CAS服务端:
1.需要在cas-servlet.xml添加一个controller:remoteLoginController
2.在添加一个对应的controller bean
3.添加对应的Action
4.修改一下登录成功会自动重定向到你提供的service地址,现在要做的是登录不成功的时候返回自定义的登录页面,需要修改casLoginView.jsp,直接重定向到clientLoginUrl
CAC客户端:
1.web.xml的配置
网上都有,就不贴了
2.修改认证filter,添加clientLoginUrl给服务端认证失败时重定向使用
3.自定义登录页面
自己试试吧
1.需要在cas-servlet.xml添加一个controller:remoteLoginController
<bean id="handlerMappingC"
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<prop key="remoteLogin">remoteLoginController</prop>
</bean>
2.在添加一个对应的controller bean
<bean id="remoteLoginController" class="org.jasig.cas.expand.web.flow.RemoteLoginAction"
p:argumentExtractors-ref="argumentExtractors"
p:warnCookieGenerator-ref="warnCookieGenerator"
p:centralAuthenticationService-ref="centralAuthenticationService"
p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator"></bean>
3.添加对应的Action
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotNull;
import org.hibernate.validator.constraints.NotEmpty;
import org.jasig.cas.CentralAuthenticationService;
import org.jasig.cas.authentication.principal.Service;
import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.ticket.TicketException;
import org.jasig.cas.web.support.ArgumentExtractor;
import org.jasig.cas.web.support.CookieRetrievingCookieGenerator;
import org.jasig.cas.web.support.WebUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.AbstractController;
import org.springframework.web.servlet.view.RedirectView;
public class RemoteLoginAction extends AbstractController {
@NotNull
private CentralAuthenticationService centralAuthenticationService;
@NotNull
private CookieRetrievingCookieGenerator warnCookieGenerator;
@NotNull
private CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator;
private boolean pathPopulated = false;
/** Extractors for finding the service. */
@NotEmpty
private List<ArgumentExtractor> argumentExtractors;
protected ModelAndView handleRequestInternal(HttpServletRequest request,
HttpServletResponse response) throws Exception {
String clientLoginUrl = request.getParameter("clientLoginUrl");
request.setAttribute("clientLoginUrl", clientLoginUrl);
request.getSession().setAttribute("clientLoginUrl", clientLoginUrl);
logger.info("clientLoginUrl : " + clientLoginUrl);
String uName = request.getParameter("username");
String password = request.getParameter("password");
UsernamePasswordCredentials credentials = null;
if (CommonUtils.isNotBlank(uName) && CommonUtils.isNotBlank(password)) {
credentials = new UsernamePasswordCredentials();
credentials.setPassword(password);
credentials.setUsername(uName);
} else {
return new ModelAndView(new RedirectView(clientLoginUrl));
}
if (!this.pathPopulated) {
final String contextPath = request.getContextPath();
final String cookiePath = StringUtils.hasText(contextPath) ? contextPath
+ "/"
: "/";
logger.info("Setting path for cookies to: " + cookiePath);
this.warnCookieGenerator.setCookiePath(cookiePath);
this.ticketGrantingTicketCookieGenerator.setCookiePath(cookiePath);
this.pathPopulated = true;
}
final Service service = WebUtils.getService(this.argumentExtractors,
request);
String ticketGrantingTicketId = "";
String serviceTicket = "";
try {
ticketGrantingTicketId = this.centralAuthenticationService
.createTicketGrantingTicket(credentials);
/***
* 产生新的票据,并将票据及服务记录在缓存中
*/
serviceTicket = this.centralAuthenticationService
.grantServiceTicket(ticketGrantingTicketId, service);
this.ticketGrantingTicketCookieGenerator.removeCookie(response);
this.ticketGrantingTicketCookieGenerator.addCookie(request,
response, ticketGrantingTicketId);
this.warnCookieGenerator.addCookie(request, response, "true");
} catch (TicketException e) {
return new ModelAndView(new RedirectView(clientLoginUrl));
}
return new ModelAndView(new RedirectView(
request.getParameter("service") + "?ticket=" + serviceTicket));
}
public void setWarnCookieGenerator(
final CookieRetrievingCookieGenerator warnCookieGenerator) {
this.warnCookieGenerator = warnCookieGenerator;
}
public void setArgumentExtractors(
final List<ArgumentExtractor> argumentExtractors) {
this.argumentExtractors = argumentExtractors;
}
public final void setCentralAuthenticationService(
final CentralAuthenticationService centralAuthenticationService) {
this.centralAuthenticationService = centralAuthenticationService;
}
public void setTicketGrantingTicketCookieGenerator(
final CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator) {
this.ticketGrantingTicketCookieGenerator = ticketGrantingTicketCookieGenerator;
}
}
4.修改一下登录成功会自动重定向到你提供的service地址,现在要做的是登录不成功的时候返回自定义的登录页面,需要修改casLoginView.jsp,直接重定向到clientLoginUrl
<% response.sendRedirect(request.getAttribute("clientLoginUrl").toString()); %>
CAC客户端:
1.web.xml的配置
网上都有,就不贴了
2.修改认证filter,添加clientLoginUrl给服务端认证失败时重定向使用
3.自定义登录页面
<form action="https://casip:casport/cas/remoteLogin"
method="post">
<input type="hidden" id="targetService" name="service"
value="认证成功以后返回的URL" /> <input type="hidden"
name="clientLoginUrl" value="自定义登录页面的URL" />
<table>
<tr>
<td>用户名:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>密 码:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="登陆" /></td>
</tr>
</table>
</form>
自己试试吧