由于在上个项目(使用了cas的单点登录)中,用户注销后往往还可以访问其他的应用。由于时间问题没有去深入研究,这次使用了三个简单登录程序再次的验证cas单点登录问题。这次使用的版本是client3.1.1和server3.4.2,对比在项目中的使用cas貌似简单许多。
1.首先把tomcat的https协议部署起来(参考之前的 http://danwind.iteye.com/blog/603402,不再重复)。
2.然后去下载CAS Server 3.4.2 Final 和cas-client-3.1.10-release.zip。
3.把CAS Server解压出来,拷贝其中的war文件到tomcat目录下,即可跑起cas server。默认的验证方式用户名与密码相同则登录成功。
4.在要添加单点登录的应用里面的web.xml文件,增加以下选项:
<!-- CAS:START - Java Client Filters -->
<filter>
<filter-name>CasSingleSignOutFilter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
<filter-name>CasAuthenticationFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://st.mydomain.ttd:8448/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://st.mydomain.ttd:8088</param-value>
</init-param>
</filter>
<filter>
<filter-name>CasValidationFilter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://st.mydomain.ttd:8448/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://st.mydomain.ttd:8088</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CasSingleSignOutFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CasAuthenticationFilter</filter-name>
<!-- <url-pattern>/login.action</url-pattern> -->
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CasValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
5.得到登录用户String user = (String)request.getRemoteUser();
6.注销登录response.sendRedirect("https://st.mydomain.ttd:8448/cas/logout");
附上一个应用的Eclipse项目文件,要增加应用进行测试,复制此应用即可。