最近对SSO感兴趣,下载了CAS的最新的源码进行研究,不得不说代码写得真漂亮。
在原有的功能上,我也对其进行了部分扩展
1.用户在服务端登录成功后,返回多用户信息给客户端
2.解决cas传输中的乱码问题
3.增加远程登录口
4.增加验证码,记住我等等小功能
5.增加webservice接口
6.集成(JSP\php\asp)等客户端
嗯,有空还是得记载下开发过程,免得以后遗忘
一、java写的web客户端集成到cas中:
1)、web.xml中加过滤器
<!-- sso filter -->
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置-->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- 该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<!--由于功能扩展需求,我重写了过滤器-->
<filter-class>com.demo.filter.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://localhost/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>localhost:8080</param-value>
</init-param>
<init-param>
<param-name>renew</param-name>
<param-value>false</param-value>
</init-param>
<!--扩展功能,远程登录页面不进行过滤-->
<init-param>
<param-name>notchecklist</param-name>
<param-value>/login.jsp;</param-value>
</init-param>
</filter>
<!-- 过滤器保护的URL,如果能访问这个保护的URL,表示经过CAS验证,可以做获取权限的操作。-->
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<filter>
<filter-name>CasValidationFilter</filter-name>
<filter-class>com.demo.filter.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>localhost:8080</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<!--解决中文传输乱码问题-->
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CasValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--该过滤器负责实现HttpServletRequest请求的包裹,
比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。-->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
解决登录cas后依旧显示登录口的问题
将配置文件夹下的warnCookieGenerator.xml打开 p:cookieSecure设置为true,还有注意p:cookiePath要改为你自己设置的项目根路径,否则sessionid在传输过程中很可能会丢失。