CAS单点登录
2018-07-19 本文已影响0人
南京确善能
最近对接单点登录,由于我们是前后端分离,前端并不能直接重定向,自己想了半天没想到好的方案,下下策是用java做引导页,然后java重定向到前端,这样做的弊端是前后端的域名要一致,不然会存在前端跨域问题,如果有大神能提供好的方案,就把公司最漂亮的女同事介绍给他。
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="" version="3.0">
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!--可选配置 单点登出过滤器 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 必选配置,单点登录 -->
<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 必选配置,ticket校验 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<!--登录之后是否显示ticket
<init-param>
<param-name>redirectAfterValidation</param-name> <param-value>true</param-value>
</init-param>
-->
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--4. CAS HttpServletRequest Wrapper Filter 这个是HttpServletRequet的包裹类,让他支持getUserPrincipal,getRemoteUser方法来取得用户信息 -->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--5. CAS Assertion Thread Local Filter 这个类把Assertion信息放在ThreadLocal变量中,这样应用程序不在web层也能够获取到当前登录信息 -->
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>jfinal</filter-name>
<filter-class>com.jfinal.core.JFinalFilter</filter-class>
<init-param>
<param-name>configClass</param-name>
<param-value>com.didara.utils.jfinal.Config</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>jfinal</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
casClientConfig.xml
<?xml version="1.0" encoding="UTF-8"?>
<config>
<!--
CAS认证系统前缀,用于ticket校验,可以是内网地址。例如:如果认证系统和应用
项目部署在同一台服务器上,则前缀可以是http://127.0.0.1,只要可以保证两台
服务器间正常通信就OK。
-->
<casServerUrlPrefix>http://xxxxx/cas</casServerUrlPrefix>
<!-- CAS认证系统登录地址 -->
<casServerLoginUrl>http://xxxxxx/cas/login</casServerLoginUrl>
<!--
CAS认证系统注销地址,登录和注销地址前缀必须相同,否则不能注销用户,可以通过
org.jasig.cas.client.util.ConfigLoader.getInstance().getCasServerLogoutUrl()
获取此注销地址,注销时直接重定向此地址。如果注销后要重定向到指定的页面,则调用
org.jasig.cas.client.util.ConfigLoader.getInstance().getCasServerLogoutUrl(String service)
方法获取注销地址。service就是注销后要重定向的页面地址。
-->
<casServerLogoutUrl>http://xxxxxx/logout</casServerLogoutUrl>
<!-- 应用系统的访问地址前缀 -->
<serverName>http://xxxxxx</serverName>
<!-- 不强制进行CAS登录和ticket校验过滤的配置 -->
<notForceBaseUrl>
<baseUrl-pattern>\.js$</baseUrl-pattern>
<baseUrl-pattern>\.xsl$</baseUrl-pattern>
<baseUrl-pattern>\.xml$</baseUrl-pattern>
<baseUrl-pattern>\.gif$</baseUrl-pattern>
<baseUrl-pattern>\.jpg$</baseUrl-pattern>
<baseUrl-pattern>\.png$</baseUrl-pattern>
<baseUrl-pattern>\.bmp$</baseUrl-pattern>
<baseUrl-pattern>\.css$</baseUrl-pattern>
<baseUrl-pattern>\.swf$</baseUrl-pattern>
<baseUrl-pattern>\.htm$</baseUrl-pattern>
<baseUrl-pattern>\.html$</baseUrl-pattern>
<baseUrl-pattern>\.jspy$</baseUrl-pattern>
<!--
<baseUrl-pattern><![CDATA[.*/p.*]]></baseUrl-pattern>
<baseUrl-pattern><![CDATA[.*/t.*]]></baseUrl-pattern>
<baseUrl-pattern><![CDATA[.ids/userRegister.*]]></baseUrl-pattern>
<baseUrl-pattern><![CDATA[.ids/register.*]]></baseUrl-pattern>
<baseUrl-pattern><![CDATA[.ids/initPasswordRecoveryApply.*]]></baseUrl-pattern>
<baseUrl-pattern><![CDATA[.ids/createValidatePasswordRecoveryApply.*]]></baseUrl-pattern>
<baseUrl-pattern><![CDATA[.ids/initRecoveryApplyWay.*]]></baseUrl-pattern>
<baseUrl-pattern><![CDATA[.ids/passwordRecoveryApply*]]></baseUrl-pattern>
<baseUrl-pattern><![CDATA[.ids/submitValidatePasswordRecoveryApply.*]]></baseUrl-pattern>
<baseUrl-pattern><![CDATA[.ids/resetNewPasswordRecoveryApply.*]]></baseUrl-pattern>
<baseUrl-pattern><![CDATA[.control/validateimage]]></baseUrl-pattern>
<baseUrl-pattern><![CDATA[.ids/monitor/*]]></baseUrl-pattern>
-->
</notForceBaseUrl>
<!-- 不强制进行CAS登录过滤的配置 -->
<notForceLoginUrls>
<!-- <loginUrl-pattern></loginUrl-pattern> -->
</notForceLoginUrls>
<!-- 不强制进行ticket校验过滤的配置 -->
<notForceValidationUrls>
<!-- <validationUrl-pattern></validationUrl-pattern> -->
</notForceValidationUrls>
</config>
index.jsp
<%@page import="org.jasig.cas.client.authentication.AttributePrincipal"%>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@page import="org.jasig.cas.client.validation.Assertion"%>
<%@page import="java.util.Map"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%
String loginName = (String)session.getAttribute("cas.client.user");
Assertion assertion = (Assertion)session.getAttribute("_const_cas_assertion_");
if (assertion != null){
AttributePrincipal principal = assertion.getPrincipal();
Map<String,Object> attributemap = principal.getAttributes();//获得认证中心传过来的其它用户属性。一般为空
String loginName_ = principal.getName();//获得认证中心传过来的认证名,一般为用户登录名
out.println("登录成功,欢迎您:"+loginName_);
}
if (loginName != null && loginName.trim().length() > 0){
//out.println("登录成功,欢迎您:"+loginName);
%>
<script src="<%=basePath %>admin/js/jquery.min.js?v=2.1.4"></script>
<script src="<%=basePath %>admin/js/bootstrap.min.js?v=3.3.6"></script>
<script type="text/javascript">
var url = window.location.href;
url=url.substring(url.indexOf("?")+1,url.length)
var redUrl="xxx"+url
window.location=redUrl;
</script>
<%
}else{
out.println("登录失败!");
}
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<a href="http://xxxxx/cas/logout?service=http://xxxx/index">退出</a>
</body>
</html>
最后注意一点,cas只适用当前浏览器。
