特色栏目： python 批处理 net编程 Javascript Php Asp Css Html5 Android seo centos

CAS-4.2.7接入REST登录认证，移动端、C/S端登录解决方案

来源：互联网收集：自由互联发布时间：2021-06-10

一、发送GET请求获取RSA公钥和JSESSIONID 请求地址：/cas/login，请求类型：GET curl -I http: // cas.gfstack.geo:8080/cas/login 返回如下： HTTP/ 1.1 200 Set -Cookie: JSESSIONID=2AC7AF14F7798FA770E927F8EFB356FE; Path=/

一、发送GET请求获取RSA公钥和JSESSIONID

请求地址：/cas/login，请求类型：GET

curl -I http://cas.gfstack.geo:8080/cas/login

返回如下：

HTTP/1.1 200
Set-Cookie: JSESSIONID=2AC7AF14F7798FA770E927F8EFB356FE; Path=/cas; HttpOnly
Set-Cookie: publicKey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOrwpYIEi0CTd7TSVqQZ/EhHqysaKT0XEn7pjkO4LQ4g6IfJ/4tcbgn4XpS0cR/9P0WpV93Fsnc40s8VINoMqBH64cNHqE4boEqftRSi/L3FQvMSLxctLavu/kF5bzURPRMPyKlW2FQqMkhVautguT939cu+EitEQKMj29hikAyQIDAQAB; Path=/cas
Cache-Control: no-store
Content-Type: text/html;charset=UTF-8
Content-Length: 9856
Date: Tue, 14 May 2019 04:07:12 GMT

获取到 JSESSIONID 和 publicKey

二、发送POST请求获取请求头中的Location

拿 publicKey 做为RSA公钥对用户密码明文做加密得到 password ，提供java实现，其他语言请自行百度

package com.geostar.gfstack.cas.support.util;

import org.apache.commons.codec.binary.Base64;

import javax.crypto.Cipher;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

/**
 * RSA加解密工具类，实现公钥加密私钥解密和私钥解密公钥解密
 * link：https://www.cnblogs.com/nihaorz/p/10690643.html
 */
public class RSAUtils {

    private static final String src = "abcdefghijklmnopqrstuvwxyz";

    public static void main(String[] args) throws Exception {
        System.out.println("\n");
        RSAKeyPair keyPair = generateKeyPair();
        System.out.println("公钥：" + keyPair.getPublicKey());
        System.out.println("私钥：" + keyPair.getPrivateKey());
        System.out.println("\n");
        test1(keyPair, src);
        System.out.println("\n");
        test2(keyPair, src);
        System.out.println("\n");
    }

    /**
     * 公钥加密私钥解密
     */
    private static void test1(RSAKeyPair keyPair, String source) throws Exception {
        System.out.println("***************** 公钥加密私钥解密开始 *****************");
        String text1 = encryptByPublicKey(keyPair.getPublicKey(), source);
        String text2 = decryptByPrivateKey(keyPair.getPrivateKey(), text1);
        System.out.println("加密前：" + source);
        System.out.println("加密后：" + text1);
        System.out.println("解密后：" + text2);
        if (source.equals(text2)) {
            System.out.println("解密字符串和原始字符串一致，解密成功");
        } else {
            System.out.println("解密字符串和原始字符串不一致，解密失败");
        }
        System.out.println("***************** 公钥加密私钥解密结束 *****************");
    }

    /**
     * 私钥加密公钥解密
     *
     * @throws Exception
     */
    private static void test2(RSAKeyPair keyPair, String source) throws Exception {
        System.out.println("***************** 私钥加密公钥解密开始 *****************");
        String text1 = encryptByPrivateKey(keyPair.getPrivateKey(), source);
        String text2 = decryptByPublicKey(keyPair.getPublicKey(), text1);
        System.out.println("加密前：" + source);
        System.out.println("加密后：" + text1);
        System.out.println("解密后：" + text2);
        if (source.equals(text2)) {
            System.out.println("解密字符串和原始字符串一致，解密成功");
        } else {
            System.out.println("解密字符串和原始字符串不一致，解密失败");
        }
        System.out.println("***************** 私钥加密公钥解密结束 *****************");
    }

    /**
     * 公钥解密
     *
     * @param publicKeyText
     * @param text
     * @return
     * @throws Exception
     */
    public static String decryptByPublicKey(String publicKeyText, String text) throws Exception {
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKeyText));
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(Cipher.DECRYPT_MODE, publicKey);
        byte[] result = cipher.doFinal(Base64.decodeBase64(text));
        return new String(result);
    }

    /**
     * 私钥加密
     *
     * @param privateKeyText
     * @param text
     * @return
     * @throws Exception
     */
    public static String encryptByPrivateKey(String privateKeyText, String text) throws Exception {
        PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKeyText));
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(Cipher.ENCRYPT_MODE, privateKey);
        byte[] result = cipher.doFinal(text.getBytes());
        return Base64.encodeBase64String(result);
    }

    /**
     * 私钥解密
     *
     * @param privateKeyText
     * @param text
     * @return
     * @throws Exception
     */
    public static String decryptByPrivateKey(String privateKeyText, String text) throws Exception {
        PKCS8EncodedKeySpec pkcs8EncodedKeySpec5 = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKeyText));
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec5);
        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(Cipher.DECRYPT_MODE, privateKey);
        byte[] result = cipher.doFinal(Base64.decodeBase64(text));
        return new String(result);
    }

    /**
     * 公钥加密
     *
     * @param publicKeyText
     * @param text
     * @return
     */
    public static String encryptByPublicKey(String publicKeyText, String text) throws Exception {
        X509EncodedKeySpec x509EncodedKeySpec2 = new X509EncodedKeySpec(Base64.decodeBase64(publicKeyText));
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec2);
        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(Cipher.ENCRYPT_MODE, publicKey);
        byte[] result = cipher.doFinal(text.getBytes());
        return Base64.encodeBase64String(result);
    }

    /**
     * 构建RSA密钥对
     *
     * @return
     * @throws NoSuchAlgorithmException
     */
    public static RSAKeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024);
        KeyPair keyPair = keyPairGenerator.generateKeyPair();
        RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
        RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate();
        String publicKeyString = Base64.encodeBase64String(rsaPublicKey.getEncoded());
        String privateKeyString = Base64.encodeBase64String(rsaPrivateKey.getEncoded());
        RSAKeyPair rsaKeyPair = new RSAKeyPair(publicKeyString, privateKeyString);
        return rsaKeyPair;
    }


    /**
     * RSA密钥对对象
     */
    public static class RSAKeyPair {

        private String publicKey;
        private String privateKey;

        public RSAKeyPair(String publicKey, String privateKey) {
            this.publicKey = publicKey;
            this.privateKey = privateKey;
        }

        public String getPublicKey() {
            return publicKey;
        }

        public String getPrivateKey() {
            return privateKey;
        }

    }

}

将 JSESSION 带到cookie中发送POST请求（参数包含用户名和RSA公钥加密后的密码），请求地址：/cas/v1/tickets，请求类型POST，Content-Type: application/x-www-form-urlencoded

curl -i -X POST   http://cas.gfstack.geo:8080/cas/v1/tickets \
  -H ‘Content-Type: application/x-www-form-urlencoded‘   --cookie ‘JSESSIONID=2AC7AF14F7798FA770E927F8EFB356FE‘   -d ‘username=admin&password=ifP607Amuqxy19VUvZZ79Aq9pTzCYbShrLtSzChhm+GAmtCWUQyryCPjnh7/RhWow2qOSkCy/JynFtkznvwRgofDKN7aCOPDiIEe04IyDMOCEpCws/su+Gp4Jr2kUZHKR6iJ9Ht/adNQqFZ+r2RPiaJSIvNMYSTnY2RBZvwyxNY=‘

返回如下：

HTTP/1.1 201
Cache-Control: no-store
Location: http://cas.gfstack.geo:8080/cas/v1/tickets/TGT-6-NK2bhU6TddIyeqmY94BKm2dzFc7BuPQHaMe1pUhX2RrVBmFKQp-cas01.example.org
Content-Type: text/html;charset=UTF-8
Content-Length: 382
Date: Tue, 14 May 2019 04:08:13 GMT

<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"><html><head><title>201 Created</title></head><body><h1>TGT Created</h1><form action="http://cas.gfstack.geo:8080/cas/v1/tickets/TGT-6-NK2bhU6TddIyeqmY94BKm2dzFc7BuPQHaMe1pUhX2RrVBmFKQp-cas01.example.org" method="POST">Service:<input type="text" name="service" value=""><br><input type="submit" value="Submit"></form></body></html>

获取请求头中的 Location

三、发送POST请求获取ST

请求地址：上一步返回的 Location ，请求类型：POST，Content-Type: application/x-www-form-urlencoded

curl -X POST   http://cas.gfstack.geo:8080/cas/v1/tickets/TGT-6-NK2bhU6TddIyeqmY94BKm2dzFc7BuPQHaMe1pUhX2RrVBmFKQp-cas01.example.org \
  -H ‘Content-Type: application/x-www-form-urlencoded‘   -d ‘service=http%3A%2F%2F192.168.36.158%3A8080%2Fdemo%2F‘

其中 service 是CAS客户端地址（综合运维、服务中心、数据中心等），需要经过encodeURI编码

返回如下：

ST-9-kzS0oIyS9DZmveLy4vZs-cas01.example.org

返回内容即是ST，成功拿到ST即成功使用REST登录

四、关于ST校验

请参照：https://www.cnblogs.com/nihaorz/p/10445514.html 部署cas-sample-java-webapp应用完成校验

JSESSIONID

上一篇：Cisco 无线AP刷机为胖AP
下一篇：cocoa – 当alertview被关闭时,右侧导航栏按钮会移动

CAS-4.2.7接入REST登录认证，移动端、C/S端登录解决方案

一、发送GET请求获取RSA公钥和JSESSIONID

二、发送POST请求获取请求头中的Location

三、发送POST请求获取ST

四、关于ST校验

相关文章