Java Web应用CAS Client端的配置详解
CAS是SSO常用的开源解决方案,可以适用多种语言实现的Web应用。前面介绍了CAS Server端的配置。下面结合本人的实际操作,详细说明下Java应用CAS Client配置。首先,说明下配置环境:
1. CAS Server 3.4.5,跑在tomcat 7上。 部署在http://www.cas.com/cas上(本地hosts文件配置域名)。
2. CAS Client Java SSH应用(Struts 2.3.4.1、Spring 3.0.5、Hibernate 3.3.2,如应用使用了特定安全框架如Spring Security,且集成了CAS Client,可直接使用其提供的配置方法), web应用也跑在tomcat 7上,部署在http://www.my.com/app(本地hosts文件配置域名)。
配置步骤:
1.添加cas-client-core-3.1.10-sources.jar,如使用mvn,pom.xml中添加
<dependency> <groupId>org.jasig.cas</groupId> <artifactId>cas-client-core</artifactId> <version>3.1.10</version> <exclusions> <exclusion> <artifactId>servlet-api</artifactId> <groupId>javax.servlet</groupId> </exclusion> </exclusions> </dependency>
2. web.xml中添加:
<!-- 与CAS Single Sign Out Filter配合,注销登录信息 --><listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class></listener> <!-- CAS Server 通知 CAS Client,删除session,注销登录信息 --> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class></filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern></filter-mapping> <!-- 登录认证,未登录用户导向CAS Server进行认证 --> <filter> <filter-name>CAS Filter</filter-name><filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://www.cas.com/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://api.zfwx.com:8080</param-value> </init-param></filter> <filter-mapping> <filter-name>CAS Filter</filter-name> <url-pattern>/*</url-pattern></filter-mapping> <!-- CAS Client向CAS Server进行ticket验证 --> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://www.cas.com/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://api.zfwx.com:8080</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 封装request, 支持getUserPrincipal等方法--> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 存放Assertion到ThreadLocal中 --> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class></filter> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern></filter-mapping>
3. 编写个简单的测试页面test.jsp进行测试。
<%@ page import="org.jasig.cas.client.authentication.AttributePrincipal" %><html><head><title>cas test</title></head><body><%AttributePrincipal principal = (AttributePrincipal)request.getUserPrincipal(); String username = principal.getName();%><% if(null!=username){ %><h2>Hello <%=username %> !</h2><a href="http://www.cas.com/cas/logout">logout</a><% }%></body></html>