2.2、shiro-cas（Shiro）

基于 shiro + cas-client-core 的 Cas 协议接入（仅支持Spring Boot）

如果你的系统是基于Shiro实现的权限控制，使用 shiro-cas-spring-boot-starter 可快速的实现Shiro与统一身份认证平台的集成！

第1步：引入依赖

在项目依赖管理中引入 shiro-cas-spring-boot-starter 依赖 ：

Maven 依赖

<!-- https://mvnrepository.com/artifact/com.github.hiwepy/shiro-cas-spring-boot-starter -->
<dependency>
    <groupId>com.github.hiwepy</groupId>
    <artifactId>shiro-cas-spring-boot-starter</artifactId>
    <version>1.0.5.RELEASE</version>
</dependency>

Gradle 依赖

// https://mvnrepository.com/artifact/com.github.hiwepy/shiro-cas-spring-boot-starter
implementation group: 'com.github.hiwepy', name: 'shiro-cas-spring-boot-starter', version: '1.0.5.RELEASE'

第2步：项目配置

修改用户是否登录的拦截器为cas拦截，具体配置如下

############################################################################################
###Shiro 权限控制基本配置：
############################################################################################
shiro:
  annotations:
    enabled: true
    proxy-target-class: true
  authentication-caching-enabled: false
  authentication-cache-name: SHIRO-AUTHC
  authorization-caching-enabled: false
  authorization-cache-name: SHIRO-AUTHZ
  caching-enabled: false
  cache:
    type: ehcache
  enabled: true
  kaptcha:
    enabled: true
    retry-times-when-access-denied: 3
  failure-url: /error
  http:
    header:
      access-control-allow-methods: PUT,POST,GET,DELETE,OPTIONS
  login-url: /authz/login/slogin
  redirect-url: /authz/login/index
  success-url: /index
  session-creation-enabled: false
  session-validation-scheduler-enabled: false
  session-validation-interval: 20000
  session-stateless: true
  session-storage-enabled: false
  session-timeout: 1800000
  unauthorized-url: /error
  user-native-session-manager: false
  web:
    enabled: true
  filter-chain-definition-map:
    '[/]' : anon
    '[/**/favicon.ico]' : anon
    '[/webjars/**]' : anon
    '[/assets/**]' : anon
    '[/error*]' : anon
    '[/logo/**]' : anon
    '[/swagger-ui.html**]' : anon
    '[/swagger-resources/**]' : anon
    '[/v2/**]' : anon
    '[/kaptcha*]' : anon
    '[/admin]' : anon
    '[/admin/assets/**]' : anon
    '[/admin/applications]' : anon
    '[/admin/applications/**]' : anon
    '[/admin/notifications]' : anon
    '[/admin/notifications/**]' : anon
    '[/admin/instances]' : anon
    '[/admin/instances/**]' : anon
    '[/sockets/**]' : anon
    '[/expiry]' : cros,withinExpiry
    '[/authz/login/slogin]' : cros,authc
    '[/logout]' : logout
  cas:
    accept-any-proxy: true
    cas-server-login-url: http://127.0.0.1:10000/cas/login
    cas-server-logout-url: http://127.0.0.1:10000/cas/logout
    cas-server-url-prefix: http://127.0.0.1:10000/cas
    enabled: true
    encoding: UTF-8
    server-callback-url: /callback
    server-name: http://127.0.0.1:8080
    ignore-pattern: /webjars/;/assets/;/authz/login;/logout;/callback
    ignore-url-pattern-type: org.apache.shiro.spring.boot.cas.ContainsPatternsUrlPatternMatcherStrategy

第3步：自定义责任链 ShrioFilterChainDefinitionConfigurer

import org.apache.shiro.spring.boot.FilterChainDefinitionConfigurer;
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
import org.springframework.stereotype.Component;

@Component
public class ShrioFilterChainDefinitionConfigurer implements FilterChainDefinitionConfigurer {

    @Override
    public void configurePathDefinition(DefaultShiroFilterChainDefinition chainDefinition) {
        chainDefinition.addPathDefinition("/*", "headers,cas");
        chainDefinition.addPathDefinition("/**", "headers,cas");
    }

}