Cas + shiro implement requests to cas for identity authentication from time to time, and shirocas

Cas + shiro implement requests to cas for identity authentication from time to time, and shirocas

Cas + shiro does not perform cas verification of identity information from time to time. shiro must have a complete certification body in the current system.

The current configuration method is as follows:

The cas system sets the default browser session survival time. The current system session survival time is 30 minutes, so when the current system authentication fails, go to cas for verification.

A very important node is involved here, that is, how does the shiro framework perform cas verification? Please refer to the Code:

Org. apache. shiro. web. filter. AccessControlFilterd is also the parent class of all default verification classes,

The redirectToLogin method in the parent class is to request the cas server and obtain the verification information again.

/**     * Convenience method for subclasses that merely acquires the {@link #getLoginUrl() getLoginUrl} and redirects     * the request to that url.     * <p/>     * <b>N.B.</b>  If you want to issue a redirect with the intention of allowing the user to then return to their     * originally requested URL, don't use this method directly.  Instead you should call     * {@link #saveRequestAndRedirectToLogin(javax.servlet.ServletRequest, javax.servlet.ServletResponse)     * saveRequestAndRedirectToLogin(request,response)}, which will save the current request state so that it can     * be reconstructed and re-used after a successful login.     *     * @param request  the incoming <code>ServletRequest</code>     * @param response the outgoing <code>ServletResponse</code>     * @throws IOException if an error occurs.     */    protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException {        String loginUrl = getLoginUrl();        WebUtils.issueRedirect(request, response, loginUrl);    }

　　　　

Now we need to solve the problem: the authentication information of the current system has expired. At this time, the page initiates an ajax request to the background, when the backend receives the request and forwards it directly to the cas service, a problem occurs: Cross-origin.

Reference solution: All my backend requests except the homepage are authenticated using the default org. apache. shiro. web. filter. authc. AnonymousFilter class.

Org. apache. shiro. web. filter. authz. PermissionsAuthorizationFilter performs permission verification. PermissionsAuthorizationFilter inherits AccessControlFilterd.
Therefore, my solution is to create a redirectToLogin method that uses PermissionsAuthorizationFilter to overwrite AccessControlFilterd.

　　　　

Import java. io. IOException; import javax. servlet. servletRequest; import javax. servlet. servletResponse; import org. apache. shiro. web. filter. authz. permissionsAuthorizationFilter; import com. chenrd. shiro. authorRuntimeException;/*** the most important thing is that the page is not refreshed, however, if the background author has been canceled, the cross-domain issue arising from the cas request will be sent ** @ author chenrd * @ version July 22, December 11, 2015 * @ see MyPermissionsAuthorizationFilter * @ since */public class myPermissionsAuthorizationFilter extends PermissionsAuthorizationFilter {@ Override protected void redirectToLogin (ServletRequest request, servletResponse response) throws IOException {throw new AuthorRuntimeException ("Identity exception, not forwarded to logon page");/* String loginUrl = getLoginUrl (); WebUtils. issueRedirect (request, response, loginUrl );*/}}

Then, modify the shiro configuration file as follows:

　　

<Bean id = "myPermissionsAuthorizationFilter" class = "com. chenrd. shiro. filter. myPermissionsAuthorizationFilter "/> <bean id =" filterChainManager "class =" com. chenrd. shiro. filter. customdefafilterchainmanager "> <property name =" loginUrl "value =" $ {cas. url}/login? Service =$ {apply. url}/cas "/> <property name =" successUrl "value ="/"/> <property name =" unauthorizedUrl "value ="/authority "/> <property name = "customFilters"> <util: map> <entry key = "cas" value-ref = "casFilter"/>
<! -- Replace the default permission control class --> <entry key = "perms" value-ref = "myPermissionsAuthorizationFilter"/> </util: map> </property> <property name = "defaultFilterChainDefinitions"> <value>/login = anon/cas = cas/jaxws/services/** = anon/** = authc </value> </property> </bean>