core</artifactId>

        </exclusion>

    </exclusions>

</dependency>

<dependency> 

  <groupId>org.jasig.cas.client</groupId> 

  <artifactId>cas-client-core</artifactId> 

  <version>3.5.0</version> 

</dependency>

//第二步，获取登录账户用于权限管理

//获取CAS单点登录账户名的两种方法

@RestController

@RequestMapping("/CASUtil")

public class CASUtil {

/**

    * 从cas中获取用户名

    *

    * @param request

    * @return

    */

@LoginCheck(check = false)//不登录也能访问

@RequestMapping("/getUserName2")

  public static String getAccountNameFromCas(HttpServletRequest request) {

      Assertion assertion = (Assertion) request.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);

      if(assertion!= null){

          AttributePrincipal principal = assertion.getPrincipal();

          return principal.getName();

      }else return null;

  }

@LoginCheck(check = false)//不登录也能访问

    @RequestMapping("/getUserName")

  public static String getUserName(HttpServletRequest request) {

  String personCode = "";    //账户名

  AssertionImpl assertion = (AssertionImpl) request.getSession().getAttribute("_const_cas_assertion_");

  if(assertion!=null){

  AttributePrincipal principal = assertion.getPrincipal();

  if(principal!=null){

          personCode = principal.getName();

          return personCode;

  }else{

  return null;

      }

  }else{

      return null;

  } 

  }

}

//第三步springboot 配置文件配置

#cas config

spring.cas.sign-out-filters=/logout

spring.cas.auth-filters=/*

spring.cas.validate-filters=/*

spring.cas.request-wrapper-filters=/*

spring.cas.assertion-filters=/*

spring.cas.redirect-after-validation=true

spring.cas.use-session=true

#the dev of cas config

spring.cas.cas-server-login-url=http://IP/cas/login

spring.cas.cas-server-url-prefix=http://IP/cas

spring.cas.server-name=http://IP:端口

ignore-host-url=http://IP:端口/tsysController/*

//第四步springboot 获取配置文件内容类编写

@ConfigurationProperties(prefix = "spring.cas") 

public class SpringCasAutoconfig { 

    static final String separator = ","; 

    private String validateFilters; 

    private String signOutFilters; 

    private String authFilters; 

    private String assertionFilters; 

    private String requestWrapperFilters; 

    private String casServerUrlPrefix; 

    private String casServerLoginUrl; 

    private String serverName; 

    private boolean useSession = true; 

    private boolean redirectAfterValidation = true; 

    public List<String> getValidateFilters() { 

        return Arrays.asList(validateFilters.split(separator)); 

    } 

    public void setValidateFilters(String validateFilters) { 

        this.validateFilters = validateFilters; 

    } 

    public List<String> getSignOutFilters() { 

        return Arrays.asList(signOutFilters.split(separator)); 

    } 

    public void setSignOutFilters(String signOutFilters) { 

        this.signOutFilters = signOutFilters; 

    } 

    public List<String> getAuthFilters() { 

        return Arrays.asList(authFilters.split(separator)); 

    } 

    public void setAuthFilters(String authFilters) { 

        this.authFilters = authFilters; 

    } 

    public List<String> getAssertionFilters() { 

        return Arrays.asList(assertionFilters.split(separator)); 

    } 

    public void setAssertionFilters(String assertionFilters) { 

        this.assertionFilters = assertionFilters; 

    } 

    public List<String> getRequestWrapperFilters() { 

        return Arrays.asList(requestWrapperFilters.split(separator)); 

    } 

    public void setRequestWrapperFilters(String requestWrapperFilters) { 

        this.requestWrapperFilters = requestWrapperFilters; 

    } 

    public String getCasServerUrlPrefix() { 

        return casServerUrlPrefix; 

    } 

    public void setCasServerUrlPrefix(String casServerUrlPrefix) { 

        this.casServerUrlPrefix = casServerUrlPrefix; 

    } 

    public String getCasServerLoginUrl() { 

        return casServerLoginUrl; 

    } 

    public void setCasServerLoginUrl(String casServerLoginUrl) { 

        this.casServerLoginUrl = casServerLoginUrl; 

    } 

    public String getServerName() { 

        return serverName; 

    } 

    public void setServerName(String serverName) { 

        this.serverName = serverName; 

    } 

    public boolean isRedirectAfterValidation() { 

        return redirectAfterValidation; 

    } 

    public void setRedirectAfterValidation(boolean redirectAfterValidation) { 

        this.redirectAfterValidation = redirectAfterValidation; 

    } 

    public boolean isUseSession() { 

        return useSession; 

    } 

    public void setUseSession(boolean useSession) { 

        this.useSession = useSession; 

    } 

} 

//第五步CAS  java代码过滤器类编写

//CAS登录登录和统一退出 及不登录也能访问路径过滤器配置

@Configuration 

public class CasConfig {

@Value("${ignore-host-url}")

    private String ignoreHostUrl;

    @Autowired 

    SpringCasAutoconfig autoconfig; 

    private static boolean casEnabled  = true; 

    public CasConfig() { 

    } 

    @Bean 

    public SpringCasAutoconfig getSpringCasAutoconfig(){ 

        return new SpringCasAutoconfig(); 

    } 

    /**

    * 用于实现单点登出功能

    */ 

    @Bean 

    public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() { 

        ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listener = new ServletListenerRegistrationBean<>(); 

        listener.setEnabled(casEnabled); 

        listener.setListener(new SingleSignOutHttpSessionListener()); 

        listener.setOrder(1); 

        return listener; 

    } 

    /**

    * 该过滤器用于实现单点登出功能，单点退出配置，一定要放在其他filter之前

    */ 

    @Bean 

    public FilterRegistrationBean logOutFilter() { 

        FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); 

        LogoutFilter logoutFilter = new LogoutFilter(autoconfig.getCasServerUrlPrefix() + "/logout?service=" + autoconfig.getServerName(),new SecurityContextLogoutHandler()); 

        filterRegistration.setFilter(logoutFilter); 

        filterRegistration.setEnabled(casEnabled); 

        if(autoconfig.getSignOutFilters().size()>0) 

            filterRegistration.setUrlPatterns(autoconfig.getSignOutFilters()); 

        else 

            filterRegistration.addUrlPatterns("/logout"); 

        filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix()); 

        filterRegistration.addInitParameter("serverName", autoconfig.getServerName()); 

        filterRegistration.setOrder(2); 

        return filterRegistration; 

    } 

    /**

    * 该过滤器用于实现单点登出功能，单点退出配置，一定要放在其他filter之前

    */ 

    @Bean 

    public FilterRegistrationBean singleSignOutFilter() { 

        FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); 

        filterRegistration.setFilter(new SingleSignOutFilter()); 

        filterRegistration.setEnabled(casEnabled); 

        if(autoconfig.getSignOutFilters().size()>0) 

            filterRegistration.setUrlPatterns(autoconfig.getSignOutFilters()); 

        else 

            filterRegistration.addUrlPatterns("/*"); 

        filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix()); 

        filterRegistration.addInitParameter("serverName", autoconfig.getServerName()); 

        filterRegistration.setOrder(3); 

        return filterRegistration; 

    } 

    /** 

    * 该过滤器负责用户的认证工作 

    */ 

    @Bean 

    public FilterRegistrationBean authenticationFilter() { 

        FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); 

        filterRegistration.setFilter(new AuthenticationFilter()); 

        filterRegistration.setEnabled(casEnabled); 

        if(autoconfig.getAuthFilters().size()>0) 

            filterRegistration.setUrlPatterns(autoconfig.getAuthFilters()); 

        else 

            filterRegistration.addUrlPatterns("/*"); 

        //casServerLoginUrl:cas服务的登陆url 

        filterRegistration.addInitParameter("casServerLoginUrl", autoconfig.getCasServerLoginUrl()); 

        //本项目登录ip+port 

        filterRegistration.addInitParameter("serverName", autoconfig.getServerName());

        filterRegistration.addInitParameter("ignorePattern", ignoreHostUrl);

        filterRegistration.addInitParameter("useSession", autoconfig.isUseSession()?"true":"false"); 

        filterRegistration.addInitParameter("redirectAfterValidation", autoconfig.isRedirectAfterValidation()?"true":"false"); 

        filterRegistration.setOrder(4); 

        return filterRegistration; 

    } 

    /** 

    * 该过滤器负责对Ticket的校验工作 

    */ 

    @Bean 

    public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() { 

        FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); 

        Cas20ProxyReceivingTicketValidationFilter cas20ProxyReceivingTicketValidationFilter = new Cas20ProxyReceivingTicketValidationFilter(); 

        cas20ProxyReceivingTicketValidationFilter.setServerName(autoconfig.getServerName()); 

        filterRegistration.setFilter(cas20ProxyReceivingTicketValidationFilter); 

        filterRegistration.setEnabled(casEnabled); 

        if(autoconfig.getValidateFilters().size()>0) 

            filterRegistration.setUrlPatterns(autoconfig.getValidateFilters()); 

        else 

            filterRegistration.addUrlPatterns("/*"); 

        filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix()); 

        filterRegistration.addInitParameter("serverName", autoconfig.getServerName()); 

        filterRegistration.setOrder(5); 

        return filterRegistration; 

    } 

    /** 

    * 该过滤器对HttpServletRequest请求包装， 可通过HttpServletRequest的getRemoteUser()方法获得登录用户的登录名 

    * 

    */ 

    @Bean 

    public FilterRegistrationBean httpServletRequestWrapperFilter() { 

        FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); 

        filterRegistration.setFilter(new HttpServletRequestWrapperFilter()); 

        filterRegistration.setEnabled(true); 

        if(autoconfig.getRequestWrapperFilters().size()>0) 

            filterRegistration.setUrlPatterns(autoconfig.getRequestWrapperFilters()); 

        else 

            filterRegistration.addUrlPatterns("/login"); 

        filterRegistration.setOrder(6); 

        return filterRegistration; 

    } 

    /**

    * 该过滤器使得可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。

    比如AssertionHolder.getAssertion().getPrincipal().getName()。

    这个类把Assertion信息放在ThreadLocal变量中，这样应用程序不在web层也能够获取到当前登录信息

    */ 

    @Bean 

    public FilterRegistrationBean assertionThreadLocalFilter() { 

        FilterRegistrationBean filterRegistration = new FilterRegistrationBean(); 

        filterRegistration.setFilter(new AssertionThreadLocalFilter()); 

        filterRegistration.setEnabled(true); 

        if(autoconfig.getAssertionFilters().size()>0) 

            filterRegistration.setUrlPatterns(autoconfig.getAssertionFilters()); 

        else 

            filterRegistration.addUrlPatterns("/*"); 

        filterRegistration.setOrder(7); 

        return filterRegistration; 

    } 

}