Spring Boot

casdoor-spring-boot-example is an example on how to use casdoor-java-sdk in SpringBoot project. We will show you the steps below.

Step1. Deploy Casdoor

Firstly, the Casdoor should be deployed.

You can refer to the Casdoor official documentation for the Server Installation.

After a successful deployment, you need to ensure:

  • The Casdoor server is successfully running on http://localhost:8000.
  • Open your favorite browser and visit http://localhost:7001, you will see the login page of Casdoor.
  • Input admin and 123 to test login functionality is working fine.

Then you can quickly implement a casdoor based login page in your own app with the following steps.

Step2. Import casdoor-java-sdk

You can import the casdoor-java-sdk with maven or gradle.

  • Maven
  • Gradle
  1. <dependency>
  2.     <groupId>org.casbin</groupId>
  3.     <artifactId>casdoor-java-sdk</artifactId>
  4.     <version>1.x.y</version>
  5. </dependency>
  1. implementation 'org.casbin:casdoor-java-sdk:1.x.y'

Step3. Init Config

Initialization requires 6 parameters, which are all string type.

Name (in order)MustDescription
endpointYesCasdoor Server Url, such as http://localhost:8000
clientIdYesApplication.client_id
clientSecretYesApplication.client_secret
jwtSecretYesSame as Casdoor JWT secret.
organizationNameYesApplication.organization
applicationNameYesApplication.name

You can use Java properties or YAML files to init as below.

  • Properties
  • YML
  1. casdoor.endpoint = http://localhost:8000
  2. casdoor.clientId = 874e3e05e58d50148c65
  3. casdoor.clientSecret = 41510b84c7267ad2e4d2b51096b7f11dc9c5fdc8
  4. casdoor.jwtSecret = CasdoorSecret
  5. casdoor.organizationName = built-in
  6. casdoor.applicationName = app-built-in
  1. casdoor:
  2.   endpoint: http://localhost:8000
  3.   client-id: 874e3e05e58d50148c65
  4.   client-secret: 41510b84c7267ad2e4d2b51096b7f11dc9c5fdc8
  5.   jwt-secret: CasdoorSecret
  6.   organization-name: built-in
  7.   application-name: app-built-in
caution

You should replace the configuration with your own Casdoor instance especially the clientId and the clientSecret.

Then create CasdoorSdkProperties class, declare member variables corresponding to the configuration and provide getter and setter.

  1. @Data
  2. @Component
  3. @ConfigurationProperties(prefix = "casdoor")
  4. public class CasdoorSdkProperties {
  5.     private String endpoint;
  6.     private String clientId;
  7.     private String clientSecret;
  8.     private String jwtSecret;
  9.     private String organizationName;
  10.     private String applicationName;
  11. }

Create CasdoorSdkConfig class, init CasdoorConfig with the instance of CasdoorSdkProperties.

  1. @Configuration
  2. public class CasdoorSdkConfig {
  4.     @Resource
  5.     private CasdoorSdkProperties casdoorSdkProperties;
  7.     @Bean
  8.     public CasdoorConfig getCasdoorConfig() {
  9.         return new CasdoorConfig(
  10.                 casdoorSdkProperties.getEndpoint(),
  11.                 casdoorSdkProperties.getClientId(),
  12.                 casdoorSdkProperties.getClientSecret(),
  13.                 casdoorSdkProperties.getJwtSecret(),
  14.                 casdoorSdkProperties.getOrganizationName(),
  15.                 casdoorSdkProperties.getApplicationName()
  16.         );
  17.     }
  18. }

When SpringBoot Application starts, the configuration in Java properties or YAML is automatically injected into the member variables in CasdoorSdkProperties class.

So you can use getCasdoorConfig method in CasdoorSdkConfig class to get CasdoorConfig instance anywhere.

Step4. Redirect to the login page

When you need the authentication who access your app, you can send the target url and redirect to the login page provided by Casdoor.

Please be sure that you have added the callback url (e.g. http://localhost:8080/login) in application configuration in advance.

  1. @RequestMapping("toLogin")
  2. public String toLogin() {
  3.     CasdoorConfig casdoorConfig = casdoorSdkConfig.getCasdoorConfig();
  4.     String targetUrl = String.format("%s/login/oauth/authorize?client_id=%s&response_type=code&redirect_uri=%s&scope=read&state=%s",
  5.             "http://localhost:7001", casdoorConfig.getClientId(),
  6.             "http://localhost:8080/login", casdoorConfig.getApplicationName());
  7.     return "redirect:" + targetUrl;
  8. }

Step5. Get token and parse

After Casdoor verification passed, it will be redirected to your application with code and state.

You can get the code and call getOAuthToken method, then parse out jwt token.

CasdoorUser contains the basic information about the user provided by Casdoor, you can use it as a keyword to set the session in your application.

  1. @RequestMapping("login")
  2. public String login(String code, String state, HttpServletRequest request) {
  3.     CasdoorAuthService casdoorAuthService = new CasdoorAuthService(casdoorSdkConfig.getCasdoorConfig());
  4.     String token = "";
  5.     CasdoorUser user = null;
  6.     try {
  7.         token = casdoorAuthService.getOAuthToken(code, state);
  8.         user = casdoorAuthService.parseJwtToken(token);
  9.     } catch (OAuthSystemException | OAuthProblemException | ParseException | InvocationTargetException | IllegalAccessException e) {
  10.         e.printStackTrace();
  11.     }
  12.     HttpSession session = request.getSession();
  13.     session.setAttribute("casdoorUser", user);
  14.     return "redirect:/";
  15. }

Step6. UserService

CasdoorUserService support basic user operations, like:

  • GetUser(name string), get one user by user name.
  • GetUsers(), get all users.
  • UpdateUser(auth.User)/AddUser(auth.User)/DeleteUser(auth.User), write user to database.