Cas-单点登录学习记录
实现逻辑:
进入首页index.jsp,通过过滤器filter进行拦截,补充操作。
进入filter,判断request中是否包含指定需要的值t。
如存在,使用httpclient发送get请求,请求地址返回一个八位随机数ticket,将t,ticket写入cookie中,结束过滤,执行页面请求。
如不存在,判断cookies中是否包含指定需要的值t。
如存在,使用httpclient发送get请求,请求地址返回一个八位随机数ticket,将t,ticket写入cookie中,结束过滤,执行页面请求。
如不存在,将index.jsp的URL作为参数,带值重定向到对象创建,创建对象,生成t值,取得传入的参数,加入生成的t值重定向到index.jsp页面,执行过滤。
进入上面逻辑中,直到过滤完成。
实现过程:
创建类LoginFilter继承HttpServlet同时实现Filter。
在doFilter方法中实现逻辑:
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.HttpClients;
/**
*
* 模拟单点登录过滤
* @author Chenjunxu
* @date 2016/11/14
*
*/
public class LoginFilter extends HttpServlet implements Filter {
/**
*
*/
private static final long serialVersionUID = 3281360506578676969L;
//validate方法路径,validate方法实现八位随机数的生成并返回
private static final String VALIDATE_URL = "http://localhost:8080/platform/system/ticket/validate/";
//login方法路径,login方法实现对象生成(生成t),重定向到传入的路径
private static final String LOGIN_URL = "http://localhost:8080/platform/system/ticket/login";
//首页路径
private static final String INDEX_URL = "http://localhost:8080/client/index.jsp";
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
//创建一个httpclient
HttpClient httpClient = HttpClients.custom().build();
String tRequest = request.getParameter("t"); //通过request取得t值
String tCookies = GetReturn.getCookie(request, "t"); //通过cookies取得t值
System.out.println("获取的tCookies : " + tCookies);
//如果request中包含t值
if(tRequest != null){
System.out.println("tRequest:" + tRequest);
//创建get请求,请求路径为validate方法路径,传入t值
HttpGet httpGet = new HttpGet(VALIDATE_URL + tRequest);
HttpResponse httpResponse = null;
httpResponse = httpClient.execute(httpGet); //发送get请求,同时将响应结果存入HttpResponse
//通过HttpResponse取得ticket的值
String ticket = GetReturn.getValue(httpResponse);
System.out.println("通过response获取ticket值:" + ticket);
//将t,ticket写入cookie中
Cookie cookie1 = new Cookie("ticket", ticket);
Cookie cookie2 = new Cookie("t", tRequest);
response.addCookie(cookie1);
response.addCookie(cookie2);
//结束此过滤,执行下一个过滤或进入页面请求
filterChain.doFilter(request, response);
}else{
//如果cookie中包含t
if(tCookies != null){
System.out.println("cookies有T");
HttpGet httpGet = new HttpGet(VALIDATE_URL + tCookies);
HttpResponse httpResponse = null;
httpResponse = httpClient.execute(httpGet);
String ticket = GetReturn.getValue(httpResponse);
System.out.println(ticket);
Cookie cookie1 = new Cookie("ticket", ticket);
Cookie cookie2 = new Cookie("t", tRequest);
response.addCookie(cookie1);
response.addCookie(cookie2);
filterChain.doFilter(request, response);
}else{
//重定向到login方法,并传入指定参数
response.sendRedirect(LOGIN_URL + "?service=" + INDEX_URL);
}
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
System.out.println("======= loginFilter Start =======");
}
}
其中的login和validate方法为业务方法,所做业务已在路径注释中写明,不再贴代码
编写取值类GetReturn,实现完成两个方法,一个用于取得httpclient发送get请求后的返回值,一个用于获取cookie中t的值
import javax.servlet.http.HttpServletRequest;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.util.EntityUtils;
public class GetReturn {
public static String getValue(HttpResponse response) {
String content = "";
try {
HttpEntity entity = response.getEntity();
content = EntityUtils.toString(entity);
System.out.println("content : " + content);
} catch (Exception e) {
e.printStackTrace();
}
return content;
}
public static String getCookie(HttpServletRequest request, String name){
javax.servlet.http.Cookie[] cookies = request.getCookies();
if(cookies != null){
for(javax.servlet.http.Cookie cookie : cookies){
if("t".equals(cookie.getName())){
return cookie.getValue();
}
}
}
return null;
}
}
<filter>
<display-name>LoginFilter</display-name>
<filter-name>LoginFilter</filter-name>
<filter-class>包名.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这样就基本实现了cas-单点登录的逻辑。