前面说到,gitbook 本质上就是一系列的静态文件,而且不支持RBAC等功能。一般来说我们在技术类社区看到的gitbook其实都是开放性的,由于应用场景的特殊性,我们需要将Gitbook与CAS 结合,为用户提供基于CAS的认证访问方式。并且与前面文章中介绍到的WordPress以及Gitlab打通。
这样的话,我们就可以通过Springboot集成CAS Client ,然后将 Gitbook build 之后的静态文件与Springboot 结合,就可以构建出一个基于CAS的JAVA应用。
初始化一个 springboot 项目,在项目目录 resources 下创建一个 gitboot 目录。将 gitbook build 之后的内容放在这个目录下面。
dependencies {
compile fileTree(dir: 'lib', includes: ['*.jar'])
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
// implementation 'org.jasig.cas.client:cas-client-support-springboot:3.6.0'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation 'io.projectreactor:reactor-test'
}
cas.server-url-prefix=https://cas.domain.com:8090/cas
cas.server-login-url=https://cas.domain.com:8090/cas/login
cas.client-host-url=http://cas.domain.com:8092
# 这个配置如果想生效,应该需要重新构建 jar包
cas.single-logout.enabled=true
cas.validation-type=CAS3
server.port=8092
spring.web.resources.static-locations=classpath:/gitbook/,classpath:/test/
#cas.authentication-url-patterns
#cas.validation-url-patterns
#cas.request-wrapper-url-patterns
#cas.assertion-thread-local-url-patterns
#cas.gateway
#cas.use-session
#cas.attribute-authorities
#cas.redirect-after-validation
#cas.allowed-proxy-chains
#cas.proxy-callback-url
#cas.proxy-receptor-url
#cas.accept-any-proxy
#server.context-parameters.renew
package tech.selinux.gitbookcas;
import org.jasig.cas.client.boot.configuration.EnableCasClient;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
@EnableCasClient
public class GitbookCASApplication {
public static void main(String[] args) {
SpringApplication.run(GitbookCASApplication.class, args);
}
}
{
"@class": "org.apereo.cas.services.RegexRegisteredService",
"serviceId": "^http://cas.domain.com:8092/.*",
"name": "Gitbook",
"id": 10000006,
"description": "Gitbook sample service",
"singleSignOnParticipationPolicy": {
"@class": "org.apereo.cas.services.DefaultRegisteredServiceSingleSignOnParticipationPolicy",
"createCookieOnRenewedAuthentication": "TRUE"
},
"evaluationOrder": 30000,
"usernameAttributeProvider": {
"@class": "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider"
},
"logoutType": "BACK_CHANNEL",
"attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"principalAttributesRepository": {
"@class": "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
},
"authorizedToReleaseCredentialPassword": true,
"authorizedToReleaseProxyGrantingTicket": true
},
"accessStrategy": {
"@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"unauthorizedRedirectUrl" : "http://cas.domain.com",
"enabled": true,
"ssoEnabled": true
},
"properties" : {
"@class" : "java.util.HashMap",
"skipRequiredServiceCheck" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values" : [
"java.util.HashSet",
[
"true" ] ]
}
}
}