Cas單點登入客戶端配置
阿新 • • 發佈:2019-02-14
一直不喜歡說太多東西,直接上程式碼。
主要是以下幾個步驟:
1、專案加入cas-client-core-3.2.1.jar到lib中
2、匯入證書(此步驟根據專案判斷是否需要操作)
3、配置web.xml
4、編寫客戶端程式碼(filter,servlet,....)
5、進行驗證
1、專案加入cas-client-core-3.2.1.jar到lib中
http://download.csdn.net/download/qq741437836/9740128 (不用積分)
2、匯入證書(此步驟根據專案判斷是否需要操作)
將cacerts檔案匯入JDK目錄(C:\ProgramFiles\Java\jdk1.7.0_67\jre\lib\security)建議直接替換即可。
3、配置web.xml
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>服務端地址(https://login.xxxx.cn/cas) </param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://你的專案地址(http://ip:port)</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>服務端地址 (https://login.xxxx.cn/cas)</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://你的專案地址(http://ip:port)</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
特別要注意的地方就是寫 你專案地址的地方 是你web工程的Ip加埠,不需要前後文。
下面的filter-mapping根據你專案實際情況進行配置。
4、編寫客戶端程式碼
@Override
public boolean service(Request request, Response response, RequestHandler handler)
throws IOException {
//http://ip:port/web/cas
if (request.getPath().equals("/cas")){
try {
Cookie[] cookies = httpServletRequest.getCookies();
String loginCookie = null;
if (null != cookies) {
for (Cookie cookie : cookies) {
if ("k".equals(cookie.getName())) {
loginCookie = cookie.getValue();
break;
}
}
}
if(loginCookie == null){
Assertion assertion = AssertionHolder.getAssertion();
String userNo = assertion.getPrincipal().getName();//cas認證登入使用者(郵箱字首)
if(!StringUtil.isEmpty(userNo)){
doLogin(userNo);//根據cas返回值進行授權操作
return true;
}else{
response.sendRedirect(request.getContextPath() + "/logout");
return true;
}
}else{
enter();
return true;
}
} catch (Exception e) {
e.printStackTrace();
response.sendRedirect(request.getContextPath() + "/logout");
return true;
}
}else{
if(request.getPath().equals("/")){
response.sendRedirect(request.getContextPath() + "/logout");
return true;
}else{
return handler.service(request, response);
}
}
}
private void doLogin(String userNo) throws IOException {
String remoteAddr = httpServletRequest.getHeader("X-Real-IP") == null ? httpServletRequest.getRemoteAddr()
: httpServletRequest.getHeader("X-Real-IP");
LoginResult rm = xxxx.loginByCasSrv(userNo, remoteAddr, "ZHS");
if (rm != null && "success".equals(rm.getResultMsg())) {
Cookie cookie = new Cookie("k", rm.getPermitCode());
cookie.setHttpOnly(true);
cookie.setPath(httpServletRequest.getContextPath() + "/");
cookie.setMaxAge(-1);
cookie.setSecure(httpServletRequest.isSecure());
httpServletResponse.addCookie(cookie);
enter();
} else {
String toast = null;
if ("user_invalidate".equals(rm.getResultMsg())) {
toast = "使用者凍結";
} else if ("tenant_invalidate".equals(rm.getResultMsg())) {
toast = "使用者不存在";
} else if ("uid_duplicate".equals(rm.getResultMsg())) {
toast = "使用者不存在";
}
else {
toast = "密碼錯誤";
}
httpServletResponse.getWriter().append(toast);
}
}
/**
* 進入系統頁面,根據url引數判斷是進入什麼頁面
*
* @throws IOException
*/
private void enter() throws IOException {
String target = httpServletRequest.getParameter("target");
String id = httpServletRequest.getParameter("id");
if (target != null && !target.isEmpty()) {
String url = null;
if (target.equals("xxxx")) {
url = httpServletRequest.getContextPath() + "/home/xxxx/" + id;
} else if (target.equals("yyyy")) {
url = httpServletRequest.getContextPath() + "/home/yyyy/" + id;
}
httpServletResponse.sendRedirect(url);
} else {
httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/home");
}
}
人比較懶,直接複製已經完成好的程式碼,前後cookie是我專案需要的東西,你可以根據你實際專案來進行編寫。
比較完整,稍作修改就可使用。
5、進行驗證
去百度。