Cas+shiro do not always go to CAs to verify identity information, need to use Shiro in the current system has a complete certification body.
Then there is a question, when to go to CAS checksum information, the current configuration method:
CAS system sets the default browser session survival time, the current system session survival time is 30 minutes, then when the current system authentication failure is, go to CAS checksum.
Here is a very important node, that is, how the internal Shiro framework for CAS validation, see the code:
Org.apache.shiro.web.filter.AccessControlFilterd is also the parent class for all default validation classes,
The Redirecttologin method in the parent class is to request the CAS server and retrieve the authentication information again.
/*** Convenience method for subclasses that merely acquires the {@link#getLoginUrl () Getloginurl} and redirects * the request to the URL. * <p/> * <b>N.B.</b> If you want to issue a redirect with the intention of allowing the user to the n return to their * Originally requested URL, and don ' t use this method directly. Instead should call * {@link#saveRequestAndRedirectToLogin (javax.servlet.ServletRequest, Javax.servlet.ServletResponse) * Saverequestandredirecttologin (Request,response)}, which'll save the current request state so the it can * is recons Tructed and re-used after a successful login. * * @paramrequest the incoming <code>ServletRequest</code> *@paramresponse the outgoing <code>ServletResponse</code> *@throwsIOException If an error occurs. */ protected voidRedirecttologin (ServletRequest request, servletresponse response)throwsIOException {String loginurl=Getloginurl (); Webutils.issueredirect (Request, response, loginurl); }
Now to solve the problem is that the current system's authentication information expires, this time the page to the background of an AJAX request, then the background to get this request directly forwarded to the CAS service there is a problem: cross-domain issues.
Reference workaround: Because all of my backstage is authenticated with the default Org.apache.shiro.web.filter.authc.AnonymousFilter class in addition to the home page, all other requests are through
Org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter authorization, and because Permissionsauthorizationfilter inherited Accesscontrolfilterd.
So my solution is to create one of my own permissionsauthorizationfilter covering accesscontrolfilterd Redirecttologin Method
Importjava.io.IOException;Importjavax.servlet.ServletRequest;ImportJavax.servlet.ServletResponse;ImportOrg.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;Importcom.chenrd.shiro.AuthorRuntimeException;/*** The most important point, resolved the page does not refresh the click function, but the background of the author has been written off the case will be sent to send a CAS request cross-domain problem * *@authorCHENRD *@versionDecember 11, 2015 *@seeMypermissionsauthorizationfilter *@since */ Public classMypermissionsauthorizationfilterextendspermissionsauthorizationfilter{@Overrideprotected voidRedirecttologin (ServletRequest request, servletresponse response)throwsIOException {Throw NewAuthorruntimeexception ("Identity exception, do not forward to login page"); /*String loginurl = Getloginurl (); Webutils.issueredirect (Request, response, loginurl);*/ }}
Then modify the following in the Shiro configuration file:
<BeanID= "Mypermissionsauthorizationfilter"class= "Com.chenrd.shiro.filter.MyPermissionsAuthorizationFilter"/> <BeanID= "Filterchainmanager"class= "Com.chenrd.shiro.filter.CustomDefaultFilterChainManager"> < Propertyname= "Loginurl"value= "${cas.url}/login?service=${apply.url}/cas"/> < Propertyname= "Successurl"value="/"/> < Propertyname= "Unauthorizedurl"value= "/authority"/> < Propertyname= "Customfilters"> <Util:map> <entryKey= "CAS"Value-ref= "Casfilter"/>
<!--replace the default permission control class-<entryKey= "Perms"Value-ref= "Mypermissionsauthorizationfilter"/> </Util:map> </ Property> < Propertyname= "Defaultfilterchaindefinitions"> <value>/login=anon/cas=cas/jaxws/services/**=anon/**=authc </value> </ Property> </Bean>
Cas+shiro implementation to request CAs for authentication