一、实际场景
前面的文章都是基于filter,即在web.xml文件中配置CAS的filter来完成单点登录的。现在实际场景基于SAP的NetWeaver开发的项目,是无法像上面的方式与CAS集成在一块的。强大的CAS已提供这种解决方法。参看下官方网站deep资料:https://wiki.jasig.org/display/CASC/Using+CAS+with+Java
我们看到有两种方式:
1. CAS Tag Library
2. CAS Java Objects
二、环境准备
Yale Java Client下载:https://legacy-java-cas-client.googlecode.com/files/cas-client-java-2.1.1.zip
三、CAS Java Objects
我们可以在LoginModel中实现如下代码,就可以满足我们的需求
String user = null;
String errorCode = null;
String errorMessage = null;
String xmlResponse = null;
/* instantiate a new ServiceTicketValidator */
ServiceTicketValidator sv = new ServiceTicketValidator();
/* set its parameters */
sv.setCasValidateUrl("https://secure.its.yale.edu/cas/serviceValidate");
sv.setService(urlOfThisService);
sv.setServiceTicket(request.getParameter("ticket"));
/*
* If we want to be able to acquire proxy tickets (requires callback servlet to be set up
* in web.xml - see below)
*/
String urlOfProxyCallbackServlet = "https://portal.yale.edu/CasProxyServlet";
sv.setProxyCallbackUrl(urlOfProxyCallbackServlet);
/* contact CAS and validate */
sv.validate();
/* if we want to look at the raw response, we can use getResponse() */
xmlResponse = sv.getResponse();
/* read the response */
// Yes, this method is misspelled in this way
// in the ServiceTicketValidator implementation.
// Sorry.
if(sv.isAuthenticationSuccesful()) {
user = sv.getUser();
} else {
errorCode = sv.getErrorCode();
errorMessage = sv.getErrorMessage();
/* handle the error */
}
/* The user is now authenticated. */
/* If we did set the proxy callback url, we can get proxy tickets with: */
String urlOfTargetService = "http://hkg2.its.yale.edu/someApp/portalFeed";
String proxyTicket =
edu.yale.its.tp.cas.proxy.ProxyTicketReceptor.getProxyTicket(
sv.getPgtIou(),urlOfTargetService);
You may also authenticate users "manually" using the CAS Java objects. In this case, you would instantiate a new ServiceTicketValidator or ProxyTicketValidator. Notice that in the example below, the page already expects to receive a ticket parameter (this is the servlet that CAS returned to after the user logged in). If this servlet was accessed directly by a user, it would need to check that the request parameter, ticket, was not null. If it was null, the servlet would need to redirect to the CAS login page manually.
至此ticket和用户信息都已生成,单点登录成功。
此种方式是使用ServiceTicketValidator完成单点登录,其实我们也可以使用ProxyTicketValidator。
附录DEMO示例
package com.wy.cas.client;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.ParserConfigurationException;
import org.xml.sax.SAXException;
public class LoginModule extends HttpServlet{
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doPost(request, response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String user = null;
String errorCode = null;
String errorMessage = null;
String xmlResponse = null;
if(null == request.getParameter("ticket") || "".equals(request.getParameter("ticket"))){
response.sendRedirect("http://127.0.0.1:8082/cas-server/login?service=http://127.0.0.1:8080/cas-test/login");
return;
}
/* instantiate a new ServiceTicketValidator */
ServiceTicketValidator sv = new ServiceTicketValidator();
/* set its parameters */
sv.setCasValidateUrl("http://127.0.0.1:8082/cas-server/serviceValidate");
sv.setService("http://127.0.0.1:8080/cas-test/login");
sv.setServiceTicket(request.getParameter("ticket"));
/* contact CAS and validate */
try {
sv.validate();
} catch (SAXException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ParserConfigurationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
/* if we want to look at the raw response, we can use getResponse() */
xmlResponse = sv.getResponse();
/* read the response */
// Yes, this method is misspelled in this way
// in the ServiceTicketValidator implementation.
// Sorry.
if(sv.isAuthenticationSuccesful()) {
user = sv.getUser();
} else {
errorCode = sv.getErrorCode();
errorMessage = sv.getErrorMessage();
/* handle the error */
System.out.println("errorInfo -----------> "+errorCode +"\r\n"+errorMessage);
}
System.out.println("userInfo >>>>>>>>>>>> "+user);
request.getSession().setAttribute("userInfo", user);
request.getRequestDispatcher("index.jsp").forward(request, response);
/* The user is now authenticated. */
}
public static void main(String[] args){
}
}