//package com.landtool.lanbase.config;
|
//
|
//import javax.net.ssl.HostnameVerifier;
|
//import javax.net.ssl.HttpsURLConnection;
|
//import javax.net.ssl.SSLSession;
|
//
|
//import org.jasig.cas.client.session.SingleSignOutFilter;
|
//import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
|
//import org.jasig.cas.client.util.AssertionThreadLocalFilter;
|
//import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
|
//import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;
|
//import org.springframework.beans.factory.annotation.Autowired;
|
//import org.springframework.beans.factory.annotation.Value;
|
//import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
//import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
|
//import org.springframework.context.annotation.Bean;
|
//import org.springframework.context.annotation.Configuration;
|
//import org.springframework.security.web.authentication.logout.LogoutFilter;
|
//import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
|
//
|
//import com.landtool.lanbase.common.shiro.CasAuthenticationFilter;
|
//
|
//@Configuration
|
//public class CasConfig {
|
//
|
// @Autowired
|
// CasConfigProperties config;
|
//
|
// // 是否开启CAS过滤 true开启 false关闭
|
// @Value("${spring.cas.casEnabled: #{false}}")
|
// private boolean casEnabled;
|
// // private static boolean casEnabled = true;
|
//
|
// public CasConfig() {
|
// }
|
//
|
// @Bean
|
// public CasConfigProperties getCasConfigProperties() {
|
// return new CasConfigProperties();
|
// }
|
//
|
// /**
|
// * 用于实现单点登出功能
|
// */
|
// @Bean
|
// public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() {
|
// ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listener = new ServletListenerRegistrationBean<>();
|
// listener.setEnabled(casEnabled);
|
// listener.setListener(new SingleSignOutHttpSessionListener());
|
// listener.setOrder(1);
|
// return listener;
|
// }
|
//
|
// /**
|
// * 该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前
|
// */
|
// @Bean
|
// public FilterRegistrationBean logOutFilter() {
|
// FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
|
// LogoutFilter logoutFilter = new LogoutFilter(
|
// config.getCasServerUrlPrefix() + "/logout?service=" + config.getServerName(),
|
// new SecurityContextLogoutHandler());
|
// filterRegistration.setFilter(logoutFilter);
|
// filterRegistration.setEnabled(casEnabled);
|
// if (config.getSignOutFilters().size() > 0) {
|
// filterRegistration.setUrlPatterns(config.getSignOutFilters());
|
// } else {
|
// filterRegistration.addUrlPatterns("/logout");
|
// }
|
// filterRegistration.addInitParameter("casServerUrlPrefix", config.getCasServerUrlPrefix());
|
// filterRegistration.addInitParameter("serverName", config.getServerName());
|
// filterRegistration.setOrder(2);
|
// return filterRegistration;
|
// }
|
//
|
// /**
|
// * 该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前
|
// */
|
// @Bean
|
// public FilterRegistrationBean singleSignOutFilter() {
|
// FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
|
// filterRegistration.setFilter(new SingleSignOutFilter());
|
// filterRegistration.setEnabled(casEnabled);
|
// if (config.getSignOutFilters().size() > 0) {
|
// filterRegistration.setUrlPatterns(config.getSignOutFilters());
|
// } else {
|
// filterRegistration.addUrlPatterns("/*");
|
// }
|
// filterRegistration.addInitParameter("casServerUrlPrefix", config.getCasServerUrlPrefix());
|
// filterRegistration.addInitParameter("serverName", config.getServerName());
|
// filterRegistration.setOrder(3);
|
// return filterRegistration;
|
// }
|
//
|
// /**
|
// * 该过滤器负责用户的认证工作
|
// */
|
// @Bean
|
// public FilterRegistrationBean authenticationFilter() {
|
// FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
|
// filterRegistration.setFilter(new CasAuthenticationFilter());
|
// filterRegistration.setEnabled(casEnabled);
|
// if (config.getAuthFilters().size() > 0) {
|
// filterRegistration.setUrlPatterns(config.getAuthFilters());
|
// } else {
|
// filterRegistration.addUrlPatterns("/*");
|
// }
|
// // casServerLoginUrl:cas服务的登陆url
|
// filterRegistration.addInitParameter("casServerLoginUrl", config.getCasServerLoginUrl());
|
// // 本项目登录ip+port
|
// filterRegistration.addInitParameter("serverName", config.getServerName());
|
// filterRegistration.addInitParameter("useSession", config.isUseSession() ? "true" : "false");
|
// filterRegistration.addInitParameter("redirectAfterValidation",
|
// config.isRedirectAfterValidation() ? "true" : "false");
|
// filterRegistration.setOrder(4);
|
// return filterRegistration;
|
// }
|
//
|
// /**
|
// * 该过滤器负责对Ticket的校验工作
|
// */
|
// @Bean
|
// public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() {
|
//
|
// try {
|
// trustAllHttpsCertificates();
|
// HttpsURLConnection.setDefaultHostnameVerifier(hv);
|
// } catch (Exception e) {
|
// // TODO Auto-generated catch block
|
// e.printStackTrace();
|
// }
|
//
|
// FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
|
// Cas20ProxyReceivingTicketValidationFilter cas20ProxyReceivingTicketValidationFilter = new Cas20ProxyReceivingTicketValidationFilter();
|
// // cas20ProxyReceivingTicketValidationFilter.setTicketValidator(cas20ServiceTicketValidator());
|
// cas20ProxyReceivingTicketValidationFilter.setServerName(config.getServerName());
|
// filterRegistration.setFilter(cas20ProxyReceivingTicketValidationFilter);
|
// filterRegistration.setEnabled(casEnabled);
|
// if (config.getValidateFilters().size() > 0) {
|
// filterRegistration.setUrlPatterns(config.getValidateFilters());
|
// } else {
|
// filterRegistration.addUrlPatterns("/*");
|
// }
|
// filterRegistration.addInitParameter("casServerUrlPrefix", config.getCasServerUrlPrefix());
|
// filterRegistration.addInitParameter("serverName", config.getServerName());
|
// filterRegistration.setOrder(5);
|
// return filterRegistration;
|
// }
|
//
|
// /**
|
// * 该过滤器对HttpServletRequest请求包装,
|
// * 可通过HttpServletRequest的getRemoteUser()方法获得登录用户的登录名
|
// *
|
// */
|
// @Bean
|
// public FilterRegistrationBean httpServletRequestWrapperFilter() {
|
// FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
|
// filterRegistration.setFilter(new HttpServletRequestWrapperFilter());
|
// filterRegistration.setEnabled(true);
|
// if (config.getRequestWrapperFilters().size() > 0) {
|
// filterRegistration.setUrlPatterns(config.getRequestWrapperFilters());
|
// } else {
|
// filterRegistration.addUrlPatterns("/*");
|
// }
|
// filterRegistration.setOrder(6);
|
// return filterRegistration;
|
// }
|
//
|
// /**
|
// * 该过滤器使得可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
|
// * 比如AssertionHolder.getAssertion().getPrincipal().getName()。
|
// * 这个类把Assertion信息放在ThreadLocal变量中,这样应用程序不在web层也能够获取到当前登录信息
|
// */
|
// @Bean
|
// public FilterRegistrationBean assertionThreadLocalFilter() {
|
// FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
|
// filterRegistration.setFilter(new AssertionThreadLocalFilter());
|
// filterRegistration.setEnabled(true);
|
// if (config.getAssertionFilters().size() > 0) {
|
// filterRegistration.setUrlPatterns(config.getAssertionFilters());
|
// } else {
|
// filterRegistration.addUrlPatterns("/*");
|
// }
|
// filterRegistration.setOrder(7);
|
// return filterRegistration;
|
// }
|
//
|
// HostnameVerifier hv = new HostnameVerifier() {
|
// public boolean verify(String urlHostName, SSLSession session) {
|
// System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
|
// return true;
|
// }
|
// };
|
//
|
// private static void trustAllHttpsCertificates() throws Exception {
|
// javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
|
// javax.net.ssl.TrustManager tm = new miTM();
|
// trustAllCerts[0] = tm;
|
// javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
|
// sc.init(null, trustAllCerts, null);
|
// javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
|
// }
|
//
|
// static class miTM implements javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager {
|
// public java.security.cert.X509Certificate[] getAcceptedIssuers() {
|
// return null;
|
// }
|
//
|
// public boolean isServerTrusted(java.security.cert.X509Certificate[] certs) {
|
// return true;
|
// }
|
//
|
// public boolean isClientTrusted(java.security.cert.X509Certificate[] certs) {
|
// return true;
|
// }
|
//
|
// public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
|
// throws java.security.cert.CertificateException {
|
// return;
|
// }
|
//
|
// public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
|
// throws java.security.cert.CertificateException {
|
// return;
|
// }
|
// }
|
//
|
//}
|
