SSO单点登录系列1:cas客户端源码分析cas-client-java-2.1.1.jar

最新推荐文章于 2021-02-23 03:35:52 发布
置顶 最新推荐文章于 2021-02-23 03:35:52 发布
阅读量6k 收藏 8
点赞数 4
分类专栏: SSO单点登录系列 文章标签: 源码分析
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/ae6623/article/details/8841801
版权

本来没打算啃源码的,但是网上实在是没人研究最新的client端,就拿出来金山词霸,跟着代码的思路一起读读吧。


落雨 cas 单点登录


希望能给以后来研究cas的兄弟留下一点思路,也算是研究了两天的成果,外国人的代码写的很晦涩,翻译下来也没有时间继续跟进,所以有错误的还请大家跟帖和我讨论,qq 394263788


写帖时间:2013年4月23日21:17:56


edu.yale.its.tp.cas.client.filter源码分析:


/*  Copyright (c) 2000-2004 Yale University. All rights reserved. 
 *  See full notice at end.
 */

package edu.yale.its.tp.cas.client.filter;

import java.io.*;
import java.net.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
import edu.yale.its.tp.cas.client.*;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/*
 * 
 * @author Shawn Bayern
 * @author Drew Mazurek
 * @author andrew.petro@yale.edu
 */
public class CASFilter implements Filter {

    private static Log log = LogFactory.getLog(CASFilter.class);

    // Filter initialization parameters
    //必须参数
    /**
     * loginUrl:指定 CAS 提供登录页面的 URL
     */
    public final static String LOGIN_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.loginUrl";

    /**
     * validateUrl:指定 CAS 提供 service ticket 或 proxy ticket 验证服务的 URL 
     */
    public final static String VALIDATE_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.validateUrl";

    /**
     * serviceUrl:本web项目的URL,该参数指定过后将覆盖 serverName 参数,成为登录成功过后重定向的目的地址 
     */
    public final static String SERVICE_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.serviceUrl";

    /**
     * serverName:全主机端口号,指定客户端的域名和端口,是指客户端应用所在机器而不是 CAS Server 所在机器,该参数或 serviceUrl 至少有一个必须指定
     */
    public final static String SERVERNAME_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.serverName";

    //可选参数
    /**
     * renew:如果指定为 true,那么受保护的资源每次被访问时均要求用户重新进行验证,而不管之前是否已经通过 
     */
    public final static String RENEW_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.renew";

    /**
     * authorizedProxy:用于允许当前应用从代理处获取 proxy tickets,该参数接受以空格分隔开的多个 proxy URLs,但实际使用只需要一个成功即可。当指定该参数过后,需要修改 validateUrl 到 proxyValidate,
     */
    public final static String AUTHORIZED_PROXY_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.authorizedProxy";

    /**
     * proxyCallbackUrl:用于当前应用需要作为其他服务的代理(proxy)时获取 Proxy Granting Ticket 的地址 
     */
    public final static String PROXY_CALLBACK_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.proxyCallbackUrl";

    /**
     * wrapRequest:如果指定为 true,那么 CASFilter 将重新包装 HttpRequest,并且使 getRemoteUser() 方法返回当前登录用户的用户名
     */
    public final static String WRAP_REQUESTS_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.wrapRequest";

    /**
     * gateway:这个参数很奇葩,一开始没读懂是干嘛的。。官方解释是一旦发生过CAS重定向,过滤器将不会自动重新设置登录的用户。然后你可以提供一个明确的CAS登录链接(HTTPS:/ / CAS服务器/ CAS /登录?服务= HTTP:/ /应用程序)或建立映射到不同的路径的过滤器的两个实例。一个实例将gateway实现。当你需要登录的用户,直接转到其他过滤器。
     * 是的你没有想错,这一句话着实让人不知道是要说明什么,于是万能的百度上有且仅有一个前辈说出来了这个参数其实是和renew互斥的,renew就是说无论如何都得重新验证此用户,不管你session中有没有上下文信息。而gateway则是只要检测到session中有sso上下文,就不再重新认证
     */
    public final static String GATEWAY_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.gateway";

    public final static String CAS_FILTER_USER = "edu.yale.its.tp.cas.client.filter.user";

    public final static String CAS_FILTER_RECEIPT = "edu.yale.its.tp.cas.client.filter.receipt";

    private static final String CAS_FILTER_GATEWAYED = "edu.yale.its.tp.cas.client.filter.didGateway";

    // *********************************************************************
    // Configuration state


    private String casLogin;

    private String casValidate;

    private String casServiceUrl;

    private String casServerName;

    private String casProxyCallbackUrl;

    private boolean casRenew;

    private boolean wrapRequest;

    private boolean casGateway = false;

    /**
     * 对proxyticketreceptor URL授权代理在过滤器的路径的服务列表
     */
    private List authorizedProxies = new ArrayList();

    // *********************************************************************
    // Initialization

    public void init(FilterConfig config) throws ServletException {
        //拿到参数
        casLogin = config.getInitParameter(LOGIN_INIT_PARAM);
        casValidate = config.getInitParameter(VALIDATE_INIT_PARAM);
        casServiceUrl = config.getInitParameter(SERVICE_INIT_PARAM);
        String casAuthorizedProxy = config.getInitParameter(AUTHORIZED_PROXY_INIT_PARAM);
        casRenew = Boolean.valueOf(config.getInitParameter(RENEW_INIT_PARAM)).booleanValue();
        casServerName = config.getInitParameter(SERVERNAME_INIT_PARAM);
        casProxyCallbackUrl = config.getInitParameter(PROXY_CALLBACK_INIT_PARAM);
        wrapRequest = Boolean.valueOf(config.getInitParameter(WRAP_REQUESTS_INIT_PARAM)).booleanValue();
        casGateway = Boolean.valueOf(config.getInitParameter(GATEWAY_INIT_PARAM)).booleanValue();

        if (casGateway && Boolean.valueOf(casRenew).booleanValue()) {
            //这俩参数不能一起设置为true
            throw new ServletException("gateway and renew cannot both be true in filter configuration");
        }
        if (casServerName != null && casServiceUrl != null) {
            //这俩参数也不能一起设置
            throw new ServletException("serverName and serviceUrl cannot both be set: choose one.");
        }
        if (casServerName == null && casServiceUrl == null) {
            //这俩参数也不能一起为null
            throw new ServletException("one of serverName or serviceUrl must be set.");
        }
        if (casServiceUrl != null) {
            //检测uri前缀
            if (!(casServiceUrl.startsWith("https://") || (casServiceUrl.startsWith("http://")))) {
                throw new ServletException("service URL must start with http:// or https://; its current value is [" + casServiceUrl + "]");
            }
        }

        if (casValidate == null) {
            //cas验证用户的网址不能为空
            throw new ServletException("validateUrl parameter must be set.");
        }
        if (!casValidate.startsWith("https://")) {
            //如果cas认证网址不是以https开头,就报错。。如果你是用http请求,可以屏蔽掉这个判断语句
            throw new ServletException("validateUrl must start with https://, its current value is [" + casValidate + "]");
        }
        //代理是否为空
        if (casAuthorizedProxy != null) {

            // parse and remember authorized proxies
            StringTokenizer casProxies = new StringTokenizer(casAuthorizedProxy);
            while (casProxies.hasMoreTokens()) {
                //授权的标记
                String anAuthorizedProxy = casProxies.nextToken();
                //https前缀检测
                if (!anAuthorizedProxy.startsWith("https://")) {
                    throw new ServletException("CASFilter initialization parameter for authorized proxies " + "must be a whitespace delimited list of authorized proxies.  " + "Authorized proxies must be secure (https) addresses.  This one wasn't: [" + anAuthorizedProxy + "]");
                }
                //将所有授权的代理添加到list中(唉,着实不知道是干什么的,也许几年后回来读读应该能知道答案,2013年4月22日14:56:37)
                this.authorizedProxies.add(anAuthorizedProxy);
            }
        }

        if (log.isDebugEnabled()) {
            log.debug(("CASFilter initialized as: [" + toString() + "]"));
        }
    }

    // *********************************************************************
    // Filter processing
    // 过滤器处理
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain fc) throws ServletException, IOException {
        
        //核心思想:首先检查session中有无凭证receipt,如果有,那么就要去下个过滤器链进行处理,如果无,则获取传参ticket,如果有ticket,就经过getAuthenticatedUser()方法去拿到receipt凭证,如果无(这中间会有一些对renew或者gateway的处理),就立即进入cas服务端进行登录
        if (log.isTraceEnabled()) {
            log.trace("entering doFilter()");
        }

        // make sure we've got an HTTP request
        if (!(request instanceof HttpServletRequest) || !(response instanceof HttpServletResponse)) {
            log.error("doFilter() called on a request or response that was not an HttpServletRequest or response.");
            throw new ServletException("CASFilter protects only HTTP resources");
        }

        // Is this a request for the proxy callback listener? If so, pass
        // it through
        if (casProxyCallbackUrl != null && casProxyCallbackUrl.endsWith(((HttpServletRequest) request).getRequestURI()) && request.getParameter("pgtId") != null && request.getParameter("pgtIou") != null) {
            log.trace("passing through what we hope is CAS's request for proxy ticket receptor.");
            fc.doFilter(request, response);
            return;
        }

        // Wrap the request if desired
        if (wrapRequest) {
            log.trace("Wrapping request with CASFilterRequestWrapper.");
            request = new CASFilterRequestWrapper((HttpServletRequest) request);
        }
        // 1.从当前web应用中拿到session
        HttpSession session = ((HttpServletRequest) request).getSession();

        // if our attribute's already present and valid, pass through the filter chain

        // 1.1.如果存在一个票据(令牌,凭证),就要跳到下一个过滤器链(去验证此票据的真实性,因为此票据的真实性是未知的)
        CASReceipt receipt = (CASReceipt) session.getAttribute(CAS_FILTER_RECEIPT);
        if (receipt != null && isReceiptAcceptable(receipt)) {
            log.trace("CAS_FILTER_RECEIPT attribute was present and acceptable - passing  request through filter..");
            fc.doFilter(request, response);
            return;
        }
     
        // otherwise, we need to authenticate via CAS
        // 1.2.如果receipt(令牌)不存在就先拿到ticket,我们要去cas验证用户进行登录
        String ticket = request.getParameter("ticket");
        // no ticket? abort request processing and redirect
        //如果ticket为空
        if (ticket == null || ticket.equals("")) {
            log.trace("CAS ticket was not present on request.");

            // 4.1判断是否经过网关参数(didGateway这个参数否已经经过网关的一个标记参数,表示不再进行认证)
            // did we go through the gateway already?
            boolean didGateway = Boolean.valueOf((String) session.getAttribute(CAS_FILTER_GATEWAYED)).booleanValue();
            // 4.1.1没有casLogin的配置信息下的异常处理
            if (casLogin == null) {
                // TODO: casLogin should probably be ensured to not be null at filter initialization. -awp9
                log.fatal("casLogin was not set, so filter cannot redirect request for authentication.");
                throw new ServletException("When CASFilter protects pages that do not receive a 'ticket' " + "parameter, it needs a edu.yale.its.tp.cas.client.filter.loginUrl " + "filter parameter");
            }
            // 4.2如果网关标记为false,设置CAS_FILTER_GATEWAYED属性为true,并跳转到cas服务端进行验证
            if (!didGateway) {
                log.trace("Did not previously gateway.  Setting session attribute to true.");
                session.setAttribute(CAS_FILTER_GATEWAYED, "true");
                redirectToCAS((HttpServletRequest) request, (HttpServletResponse) response);
                // abort chain
                return;
            } else {
                log.trace("Previously gatewayed.");
                // 4.3 如果有网关参数(之前已经通过了网关),就不再进行验证,从而进入下一个过滤器处理即可。
                // if we should be logged in, make sure validation succeeded
                if (casGateway || session.getAttribute(CAS_FILTER_USER) != null) {
                    //已经通过了验证和授权。。
                    log.trace("casGateway was true and CAS_FILTER_USER set: passing request along filter chain.");
                    // continue processing the request 交给下一个过滤器
                    fc.doFilter(request, response);
                    return;
                } else {
                    // 其他情况下,跳往cas服务端
                    // unknown state... redirect to CAS
                    //将经过网关的参数didGateway设置为true
                    session.setAttribute(CAS_FILTER_GATEWAYED, "true");
                    redirectToCAS((HttpServletRequest) request, (HttpServletResponse) response);
                    
                    // abort chain
                    return;
                }
            }
        }
    
        try {
            // ticket存在,就经过getAuthenticatedUser()方法去拿到receipt,初步判断此方法是为根据request中的ticket参数组装了一个数据发送给了cas服务端进行判断此ticket是否是正确的合法的(它可能是使用代理类进行的实现)
            receipt = getAuthenticatedUser((HttpServletRequest) request);
        } catch (CASAuthenticationException e) {
            log.error(e);
            throw new ServletException(e);
        }

        if (!isReceiptAcceptable(receipt)) {
            //检测授权不被认可,就是非法的。
            throw new ServletException("Authentication was technically successful but rejected as a matter of policy. [" + receipt + "]");
        }
        //既然拿到了凭证,就去拿到session中是否有相关信息,并写入CASFilter.CAS_FILTER_RECEIPT
        // Store the authenticated user in the session
        if (session != null) { // probably unnecessary
            //将username(用户名)信息放入session中
            session.setAttribute(CAS_FILTER_USER, receipt.getUserName());
            //放入票据
            session.setAttribute(CASFilter.CAS_FILTER_RECEIPT, receipt);
            // don't store extra unnecessary session state
            //不要储存额外的不必要的会话状态
            session.removeAttribute(CAS_FILTER_GATEWAYED);
        }
        if (log.isTraceEnabled()) {
            log.trace("validated ticket to get authenticated receipt [" + receipt + "], now passing request along filter chain.");
        }

        // continue processing the request
        //进入下一个过滤器进行处理
        fc.doFilter(request, response);
        log.trace("returning from doFilter()");
    }

    /**
     * Is this receipt acceptable as evidence of authentication by credentials that would have been acceptable to this path? Current implementation checks whether from renew and whether proxy was authorized.
     * 
     * @param receipt 票据
     * @return true if acceptable, false otherwise
     */
    private boolean isReceiptAcceptable(CASReceipt receipt) {
        if (receipt == null)
            throw new IllegalArgumentException("Cannot evaluate a null receipt.");
        if (this.casRenew && !receipt.isPrimaryAuthentication()) {
            return false;
        }
        if (receipt.isProxied()) {
            if (!this.authorizedProxies.contains(receipt.getProxyingService())) {
                return false;
            }
        }
        return true;
    }

    // *********************************************************************
    // Utility methods

    /**
     * Converts a ticket parameter to a CASReceipt, taking into account an optionally configured trusted proxy in the tier immediately in front of us.
     * 
     * @throws ServletException -
     *             when unable to get service for request
     * @throws CASAuthenticationException -
     *             on authentication failure
     */
    private CASReceipt getAuthenticatedUser(HttpServletRequest request) throws ServletException, CASAuthenticationException {
        log.trace("entering getAuthenticatedUser()");
        ProxyTicketValidator pv = null;

        pv = new ProxyTicketValidator();
        pv.setCasValidateUrl(casValidate);
        pv.setServiceTicket(request.getParameter("ticket"));
        pv.setService(getService(request));
        pv.setRenew(Boolean.valueOf(casRenew).booleanValue());
        if (casProxyCallbackUrl != null) {
            pv.setProxyCallbackUrl(casProxyCallbackUrl);
        }
        if (log.isDebugEnabled()) {
            log.debug("about to validate ProxyTicketValidator: [" + pv + "]");
        }

        return CASReceipt.getReceipt(pv);

    }

    /**
     * Returns either the configured service or figures it out for the current request. The returned service is URL-encoded.
     */
    private String getService(HttpServletRequest request) throws ServletException {

        log.trace("entering getService()");
        String serviceString;

        // ensure we have a server name or service name
        if (casServerName == null && casServiceUrl == null)
            throw new ServletException("need one of the following configuration " + "parameters: edu.yale.its.tp.cas.client.filter.serviceUrl or " + "edu.yale.its.tp.cas.client.filter.serverName");

        // use the given string if it's provided
        if (casServiceUrl != null)
            serviceString = URLEncoder.encode(casServiceUrl);
        else
            // otherwise, return our best guess at the service
            serviceString = Util.getService(request, casServerName);
        if (log.isTraceEnabled()) {
            log.trace("returning from getService() with service [" + serviceString + "]");
        }
        return serviceString;
    }

    /**
     * Redirects the user to CAS, determining the service from the request.
     */
    private void redirectToCAS(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
        if (log.isTraceEnabled()) {
            log.trace("entering redirectToCAS()");
        }

        String casLoginString = casLogin + "?service=" + getService((HttpServletRequest) request) + ((casRenew) ? "&renew=true" : "") + (casGateway ? "&gateway=true" : "");

        if (log.isDebugEnabled()) {
            log.debug("Redirecting browser to [" + casLoginString + ")");
        }
        ((HttpServletResponse) response).sendRedirect(casLoginString);

        if (log.isTraceEnabled()) {
            log.trace("returning from redirectToCAS()");
        }
    }

    public String toString() {
        StringBuffer sb = new StringBuffer();
        sb.append("[CASFilter:");
        sb.append(" casGateway=");
        sb.append(this.casGateway);
        sb.append(" wrapRequest=");
        sb.append(this.wrapRequest);

        sb.append(" casAuthorizedProxies=[");
        sb.append(this.authorizedProxies);
        sb.append("]");

        if (this.casLogin != null) {
            sb.append(" casLogin=[");
            sb.append(this.casLogin);
            sb.append("]");
        } else {
            sb.append(" casLogin=NULL!!!!!");
        }

        if (this.casProxyCallbackUrl != null) {
            sb.append(" casProxyCallbackUrl=[");
            sb.append(casProxyCallbackUrl);
            sb.append("]");
        }

        if (this.casRenew) {
            sb.append(" casRenew=true");
        }

        if (this.casServerName != null) {
            sb.append(" casServerName=[");
            sb.append(casServerName);
            sb.append("]");
        }

        if (this.casServiceUrl != null) {
            sb.append(" casServiceUrl=[");
            sb.append(casServiceUrl);
            sb.append("]");
        }

        if (this.casValidate != null) {
            sb.append(" casValidate=[");
            sb.append(casValidate);
            sb.append("]");
        } else {
            sb.append(" casValidate=NULL!!!");
        }

        return sb.toString();
    }

    /* (non-Javadoc)
     * @see javax.servlet.Filter#destroy()
     */
    public void destroy() {
        // TODO Auto-generated method stub

    }
}

注释都已经写在代码块里了。顺便放上含有英文注释和中文注释对比的帖子一份:http://hi.baidu.com/ae6623/item/3b62cc03c0841415acdc7068



落雨_
关注
  • 4
    点赞
  • 8
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
cas client核心jar文件
03-06
对应我本人上传的cas server开发的版本。 <!-- CAS logout--> <bean id="logout" class="org.apache.shiro.web.filter.authc.LogoutFilter"> <property name="redirectUrl" value="${cas.logout.url}"/> </bean> <!-- CAS认证过滤器 --> <bean id="casFilter" class="org.apache.shiro.cas.CasFilter"> <property name="failureUrl" value="${adminPath}/login"/> </bean> <!-- 安全认证过滤器 --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <!-- CAS --> <property name="loginUrl" value="${cas.server.url}?service=${cas.project.url}${adminPath}/cas" /> <!-- CAS --> <property name="successUrl" value="${adminPath}?login" /> <property name="filters"> <map> <entry key="cas" value-ref="casFilter"/> <entry key="authc" value-ref="formAuthenticationFilter"/> <!-- CAS --> <entry key="logout" value-ref="logout" /> <entry key="changePassword" value-ref="changePassword" /> <entry key="clearUser" value-ref="clearUser" /> </map> </property> <property name="filterChainDefinitions"> <ref bean="shiroFilterChainDefinitions"/> </property> </bean> 然后在核心应用配置文件中加入以下三个地址: #cas.server.url=https://zhang.com:8443/CasServer cas.server.url=http://127.0.0.1:8088/CasServer cas.project.url=http://127.0.0.1:8080/NX_IMP #cas.logout.url=https://zhang.com:8443/CasServer/logout?server=http://localhost:8080/NX_IMP cas.logout.url=http://127.0.0.1:8088/CasServer/logout?server=http://127.0.0.1:8080/NX_IMP 分别是cas 服务的地址,自己应用的地址,和注销登录的地址。
casclient-2.1.0.jar
12-04
这个是经过我修改过的 屏蔽了https的判断,支持http访问的casclient.jar包。
cas java client_cas-client-3.2.1-release cas client源码程序cas client源码程序 - 下载 - 搜珍网...
weixin_35890416的博客
02-23 226
cas-client-3.2.1/cas-client-3.2.1/cas-client-integration-tomcat-v6/cas-client-3.2.1/cas-client-integration-tomcat-v6/src/cas-client-3.2.1/cas-client-integration-tomcat-v6/src/main/cas-client-3.2.1/cas...
JSDS_SSO_CLIENT.jar
11-03
JSDS_SSO_CLIENT.jar.
cas-client-core-3.2.1.jar
10-15
cas 客户端jar包 版本:3.2.1
整合CAS出现的jar包不兼容问题
laughing1997的博客
10-18 5117
之前的登录是sso做的,现在想用CAS做一下单点登录。整合时候,出现了一些问题: 引入了casclient后。发现 &amp;lt;!-- 引入cas客户端 --&amp;gt; &amp;lt;dependency&amp;gt; &amp;lt;groupId&amp;gt;org.jasig.cas.client&amp;lt;/groupId&amp;gt; &amp;lt;artifactId&a
cas-client-core-3.5.1.jar
04-11
CAS Client 3.5.1客户端,用于单点登录客户端拦截,编译环境JDK1.8,可用于JDK1.8及以上Java版本。
java-cas-client:Apereo Java CAS客户端
02-03
Java Apereo CAS客户端介绍这是Java Apereo CAS客户端的官方主页。 客户端由一系列Servlet过滤器组成,这些过滤器适用于大多数基于Java的Web应用程序。 它还用作API平台,以编程方式与CAS服务器进行交互,以进行身份...
Java进阶SSO单点登录技术CAS-快速上手与原理探究视频教程
06-09
本课程主要通过CAS来实现SSO,本教程会从最基本的基础知识讲起,由浅入深再到实战,完成多应用的单点登录功能。 本课程内容如下: 1、 什么是SSOCAS 2、 CAS Server服务端和客户端的搭建和配置 3、 单点登录和单...
cas-client-1.0.jar
03-31
cas客户端jar
CAS单点登录java
04-30
CAS单点登录javaCAS单点登录java
cas-client-3.2.1
01-23
单点登录cas客户端,用于实现.net单点登录客户端安装配置!
cas-client-core-3.2.1-sources.jar
09-07
CAS单点登录使用客户端jar包,简单,安全易用.
CAS单点登录(SSO)服务端自定义认证+CAS客户端配置+CAS完整使用文档+CAS4.2.7 cas-serv服务端源码 cas-client客户端源码
06-27
包含cas源码cas使用说明文档(包含配置信息)、连接数据库所需jar包、cas服务端自定义返回值等
cas-client:适用于Node.js的CAS客户端中间件的完整实现,支持CAS 1.0、2.0 +,3.0 +协议
02-03
CAS(中央身份验证服务)是Web的单点登录/单点退出协议。 我们假设您已经熟悉CAS协议,如果不熟悉,请在使用前阅读本。安装$ npm install http-cas-client特征唱歌登录(SSO) 带有axios api的CAS代理,用于POST,...
SSO单点登录系列6:cas单点登录防止登出退出后刷新后退ticket失效报500错
热门推荐
落雨
07-26 1万+
本篇解决我登录了client2,又登录了client3,现在我把client2退出了,在client里面我F5刷新了一下,结果页面报错,方法:放上我的web.xml文件,废掉之前的cas验证过滤器(CAS Filter)。使用另一个过滤器(CAS Authentication Filter),并且增加另外三个过滤器(CAS Validation Filter,CAS HttpServletRequest Wrapper Filter,CAS Assertion Thread Local Filter),注意
SSO单点登录系列5:cas单点登录增加验证码功能完整步骤
落雨
05-13 1万+
如果csdn看着不舒服,请移步http://hi.baidu.com/ae6623/item/34f6e23bb424b8342e0f819f,和本系列教程篇同步更新。 落雨 cas 单点登录 环境: server端:cas-server-core-3.5.2.jarcas-client-core-3.2.1.jar client端:cas
SSO单点登录系列4:cas-server登录页面自定义修改过程(jsp页面修改)
落雨
04-27 9969
落雨 cas 单点登录 SSO单点登录系列4:cas-server登录页面自定义修改过程,全新DIY。 目标:
django-simple-sso实现单点登录
最新发布
05-12
Django-simple-sso是一个用于Django应用程序的单点登录SSO)解决方案。它允许用户通过一个统一的登录页面,使用一个凭证登录多个Django应用程序,从而实现单点登录。 下面是使用django-simple-sso实现单点登录的步骤: 1. 安装django-simple-sso:使用pip安装django-simple-sso。 ``` pip install django-simple-sso ``` 2. 配置Django应用程序:在settings.py文件中添加django-simple-sso的配置。 ``` INSTALLED_APPS = ( ... 'simplesso', ... ) MIDDLEWARE = [ ... 'simplesso.middleware.SSOAuthMiddleware', ... ] SIMPLESSO_SERVER_URL = 'http://your-sso-server-url.com' SIMPLESSO_SERVER_TOKEN = 'your-sso-server-token' ``` 3. 配置SSO服务器:在SSO服务器上创建一个应用程序,并将其添加到Django应用程序列表中。 4. 在Django应用程序中使用SSO:在视图函数中使用simplesso.decorators.sso_required装饰器,以确保用户已经通过SSO登录。 ``` from simplesso.decorators import sso_required @sso_required def my_view(request): # Your code here ``` 完成以上步骤后,用户可以在一个Django应用程序中登录,然后在其他Django应用程序中访问受保护的页面,而无需再次登录。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值