<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.jasig.cas.client</groupId>
        <artifactId>cas-client-core</artifactId>
        <version>3.6.2</version>
    </dependency>
</dependencies>

cas:
  server-url-prefix: https://cas.example.com  # CAS Server地址
  client-host-url: https://app1.example.com  # 應(yīng)用系統(tǒng)地址
  login-path: /login  # CAS Server登錄路徑
  logout-path: /logout  # CAS Server登出路徑

import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.filter.DelegatingFilterProxy;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Value("${cas.server-url-prefix}")
    private String casServerUrlPrefix;
    @Value("${cas.client-host-url}")
    private String casClientHostUrl;
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
           .csrf().disable()
           .authorizeRequests()
               .antMatchers("/", "/public/**").permitAll()
               .anyRequest().authenticated()
               .and()
           .logout()
               .logoutUrl(casServerUrlPrefix + "/logout")
               .logoutSuccessUrl(casClientHostUrl);
    }
    @Bean
    public FilterRegistrationBean<DelegatingFilterProxy> casAuthenticationFilter() {
        FilterRegistrationBean<DelegatingFilterProxy> registration = new FilterRegistrationBean<>();
        DelegatingFilterProxy filter = new DelegatingFilterProxy("authenticationFilter");
        filter.setTargetFilterLifecycle(true);
        registration.setFilter(filter);
        registration.addUrlPatterns("/*");
        return registration;
    }
    @Bean
    public AuthenticationFilter authenticationFilter() {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        authenticationFilter.setCasServerLoginUrl(casServerUrlPrefix + "/login");
        authenticationFilter.setServerName(casClientHostUrl);
        return authenticationFilter;
    }
    @Bean
    public FilterRegistrationBean<SingleSignOutFilter> singleSignOutFilter() {
        FilterRegistrationBean<SingleSignOutFilter> registration = new FilterRegistrationBean<>();
        registration.setFilter(new SingleSignOutFilter());
        registration.addUrlPatterns("/*");
        return registration;
    }
    @Bean
    public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() {
        ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> registration = new ServletListenerRegistrationBean<>();
        registration.setListener(new SingleSignOutHttpSessionListener());
        return registration;
    }
}

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class ProtectedResourceController {
    @GetMapping("/protected")
    public String protectedResource() {
        return "This is a protected resource accessed via CAS SSO.";
    }
}

upstream cas_servers {
    server cas1.example.com:8443;
    server cas2.example.com:8443;
}
server {
    listen 443 ssl;
    server_name cas.example.com;
    ssl_certificate /path/to/cas.crt;
    ssl_certificate_key /path/to/cas.key;
    location / {
        proxy_pass https://cas_servers;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>

import org.springframework.cache.annotation.EnableCaching;
import org.springframework.context.annotation.Configuration;
@Configuration
@EnableCaching
public class CacheConfig {
    // 配置Redis緩存管理器等相關(guān)bean
}

import org.springframework.cache.annotation.Cacheable;
@Cacheable("serviceTickets")
public boolean validateServiceTicket(String serviceTicket) {
    // 實際驗證邏輯
}