运行在夏博电脑上了

oa-app/src/main/java/com/css/oa/config/CasConfigurationProperties.java

@@ -1,233 +1,238 @@
package com.css.oa.config;
import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.thymeleaf.standard.expression.Each;
import java.util.Arrays;
import java.util.List;
/**
 * SingleSignOutFilter 配置如下：
 * <table>
 * <thead>
 * <tr>
 * <th>Property</th>
 * <th>Description</th>
 * <th>Required</th>
 * </tr>
 * </thead>
 * <tbody>
 * <tr>
 * <td><code>artifactParameterName</code></td>
 * <td>The ticket artifact parameter name. Defaults to <code>ticket</code></td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>logoutParameterName</code></td>
 * <td>Defaults to <code>logoutRequest</code></td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>frontLogoutParameterName</code></td>
 * <td>Defaults to <code>SAMLRequest</code></td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>relayStateParameterName</code></td>
 * <td>Defaults to <code>RelayState</code></td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>eagerlyCreateSessions</code></td>
 * <td>Defaults to <code>true</code></td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>artifactParameterOverPost</code></td>
 * <td>Defaults to  <code>false</code></td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>casServerUrlPrefix</code></td>
 * <td>URL to root of CAS Web application context.</td>
 * <td>Yes</td>
 * </tr></tbody></table>
 <thead>
 <tr>
 <th>Property</th>
 <th>Description</th>
 <th>Required</th>
 </tr>
 </thead>
 <tbody>
 <tr>
 <td><code>artifactParameterName</code></td>
 <td>The ticket artifact parameter name. Defaults to <code>ticket</code></td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>logoutParameterName</code></td>
 <td>Defaults to <code>logoutRequest</code></td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>frontLogoutParameterName</code></td>
 <td>Defaults to <code>SAMLRequest</code></td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>relayStateParameterName</code></td>
 <td>Defaults to <code>RelayState</code></td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>eagerlyCreateSessions</code></td>
 <td>Defaults to <code>true</code></td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>artifactParameterOverPost</code></td>
 <td>Defaults to  <code>false</code></td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>casServerUrlPrefix</code></td>
 <td>URL to root of CAS Web application context.</td>
 <td>Yes</td>
 </tr></tbody></table>
 * --------------------------------------------</br>
 * AuthenticationFilter 配置如下：
 * <table>
 * <thead>
 * <tr>
 * <th>Property</th>
 * <th>Description</th>
 * <th>Required</th>
 * </tr>
 * </thead>
 * <tbody>
 * <tr>
 * <td><code>casServerLoginUrl</code></td>
 * <td>Defines the location of the CAS server login URL, i.e. <code>https://localhost:8443/cas/login</code></td>
 * <td>Yes</td>
 * </tr>
 * <tr>
 * <td><code>serverName</code></td>
 * <td>The name of the server this application is hosted on. Service URL will be dynamically constructed using this, i.e. <a href="https://localhost:8443" rel="nofollow">https://localhost:8443</a> (you must include the protocol, but port is optional if it's a standard port).</td>
 * <td>Yes</td>
 * </tr>
 * <tr>
 * <td><code>service</code></td>
 * <td>The service URL to send to the CAS server, i.e. <code>https://localhost:8443/yourwebapp/index.html</code></td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>renew</code></td>
 * <td>specifies whether <code>renew=true</code> should be sent to the CAS server. Valid values are either <code>true/false</code> (or no value at all). Note that <code>renew</code> cannot be specified as local <code>init-param</code> setting.</td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>gateway</code></td>
 * <td>specifies whether <code>gateway=true</code> should be sent to the CAS server. Valid values are either <code>true/false</code> (or no value at all)</td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>artifactParameterName</code></td>
 * <td>specifies the name of the request parameter on where to find the artifact (i.e. <code>ticket</code>).</td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>serviceParameterName</code></td>
 * <td>specifies the name of the request parameter on where to find the service (i.e. <code>service</code>)</td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>encodeServiceUrl</code></td>
 * <td>Whether the client should auto encode the service url. Defaults to <code>true</code></td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>ignorePattern</code></td>
 * <td>Defines the url pattern to ignore, when intercepting authentication requests.</td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>ignoreUrlPatternType</code></td>
 * <td>Defines the type of the pattern specified. Defaults to <code>REGEX</code>. Other types are <code>CONTAINS</code>, <code>EXACT</code>.</td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>gatewayStorageClass</code></td>
 * <td>The storage class used to record gateway requests</td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>authenticationRedirectStrategyClass</code></td>
 * <td>The class name of the component to decide how to handle authn redirects to CAS</td>
 * <td>No</td>
 * </tr></tbody></table>
 * <p>
 <thead>
 <tr>
 <th>Property</th>
 <th>Description</th>
 <th>Required</th>
 </tr>
 </thead>
 <tbody>
 <tr>
 <td><code>casServerLoginUrl</code></td>
 <td>Defines the location of the CAS server login URL, i.e. <code>https://localhost:8443/cas/login</code></td>
 <td>Yes</td>
 </tr>
 <tr>
 <td><code>serverName</code></td>
 <td>The name of the server this application is hosted on. Service URL will be dynamically constructed using this, i.e. <a href="https://localhost:8443" rel="nofollow">https://localhost:8443</a> (you must include the protocol, but port is optional if it's a standard port).</td>
 <td>Yes</td>
 </tr>
 <tr>
 <td><code>service</code></td>
 <td>The service URL to send to the CAS server, i.e. <code>https://localhost:8443/yourwebapp/index.html</code></td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>renew</code></td>
 <td>specifies whether <code>renew=true</code> should be sent to the CAS server. Valid values are either <code>true/false</code> (or no value at all). Note that <code>renew</code> cannot be specified as local <code>init-param</code> setting.</td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>gateway</code></td>
 <td>specifies whether <code>gateway=true</code> should be sent to the CAS server. Valid values are either <code>true/false</code> (or no value at all)</td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>artifactParameterName</code></td>
 <td>specifies the name of the request parameter on where to find the artifact (i.e. <code>ticket</code>).</td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>serviceParameterName</code></td>
 <td>specifies the name of the request parameter on where to find the service (i.e. <code>service</code>)</td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>encodeServiceUrl</code></td>
 <td>Whether the client should auto encode the service url. Defaults to <code>true</code></td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>ignorePattern</code></td>
 <td>Defines the url pattern to ignore, when intercepting authentication requests.</td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>ignoreUrlPatternType</code></td>
 <td>Defines the type of the pattern specified. Defaults to <code>REGEX</code>. Other types are <code>CONTAINS</code>, <code>EXACT</code>.</td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>gatewayStorageClass</code></td>
 <td>The storage class used to record gateway requests</td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>authenticationRedirectStrategyClass</code></td>
 <td>The class name of the component to decide how to handle authn redirects to CAS</td>
 <td>No</td>
 </tr></tbody></table>
 *
 * ---------------------------------------------------<br/>
 * Cas20ProxyReceivingTicketValidationFilter 配置如下：
 * <table>
 * <thead>
 * <tr>
 * <th>Property</th>
 * <th>Description</th>
 * <th>Required</th>
 * </tr>
 * </thead>
 * <tbody>
 * <tr>
 * <td><code>casServerUrlPrefix</code></td>
 * <td>The start of the CAS server URL, i.e. <code>https://localhost:8443/cas</code></td>
 * <td>Yes</td>
 * </tr>
 * <tr>
 * <td><code>serverName</code></td>
 * <td>The name of the server this application is hosted on. Service URL will be dynamically constructed using this, i.e. <code>https://localhost:8443</code> (you must include the protocol, but port is optional if it's a standard port).</td>
 * <td>Yes</td>
 * </tr>
 * <tr>
 * <td><code>renew</code></td>
 * <td>Specifies whether <code>renew=true</code> should be sent to the CAS server. Valid values are either <code>true/false</code> (or no value at all). Note that <code>renew</code> cannot be specified as local <code>init-param</code> setting.</td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>redirectAfterValidation</code></td>
 * <td>Whether to redirect to the same URL after ticket validation, but without the ticket in the parameter. Defaults to <code>true</code>.</td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>useSession</code></td>
 * <td>Whether to store the Assertion in session or not. If sessions are not used, tickets will be required for each request. Defaults to <code>true</code>.</td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>exceptionOnValidationFailure</code></td>
 * <td>whether to throw an exception or not on ticket validation failure. Defaults to <code>true</code></td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>proxyReceptorUrl</code></td>
 * <td>The URL to watch for <code>PGTIOU/PGT</code> responses from the CAS server. Should be defined from the root of the context. For example, if your application is deployed in <code>/cas-client-app</code> and you want the proxy receptor URL to be <code>/cas-client-app/my/receptor</code> you need to configure proxyReceptorUrl to be <code>/my/receptor</code>.</td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>acceptAnyProxy</code></td>
 * <td>Specifies whether any proxy is OK. Defaults to <code>false</code>.</td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>allowedProxyChains</code></td>
 * <td>Specifies the proxy chain. Each acceptable proxy chain should include a space-separated list of URLs (for exact match) or regular expressions of URLs (starting by the <code>^</code> character). Each acceptable proxy chain should appear on its own line.</td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>proxyCallbackUrl</code></td>
 * <td>The callback URL to provide the CAS server to accept Proxy Granting Tickets.</td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>proxyGrantingTicketStorageClass</code></td>
 * <td>Specify an implementation of the ProxyGrantingTicketStorage class that has a no-arg constructor.</td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>sslConfigFile</code></td>
 * <td>A reference to a properties file that includes SSL settings for client-side SSL config, used during back-channel calls. The configuration includes keys for <code>protocol</code> which defaults to <code>SSL</code>, <code>keyStoreType</code>, <code>keyStorePath</code>, <code>keyStorePass</code>, <code>keyManagerType</code> which defaults to <code>SunX509</code> and <code>certificatePassword</code>.</td>
 * <td>No.</td>
 * </tr>
 * <tr>
 * <td><code>encoding</code></td>
 * <td>Specifies the encoding charset the client should use</td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>secretKey</code></td>
 * <td>The secret key used by the <code>proxyGrantingTicketStorageClass</code> if it supports encryption.</td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>cipherAlgorithm</code></td>
 * <td>The algorithm used by the <code>proxyGrantingTicketStorageClass</code> if it supports encryption. Defaults to <code>DESede</code></td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>millisBetweenCleanUps</code></td>
 * <td>Startup delay for the cleanup task to remove expired tickets from the storage. Defaults to <code>60000 msec</code></td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>ticketValidatorClass</code></td>
 * <td>Ticket validator class to use/create</td>
 * <td>No</td>
 * </tr>
 * <tr>
 * <td><code>hostnameVerifier</code></td>
 * <td>Hostname verifier class name, used when making back-channel calls</td>
 * <td>No</td>
 * </tr></tbody></table>
 <thead>
 <tr>
 <th>Property</th>
 <th>Description</th>
 <th>Required</th>
 </tr>
 </thead>
 <tbody>
 <tr>
 <td><code>casServerUrlPrefix</code></td>
 <td>The start of the CAS server URL, i.e. <code>https://localhost:8443/cas</code></td>
 <td>Yes</td>
 </tr>
 <tr>
 <td><code>serverName</code></td>
 <td>The name of the server this application is hosted on. Service URL will be dynamically constructed using this, i.e. <code>https://localhost:8443</code> (you must include the protocol, but port is optional if it's a standard port).</td>
 <td>Yes</td>
 </tr>
 <tr>
 <td><code>renew</code></td>
 <td>Specifies whether <code>renew=true</code> should be sent to the CAS server. Valid values are either <code>true/false</code> (or no value at all). Note that <code>renew</code> cannot be specified as local <code>init-param</code> setting.</td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>redirectAfterValidation</code></td>
 <td>Whether to redirect to the same URL after ticket validation, but without the ticket in the parameter. Defaults to <code>true</code>.</td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>useSession</code></td>
 <td>Whether to store the Assertion in session or not. If sessions are not used, tickets will be required for each request. Defaults to <code>true</code>.</td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>exceptionOnValidationFailure</code></td>
 <td>whether to throw an exception or not on ticket validation failure. Defaults to <code>true</code></td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>proxyReceptorUrl</code></td>
 <td>The URL to watch for <code>PGTIOU/PGT</code> responses from the CAS server. Should be defined from the root of the context. For example, if your application is deployed in <code>/cas-client-app</code> and you want the proxy receptor URL to be <code>/cas-client-app/my/receptor</code> you need to configure proxyReceptorUrl to be <code>/my/receptor</code>.</td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>acceptAnyProxy</code></td>
 <td>Specifies whether any proxy is OK. Defaults to <code>false</code>.</td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>allowedProxyChains</code></td>
 <td>Specifies the proxy chain. Each acceptable proxy chain should include a space-separated list of URLs (for exact match) or regular expressions of URLs (starting by the <code>^</code> character). Each acceptable proxy chain should appear on its own line.</td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>proxyCallbackUrl</code></td>
 <td>The callback URL to provide the CAS server to accept Proxy Granting Tickets.</td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>proxyGrantingTicketStorageClass</code></td>
 <td>Specify an implementation of the ProxyGrantingTicketStorage class that has a no-arg constructor.</td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>sslConfigFile</code></td>
 <td>A reference to a properties file that includes SSL settings for client-side SSL config, used during back-channel calls. The configuration includes keys for <code>protocol</code> which defaults to <code>SSL</code>, <code>keyStoreType</code>, <code>keyStorePath</code>, <code>keyStorePass</code>, <code>keyManagerType</code> which defaults to <code>SunX509</code> and <code>certificatePassword</code>.</td>
 <td>No.</td>
 </tr>
 <tr>
 <td><code>encoding</code></td>
 <td>Specifies the encoding charset the client should use</td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>secretKey</code></td>
 <td>The secret key used by the <code>proxyGrantingTicketStorageClass</code> if it supports encryption.</td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>cipherAlgorithm</code></td>
 <td>The algorithm used by the <code>proxyGrantingTicketStorageClass</code> if it supports encryption. Defaults to <code>DESede</code></td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>millisBetweenCleanUps</code></td>
 <td>Startup delay for the cleanup task to remove expired tickets from the storage. Defaults to <code>60000 msec</code></td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>ticketValidatorClass</code></td>
 <td>Ticket validator class to use/create</td>
 <td>No</td>
 </tr>
 <tr>
 <td><code>hostnameVerifier</code></td>
 <td>Hostname verifier class name, used when making back-channel calls</td>
 <td>No</td>
 </tr></tbody></table>
 */
@ConfigurationProperties(prefix = "spring.cas")
public class CasConfigurationProperties {
    private String casServerUrlPrefix = "http://10.1.193.115:8100/cas";
    private String casServerLoginUrl = casServerUrlPrefix + "/login";
    private String casServerLogoutUrl = casServerUrlPrefix + "/logout";
    private String serverName = "http://10.1.176.129:8081/zhbg";
    private String casServerUrlPrefix;
    private String casServerLoginUrl;
    private String casServerLogoutUrl;
    private String serverName;
    private boolean useSession = true;
    private boolean redirectAfterValidation = true;
    private String ignorePattern = "\\.(js|img|css)(\\?.*)?$";

oa-app/src/main/java/com/css/oa/config/WebSecurityConfig.java

@@ -1,88 +0,0 @@
package com.css.oa.config;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.AbstractCasFilter;
import org.jasig.cas.client.validation.AssertionImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.provisioning.UserDetailsManager;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.web.cors.CorsUtils;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Configuration
//@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
@Order(SecurityProperties.BASIC_AUTH_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
    @Autowired
    private CasConfigurationProperties autoconfig;
    @Bean
    public UserDetailsManager userDetailsService(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("demo").password("demo").roles("USER");
        return (UserDetailsManager) auth.getDefaultUserDetailsService();
    }
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/css/**", "/js/**");
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.headers().frameOptions().disable();
        http.csrf().disable();
        http.httpBasic().disable();
        http.formLogin()
            .loginPage("/casLogin")
            .loginProcessingUrl("/login")
            .defaultSuccessUrl("/index")
            .successHandler(new SavedRequestAwareAuthenticationSuccessHandler(){
                @Override
                public void onAuthenticationSuccess(HttpServletRequest request,
                                                    HttpServletResponse response, Authentication authentication)
                    throws ServletException, IOException {
                    super.onAuthenticationSuccess(request, response, authentication);
                    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
                    if (!(auth instanceof AnonymousAuthenticationToken)) {
                        User user = (User) auth.getPrincipal();
                        request.getSession().setAttribute(AbstractCasFilter.CONST_CAS_ASSERTION, new AssertionImpl(user.getUsername()));
                    }
                }
            })
            .permitAll();
        http.authorizeRequests()
            .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
            .antMatchers("/register", "/casLogin").permitAll()
            .anyRequest().authenticated();
        http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl(autoconfig.getCasServerLogoutUrl() + "?service=" + autoconfig.getServerName() + "/index")
            .permitAll();
        http.antMatcher("/**");
    }
    @Bean
    public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener(){
        ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> servletListenerRegistrationBean =
            new ServletListenerRegistrationBean<>();
        servletListenerRegistrationBean.setListener(new SingleSignOutHttpSessionListener());
        return servletListenerRegistrationBean;
    }
}

oa-app/src/main/java/com/css/oa/exam/admin/controller/AdminController.java

@@ -3,16 +3,16 @@ package com.css.oa.exam.admin.controller;
import com.css.oa.exam.admin.bean.LoginUser;
import com.css.oa.exam.base.BaseController;
import io.swagger.annotations.Api;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.UserDetailsManager;
import org.springframework.ui.Model;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.security.authentication.AnonymousAuthenticationToken;
//import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
//import org.springframework.security.core.Authentication;
//import org.springframework.security.core.authority.AuthorityUtils;
//import org.springframework.security.core.context.SecurityContextHolder;
//import org.springframework.security.core.userdetails.User;
//import org.springframework.security.core.userdetails.UserDetailsService;
//import org.springframework.security.provisioning.UserDetailsManager;
//import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
@@ -21,59 +21,59 @@ import javax.servlet.http.HttpServletRequest;
@RestController
@RequestMapping("/admin")
public class AdminController extends BaseController {
    @Autowired
    private UserDetailsService userDetailsService;
    @GetMapping("*")
    public String welcome() {
        return "redirect:casLogin";
    }
    @GetMapping("index")
    public String index() {
        return "welcome";
    }
    @GetMapping("login")
    public String loginPage(Model model) {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        if (!(auth instanceof AnonymousAuthenticationToken)) {
            return "redirect:index";
        }
        LoginUser user = new LoginUser();
        model.addAttribute("user",user);
        return "login";
    }
    @GetMapping("casLogin")
    public String casLogin(HttpServletRequest request) {
        if (request.getRemoteUser() != null) {
            Authentication auth = new UsernamePasswordAuthenticationToken(request.getRemoteUser(), request.getRemoteUser(),
                    AuthorityUtils.createAuthorityList("USER"));
            SecurityContextHolder.getContext().setAuthentication(auth);
            return "redirect:index";
        }
        return "redirect:login";
    }
    @GetMapping("register")
    public String registerPage(Model model) {
        LoginUser user = new LoginUser();
        model.addAttribute("user",user);
        return "register";
    }
    @PostMapping("register")
    public String register(LoginUser user) {
        UserDetailsManager userDetailsManager = (UserDetailsManager) userDetailsService;
        boolean exists = userDetailsManager.userExists(user.getUsername());
        if (!exists) {
            userDetailsManager.createUser(new User(user.getUsername(), user.getPassword(), AuthorityUtils.createAuthorityList("USER")));
            return "redirect:register?success";
        } else {
            return "redirect:register?error";
        }
    }
//
//    @Autowired
//    private UserDetailsService userDetailsService;
//
//    @GetMapping("*")
//    public String welcome() {
//        return "redirect:casLogin";
//    }
//
//    @GetMapping("index")
//    public String index() {
//        return "welcome";
//    }
//
//    @GetMapping("login")
//    public String loginPage(Model model) {
//        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
//        if (!(auth instanceof AnonymousAuthenticationToken)) {
//            return "redirect:index";
//        }
//        LoginUser user = new LoginUser();
//        model.addAttribute("user",user);
//        return "login";
//    }
//
//    @GetMapping("casLogin")
//    public String casLogin(HttpServletRequest request) {
//        if (request.getRemoteUser() != null) {
//            Authentication auth = new UsernamePasswordAuthenticationToken(request.getRemoteUser(), request.getRemoteUser(),
//                    AuthorityUtils.createAuthorityList("USER"));
//            SecurityContextHolder.getContext().setAuthentication(auth);
//            return "redirect:index";
//        }
//        return "redirect:login";
//    }
//
//    @GetMapping("register")
//    public String registerPage(Model model) {
//        LoginUser user = new LoginUser();
//        model.addAttribute("user",user);
//        return "register";
//    }
//
//    @PostMapping("register")
//    public String register(LoginUser user) {
//        UserDetailsManager userDetailsManager = (UserDetailsManager) userDetailsService;
//        boolean exists = userDetailsManager.userExists(user.getUsername());
//        if (!exists) {
//            userDetailsManager.createUser(new User(user.getUsername(), user.getPassword(), AuthorityUtils.createAuthorityList("USER")));
//            return "redirect:register?success";
//        } else {
//            return "redirect:register?error";
//        }
//    }
}

oa-app/src/main/java/com/css/oa/exam/admin/controller/CasLoginController.java

@@ -0,0 +1,78 @@
package com.css.oa.exam.admin.controller;
import cn.com.dhcc.uums.entity.SSOUser;
import cn.com.dhcc.uums.util.SSOTools;
import com.css.bpm.platform.org.dept.repository.entity.DeptEntity;
import com.css.oa.utils.*;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Page;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
@Api(tags = {"职称申报和评审-单点登录"})
@RestController
@RequestMapping("/casLogin")
public class CasLoginController {
//
//    @Autowired
//    DepartmentService departmentService;
//    @Autowired
//    CoreUserService coreUserService;
    @Autowired
    DeptAPIService deptAPIService;
    Logger log = LoggerFactory.getLogger(CasLoginController.class);
    @ApiOperation(value = "登录")
    @RequestMapping("/login")
    public void login(HttpSession session, HttpServletResponse response, HttpServletRequest request) {
        try {
            SSOUser ssoUser = SSOTools.getSSOUser(request);
            session.setAttribute("UUID", ssoUser.getId());
            session.setAttribute("USER_NAME", ssoUser.getUserName());
            session.setAttribute("ORG_NAME", ssoUser.getOrgName());
            session.setAttribute("DEP_NAME", ssoUser.getDepName());
            session.setAttribute("ROLE_INFO", ssoUser.getRoleInfoList().get(0));
            String contextPath = request.getContextPath();
            response.sendRedirect("http://localhost:8081/#/title_declaration/announcement_management");
        } catch (Exception e){
            log.error("登录失败!", e);
        };
    }
    @ApiOperation(value = "登出")
    @RequestMapping("/logout")
    public void logout(HttpSession session, HttpServletResponse response, HttpServletRequest request){
//        HttpSession session = request.getSession();
        try {
            session.invalidate();
            // http://10.1.193.115:8100/cas/logout?service=http://10.1.176.129:8081/zhbg
            response.sendRedirect("http://10.1.193.115:8100/cas/logout?service=http://10.1.176.129:8081/zhbg");
        } catch (Exception e){
            log.error("登出失败!", e);
        };
    }
}

oa-app/src/main/resources/application.yml

@@ -3,6 +3,14 @@ server:
  servlet:
    context-path: /zhbg
spring:
  cas:
    #夏博电脑的IP地址
    server-name: http://10.1.176.129:8081/zhbg
    #支撑平台服务地址
    cas-server-url-prefix: http://10.1.193.115:8100/cas
    cas-server-login-url: ${spring.cas.cas-server-url-prefix}/login
    cas-server-logout-url: ${spring.cas.cas-server-url-prefix}/logout
    ignore-pattern: (register|\.js|\.img|\.css)(\?.*)?$
  datasource:
    type: com.alibaba.druid.pool.DruidDataSource
    url: jdbc:kingbase://192.168.65.232:54321/LOCALHOST

pom.xml

@@ -55,21 +55,21 @@
            <artifactId>cas-client-core</artifactId>
            <version>3.5.1</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>4.1.0.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>4.1.0.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>4.1.0.RELEASE</version>
        </dependency>
<!--        <dependency>-->
<!--            <groupId>org.springframework.security</groupId>-->
<!--            <artifactId>spring-security-core</artifactId>-->
<!--            <version>4.1.0.RELEASE</version>-->
<!--        </dependency>-->
<!--        <dependency>-->
<!--            <groupId>org.springframework.security</groupId>-->
<!--            <artifactId>spring-security-config</artifactId>-->
<!--            <version>4.1.0.RELEASE</version>-->
<!--        </dependency>-->
<!--        <dependency>-->
<!--            <groupId>org.springframework.security</groupId>-->
<!--            <artifactId>spring-security-web</artifactId>-->
<!--            <version>4.1.0.RELEASE</version>-->
<!--        </dependency>-->
        <!--        llg加的测试依赖-->
        <dependency>
            <groupId>junit</groupId>