至于框架整合。https://download.csdn.net/download/qq_37256345/10803287   有个demo

这里就不多讲了,主要是问题

cas :4.0.x 

spring boot:2.0.x

由于cas此版本不支持 前后分离。

问题1:  由于前端代码是放nginx  后台在tomcat ,端口不一致  于是存在跨域问题

解决办法:nginx通过反向代理,  代理地址为tomcat地址,并且前端请求的地址为 nginx配置地址

问题2: 接口无法测试

解决办法:放开全部权限,并且写一个中转工具类

取用户信息 ,全部从该工具类取,  可以根据不同用户 修改不同用户信息, 

接口对完,测试上场就注释下面部分代码,该  从security中获取用户信息,这样只需修改一个地方。

问题3:上传下载,nginx 做了限制。

解决方法:client_max_body_size    10m; ngxin配置

security  

放开下载接口即可;如果下载是用nginx 做的,配置nginx即可,

问题4:前后分离ajax请求未登录无法跳转登录页

解决方案:前端拦截异常  统一跳转 security+cas 的回调地址,并在该接口做一次重定向,跳转至nginx  的首页

回调地址必须为  nginx代理的那个tomcat地址,否则仍然会出现跨域问题。

--------------------------------------------------------------------

新的解决方案

cas  302重定向的核心代码

如果能改源码最好了,不能改源码那就复制一个一模一样的类出来其他的都不改

public class MyCasAuthenticationEntryPoint implements AuthenticationEntryPoint,
    InitializingBean {

    // ~ Instance fields
    // ================================================================================================
    private ServiceProperties serviceProperties;

    private String loginUrl;

    /**
     * Determines whether the Service URL should include the session id for the specific user. As of
     * CAS 3.0.5, the session id will automatically be stripped. However, older versions of CAS
     * (i.e. CAS 2), do not automatically strip the session identifier (this is a bug on the part of
     * the older server implementations), so an option to disable the session encoding is provided
     * for backwards compatibility.
     *
     * By default, encoding is enabled.
     */
    private boolean encodeServiceUrlWithSessionId = true;

    // ~ Methods
    // ========================================================================================================

    public void afterPropertiesSet() throws Exception {
        Assert.hasLength(this.loginUrl, "loginUrl must be specified");
        Assert.notNull(this.serviceProperties, "serviceProperties must be specified");
        Assert.notNull(this.serviceProperties.getService(),
            "serviceProperties.getService() cannot be null.");
    }

    public final void commence(final HttpServletRequest servletRequest,
        final HttpServletResponse response,
        final AuthenticationException authenticationException) throws IOException,
        ServletException {

        final String urlEncodedService = createServiceUrl(servletRequest, response);
        final String redirectUrl = createRedirectUrl(urlEncodedService);
        //System.out.println(redirectUrl);
        preCommence(servletRequest, response);
        //response.sendRedirect(redirectUrl);
        response.setCharacterEncoding("UTF-8");
        response.setHeader("Content-Type", "application/json");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods", "GET, POST");
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setStatus(HttpServletResponse.SC_OK);
        response.setContentType("application/json;charset=UTF-8");
        PrintWriter writer = null;
        try {
            RespData redirect = RespData.redirect(redirectUrl);
            writer = response.getWriter();
            writer.write(JSONObject.toJSONString(redirect));
            writer.flush();
        } catch (IOException ex) {
        } finally {
            if (writer != null) {
                writer.close();
            }
        }
    }

    /**
     * Constructs a new Service Url. The default implementation relies on the CAS client to do the
     * bulk of the work.
     *
     * @param request the HttpServletRequest
     * @param response the HttpServlet Response
     * @return the constructed service url. CANNOT be NULL.
     */
    protected String createServiceUrl(final HttpServletRequest request,
        final HttpServletResponse response) {
        return CommonUtils.constructServiceUrl(null, response,
            this.serviceProperties.getService(), null,
            this.serviceProperties.getArtifactParameter(),
            this.encodeServiceUrlWithSessionId);
    }

    /**
     * Constructs the Url for Redirection to the CAS server. Default implementation relies on the
     * CAS client to do the bulk of the work.
     *
     * @param serviceUrl the service url that should be included.
     * @return the redirect url. CANNOT be NULL.
     */
    protected String createRedirectUrl(final String serviceUrl) {
        return CommonUtils.constructRedirectUrl(this.loginUrl,
            this.serviceProperties.getServiceParameter(), serviceUrl,
            this.serviceProperties.isSendRenew(), false);
    }

    /**
     * Template method for you to do your own pre-processing before the redirect occurs.
     *
     * @param request the HttpServletRequest
     * @param response the HttpServletResponse
     */
    protected void preCommence(final HttpServletRequest request,
        final HttpServletResponse response) {

    }

    /**
     * The enterprise-wide CAS login URL. Usually something like
     * <code>https://www.mycompany.com/cas/login</code>.
     *
     * @return the enterprise-wide CAS login URL
     */
    public final String getLoginUrl() {
        return this.loginUrl;
    }

    public final ServiceProperties getServiceProperties() {
        return this.serviceProperties;
    }

    public final void setLoginUrl(final String loginUrl) {
        this.loginUrl = loginUrl;
    }

    public final void setServiceProperties(final ServiceProperties serviceProperties) {
        this.serviceProperties = serviceProperties;
    }

    /**
     * Sets whether to encode the service url with the session id or not.
     *
     * @param encodeServiceUrlWithSessionId whether to encode the service url with the session id or
     * not.
     */
    public final void setEncodeServiceUrlWithSessionId(
        final boolean encodeServiceUrlWithSessionId) {
        this.encodeServiceUrlWithSessionId = encodeServiceUrlWithSessionId;
    }

    /**
     * Sets whether to encode the service url with the session id or not.
     *
     * @return whether to encode the service url with the session id or not.
     */
    protected boolean getEncodeServiceUrlWithSessionId() {
        return this.encodeServiceUrlWithSessionId;
    }
}

SecurityConfig里的该方法记得改掉即可,如果直接改源码就不需要,像我这种复制一个出来的就需要重新改掉

 

 直接改写返回重定向不由后台处理,指定特殊的code,让前端统一拦截,例如遇到code=1前端去跳转即可

 logout不能直接用了

需要前端获取退出接口,然后页面会跳转登录页面,回调到上面的  / 首页,首页在重定向到前端的首页即可

Logo

前往低代码交流专区

更多推荐