CAS搭建单点登录rest认证-APP端接入方案
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了CAS搭建单点登录rest认证-APP端接入方案相关的知识,希望对你有一定的参考价值。
参考技术A <!-- restful --><dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-rest</artifactId>
<version>$cas.version</version>
</dependency>
# ticket过期设置
cas.ticket.st.numberOfUses=1
cas.ticket.st.timeToKillInSeconds=60
注:http://localhost:9527/auth/cas/client/validateLogin为被保护后台封装的接口,该接口主要有两个功能:①调用https://cas.ananops.com:8443/cas/p3/serviceValidate向单点登录服务端验证该ST的真实性。②ST确认真实后,生成ACCESS-TOKEN以及登录用户信息并返回给APP端,用户访问被保护后台的服务。
postman测试https接口需要配置:
CAS-4.2.7接入REST登录认证,移动端C/S端登录解决方案
一、发送GET请求获取RSA公钥和JSESSIONID
请求地址:/cas/login,请求类型:GET
curl -I http://cas.gfstack.geo:8080/cas/login
返回如下:
HTTP/1.1 200 Set-Cookie: JSESSIONID=2AC7AF14F7798FA770E927F8EFB356FE; Path=/cas; HttpOnly Set-Cookie: publicKey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOrwpYIEi0CTd7TSVqQZ/EhHqysaKT0XEn7pjkO4LQ4g6IfJ/4tcbgn4XpS0cR/9P0WpV93Fsnc40s8VINoMqBH64cNHqE4boEqftRSi/L3FQvMSLxctLavu/kF5bzURPRMPyKlW2FQqMkhVautguT939cu+EitEQKMj29hikAyQIDAQAB; Path=/cas Cache-Control: no-store Content-Type: text/html;charset=UTF-8 Content-Length: 9856 Date: Tue, 14 May 2019 04:07:12 GMT
获取到 JSESSIONID 和 publicKey
二、发送POST请求获取请求头中的Location
拿 publicKey 做为RSA公钥对用户密码明文做加密得到 password ,提供java实现,其他语言请自行百度
package com.geostar.gfstack.cas.support.util; import org.apache.commons.codec.binary.Base64; import javax.crypto.Cipher; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; /** * RSA加解密工具类,实现公钥加密私钥解密和私钥解密公钥解密 * link:https://www.cnblogs.com/nihaorz/p/10690643.html */ public class RSAUtils { private static final String src = "abcdefghijklmnopqrstuvwxyz"; public static void main(String[] args) throws Exception { System.out.println("\\n"); RSAKeyPair keyPair = generateKeyPair(); System.out.println("公钥:" + keyPair.getPublicKey()); System.out.println("私钥:" + keyPair.getPrivateKey()); System.out.println("\\n"); test1(keyPair, src); System.out.println("\\n"); test2(keyPair, src); System.out.println("\\n"); } /** * 公钥加密私钥解密 */ private static void test1(RSAKeyPair keyPair, String source) throws Exception { System.out.println("***************** 公钥加密私钥解密开始 *****************"); String text1 = encryptByPublicKey(keyPair.getPublicKey(), source); String text2 = decryptByPrivateKey(keyPair.getPrivateKey(), text1); System.out.println("加密前:" + source); System.out.println("加密后:" + text1); System.out.println("解密后:" + text2); if (source.equals(text2)) { System.out.println("解密字符串和原始字符串一致,解密成功"); } else { System.out.println("解密字符串和原始字符串不一致,解密失败"); } System.out.println("***************** 公钥加密私钥解密结束 *****************"); } /** * 私钥加密公钥解密 * * @throws Exception */ private static void test2(RSAKeyPair keyPair, String source) throws Exception { System.out.println("***************** 私钥加密公钥解密开始 *****************"); String text1 = encryptByPrivateKey(keyPair.getPrivateKey(), source); String text2 = decryptByPublicKey(keyPair.getPublicKey(), text1); System.out.println("加密前:" + source); System.out.println("加密后:" + text1); System.out.println("解密后:" + text2); if (source.equals(text2)) { System.out.println("解密字符串和原始字符串一致,解密成功"); } else { System.out.println("解密字符串和原始字符串不一致,解密失败"); } System.out.println("***************** 私钥加密公钥解密结束 *****************"); } /** * 公钥解密 * * @param publicKeyText * @param text * @return * @throws Exception */ public static String decryptByPublicKey(String publicKeyText, String text) throws Exception { X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKeyText)); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec); Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.DECRYPT_MODE, publicKey); byte[] result = cipher.doFinal(Base64.decodeBase64(text)); return new String(result); } /** * 私钥加密 * * @param privateKeyText * @param text * @return * @throws Exception */ public static String encryptByPrivateKey(String privateKeyText, String text) throws Exception { PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKeyText)); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec); Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.ENCRYPT_MODE, privateKey); byte[] result = cipher.doFinal(text.getBytes()); return Base64.encodeBase64String(result); } /** * 私钥解密 * * @param privateKeyText * @param text * @return * @throws Exception */ public static String decryptByPrivateKey(String privateKeyText, String text) throws Exception { PKCS8EncodedKeySpec pkcs8EncodedKeySpec5 = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKeyText)); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec5); Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.DECRYPT_MODE, privateKey); byte[] result = cipher.doFinal(Base64.decodeBase64(text)); return new String(result); } /** * 公钥加密 * * @param publicKeyText * @param text * @return */ public static String encryptByPublicKey(String publicKeyText, String text) throws Exception { X509EncodedKeySpec x509EncodedKeySpec2 = new X509EncodedKeySpec(Base64.decodeBase64(publicKeyText)); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec2); Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.ENCRYPT_MODE, publicKey); byte[] result = cipher.doFinal(text.getBytes()); return Base64.encodeBase64String(result); } /** * 构建RSA密钥对 * * @return * @throws NoSuchAlgorithmException */ public static RSAKeyPair generateKeyPair() throws NoSuchAlgorithmException { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(1024); KeyPair keyPair = keyPairGenerator.generateKeyPair(); RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic(); RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate(); String publicKeyString = Base64.encodeBase64String(rsaPublicKey.getEncoded()); String privateKeyString = Base64.encodeBase64String(rsaPrivateKey.getEncoded()); RSAKeyPair rsaKeyPair = new RSAKeyPair(publicKeyString, privateKeyString); return rsaKeyPair; } /** * RSA密钥对对象 */ public static class RSAKeyPair { private String publicKey; private String privateKey; public RSAKeyPair(String publicKey, String privateKey) { this.publicKey = publicKey; this.privateKey = privateKey; } public String getPublicKey() { return publicKey; } public String getPrivateKey() { return privateKey; } } }
将 JSESSION 带到cookie中发送POST请求(参数包含用户名和RSA公钥加密后的密码),请求地址:/cas/v1/tickets,请求类型POST,Content-Type: application/x-www-form-urlencoded
curl -i -X POST http://cas.gfstack.geo:8080/cas/v1/tickets \\ -H ‘Content-Type: application/x-www-form-urlencoded‘ --cookie ‘JSESSIONID=2AC7AF14F7798FA770E927F8EFB356FE‘ -d ‘username=admin&password=ifP607Amuqxy19VUvZZ79Aq9pTzCYbShrLtSzChhm+GAmtCWUQyryCPjnh7/RhWow2qOSkCy/JynFtkznvwRgofDKN7aCOPDiIEe04IyDMOCEpCws/su+Gp4Jr2kUZHKR6iJ9Ht/adNQqFZ+r2RPiaJSIvNMYSTnY2RBZvwyxNY=‘
返回如下:
HTTP/1.1 201 Cache-Control: no-store Location: http://cas.gfstack.geo:8080/cas/v1/tickets/TGT-6-NK2bhU6TddIyeqmY94BKm2dzFc7BuPQHaMe1pUhX2RrVBmFKQp-cas01.example.org Content-Type: text/html;charset=UTF-8 Content-Length: 382 Date: Tue, 14 May 2019 04:08:13 GMT <!DOCTYPE HTML PUBLIC \\"-//IETF//DTD HTML 2.0//EN\\"><html><head><title>201 Created</title></head><body><h1>TGT Created</h1><form action="http://cas.gfstack.geo:8080/cas/v1/tickets/TGT-6-NK2bhU6TddIyeqmY94BKm2dzFc7BuPQHaMe1pUhX2RrVBmFKQp-cas01.example.org" method="POST">Service:<input type="text" name="service" value=""><br><input type="submit" value="Submit"></form></body></html>
获取请求头中的 Location
三、发送POST请求获取ST
请求地址:上一步返回的 Location ,请求类型:POST,Content-Type: application/x-www-form-urlencoded
curl -X POST http://cas.gfstack.geo:8080/cas/v1/tickets/TGT-6-NK2bhU6TddIyeqmY94BKm2dzFc7BuPQHaMe1pUhX2RrVBmFKQp-cas01.example.org \\ -H ‘Content-Type: application/x-www-form-urlencoded‘ -d ‘service=http%3A%2F%2F192.168.36.158%3A8080%2Fdemo%2F‘
其中 service 是CAS客户端地址(综合运维、服务中心、数据中心等),需要经过encodeURI编码
返回如下:
ST-9-kzS0oIyS9DZmveLy4vZs-cas01.example.org
返回内容即是ST,成功拿到ST即成功使用REST登录
四、关于ST校验
请参照:https://www.cnblogs.com/nihaorz/p/10445514.html 部署cas-sample-java-webapp应用完成校验
JSESSIONID
以上是关于CAS搭建单点登录rest认证-APP端接入方案的主要内容,如果未能解决你的问题,请参考以下文章