前后端分离集成CAS单点登录

修改nginx

worker_processes  1;
events {worker_connections  1024;
}
http {include       mime.types;default_type  application/octet-stream;sendfile        on;keepalive_timeout  65;server {listen       80;server_name  localhost;location /api/ {proxy_pass http://127.0.0.1:9001/; # 后端}location / {proxy_pass http://127.0.0.1:3000/; # 前端}}
}

改写redirect返回401

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import org.jasig.cas.client.authentication.AuthenticationRedirectStrategy;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;/*** <p>Title: </p>* <p>Description: CAS统一身份认证集成配置，session过期或未认证时返回结果处理</p>* <p>Copyright: Copyright  (c) 2023</p>* <p>Company: </p>** @author yanfh* @version 1.0* @date 2023/4/14  10:11*/
@Component
public class CustomAuthRedirectStrategy implements AuthenticationRedirectStrategy {/*** 重定向策略，由原来自动跳转url，改为返回json** @param httpServletRequest request请求* @param httpServletResponse response请求* @param potentialRedirectUrl 重定向URL* @throws IOException IO异常*/@Overridepublic void redirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String potentialRedirectUrl) throws IOException {httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());httpServletResponse.setHeader("content-type", "text/html;charset=UTF-8");httpServletResponse.setCharacterEncoding("UTF-8");PrintWriter out = httpServletResponse.getWriter();ObjectMapper om = new ObjectMapper();ObjectNode node = om.createObjectNode();node.put("code", HttpStatus.UNAUTHORIZED.value());node.put("message", "Unauthorized");out.write(om.writeValueAsString(node));}
}

cas 配置忽略拦截

@Beanpublic FilterRegistrationBean filterAuthenticationRegistration() {final FilterRegistrationBean registration = new FilterRegistrationBean();registration.setFilter(new AuthenticationFilter());// 设定匹配的路径registration.addUrlPatterns("/*");Map<String, String> initParameters = new HashMap<String, String>();initParameters.put("casServerLoginUrl", serverLoginUrl);initParameters.put("serverName", clientHostUrl);if (ignorePattern != null && !"".equals(ignorePattern)) {initParameters.put("ignorePattern", ignorePattern);}//自定义UrlPatternMatcherStrategy 验证规则if (ignoreUrlPatternType != null && !"".equals(ignoreUrlPatternType)) {initParameters.put("ignoreUrlPatternType", ignoreUrlPatternType);}initParameters.put("authenticationRedirectStrategyClass", CustomAuthRedirectStrategy.class.getName());registration.setInitParameters(initParameters);// 设定加载的顺序registration.setOrder(2);return registration;}

前端请求后端接口判断是否返回401，若返回401，手动拼接认证地址跳转window.location.href='http://CAS服务端/cas/login?service='+encodeURIComponent('http://后端/api/login')，由后端 response.sendRedirect("http://前端页面")

@GetMapping("/login")public void casRedirect(HttpServletRequest request, HttpServletResponse response) {try {response.sendRedirect(clientUrl);} catch (java.io.IOException e) {throw new RuntimeException(e);}}