cas restful接口实现SSO

Posted 2021-02-05 ljangle

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了cas restful接口实现SSO相关的知识，希望对你有一定的参考价值。

一、使用pac4j插件

https://apereo.github.io/cas/6.0.x/protocol/REST-Protocol.html 官网链接cas restclient

二、cas server端下载依赖

三、使用客户端测试连接

    private final static String CAS_LOGIN_URL = "https://mmoayyed.unicon.net:8433/cas";
//    private final static String CAS_LOGIN_URL = "https://mmoayyed.unicon.net:8433/cas/v1/tickets/login";
    private final static String APP_URL = "http://app1.cas.com:9001/hello/index";
    private final static String serviceUrl = "http://app1.cas.com:9001";


    @PostMapping(value="/hello/restLogin")
    public void restLogin(HttpServletRequest request, HttpServletResponse response) {
        final CasConfiguration casConfiguration = new CasConfiguration(CAS_LOGIN_URL);
        casConfiguration.setRestUrl("https://mmoayyed.unicon.net:8433/cas/v1/tickets/login");
        CasRestFormClient client = new CasRestFormClient();
        client.setConfiguration(casConfiguration);

        System.out.println("界面提交执行");

        WebContext webContext = new J2EContext(request, response);

        try {
            UsernamePasswordCredentials credentials = client.getCredentials(webContext);
            String userName = credentials.getUsername();
            System.out.println(userName);
            CasRestProfile profile = client.getUserProfile(credentials, webContext);
            String tgc = profile.getTicketGrantingTicketId();
            String redirectUrl=CAS_LOGIN_URL+"?service="+APP_URL+"&tgc="+tgc;
            final TokenCredentials casCredentials = client.requestServiceTicket(serviceUrl, profile, webContext);
            // validate service ticket
            final CasProfile casProfile = client.validateServiceTicket(serviceUrl, casCredentials, webContext);
            response.sendRedirect("http://app1.cas.com:9001/hello/restLogin");
        } catch (HttpAction | IOException e) {
//        } catch (HttpAction e) {
            e.printStackTrace();
        }
    }

//使用cas restclient测试连接的打印日志
2019-01-23 09:22:11,460 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: 111
WHAT: Supplied credentials: [UsernamePasswordCredential(username=111, source=null)]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Wed Jan 23 09:22:11 CST 2019
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
2019-01-23 09:22:11,555 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: 111
WHAT: TGT-1-*****fX-X6f4JWUoDESKTOP-NEPM8G8
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Jan 23 09:22:11 CST 2019
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
2019-01-23 09:22:11,591 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: 111
WHAT: [status=201-CREATED,location=https://mmoayyed.unicon.net:8433/cas/v1/tickets/login/TGT-1-*****fX-X6f4JWUoDESKTOP-NEPM8G8]
ACTION: REST_API_TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Jan 23 09:22:11 CST 2019
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
2019-01-23 09:22:11,756 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: 111
WHAT: [result=Service Access Granted,service=http://app1.cas.com:9001,requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Wed Jan 23 09:22:11 CST 2019
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
2019-01-23 09:22:11,776 INFO [org.apereo.cas.DefaultCentralAuthenticationService] - <Granted ticket [ST-1-8LGjogmk3cmoiMVgC6nlsbmUslMDESKTOP-NEPM8G8] for service [http://app1.cas.com:9001] and principal [111]>
2019-01-23 09:22:11,778 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: 111
WHAT: ST-1-8LGjogmk3cmoiMVgC6nlsbmUslMDESKTOP-NEPM8G8 for http://app1.cas.com:9001
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Jan 23 09:22:11 CST 2019
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
2019-01-23 09:22:11,779 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: 111
WHAT: [status=200-OK,body=ST-1-8LGjogmk3cmoiMVgC6nlsbmUslMDESKTOP-NEPM8G8]
ACTION: REST_API_SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Jan 23 09:22:11 CST 2019
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
2019-01-23 09:22:11,868 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [result=Service Access Granted,service=http://app1.cas.com:9001,principal=SimplePrincipal(id=111, attributes={}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Wed Jan 23 09:22:11 CST 2019
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
2019-01-23 09:22:11,874 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: 111
WHAT: ST-1-8LGjogmk3cmoiMVgC6nlsbmUslMDESKTOP-NEPM8G8
ACTION: SERVICE_TICKET_VALIDATE_SUCCESS
APPLICATION: CAS
WHEN: Wed Jan 23 09:22:11 CST 2019
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

这时：出现的问题是使用cas restclient进行测试，虽然显示时st认证成功，但是在cas server的登陆页依旧没有显示成功，而没有使用cas restclient接口的时候，cas client在st认证成功的情况下，cas server的登陆页显示的就是登陆成功的界面

对此分析借鉴的原因是：要是由于业务系统使用自己的登陆页面登陆后，没有在CAS的域下写入TGC的Cookie值

以上是关于cas restful接口实现SSO的主要内容，如果未能解决你的问题，请参考以下文章

CAS搭建单点登录rest认证-APP端接入方案

SSO之CAS框架扩展改动CAS源代码实现与ESS动态password验证对接

学习CAS实现SSO单点登录

分布式会话与单点登录SSO系统CAS，包含完整示例代码实现

现在有一个SSO的Restful 的接口，用java代码具体怎么调用这个接口啊，需要传参啊？

使用 CAS + Spring Security 实现 SSO