1、用maven来构建client端,预设两个client端:cas-app1,cas-app2
2、maven工程cas-app1的pom.xml文件关键依赖如下:
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.2.2</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.21</version>
</dependency>
3、web.xml 关键内容如下:
<!-- 可选配置,登出监听器 -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- 可选配置,登出过滤器 -->
<filter>
<filter-name>CASSingle Sign OutFilter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CASSingle Sign OutFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 负责用户的认证工作,必配项 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<!-- cas server端认证时的登陆界面 -->
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://cf-cas.com:8443/cas-server/login</param-value>
</init-param>
<!-- cas client端服务地址 -->
<init-param>
<param-name>serverName</param-name>
<param-value>http://app1.cas.com:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Ticket检验过滤器,必配项 -->
<filter>
<filter-name>CASValidationFilter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://cf-cas.com:8443/cas-server</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://app1.cas.com:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 处理HttpServletRequest请求过滤器,可选项 -->
<filter>
<filter-name>CASHttpServletRequest WrapperFilter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>CASHttpServletRequest WrapperFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
比如AssertionHolder.getAssertion().getPrincipal().getName() -->
<filter>
<filter-name>CASAssertion Thread LocalFilter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CASAssertion Thread LocalFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
- casServerUrlPrefix 域名,host 域名映射,证书的姓氏CN,三者必须一致,项目中使用的是:cf-cas.com,如不一致可能会导致javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found 异常
- 以上配置是cas-app1的配置,同样对cas-app2的web.xml进行修改,内容相同,注意需要修改serverName
4、index.jsp页面
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>cas demo app1</title>
</head>
<body>
<h1>cas demo app2</h1>
<a href="http://app2.cas.com:8081/cas-app2">cas-sample-app2</a>
<br/>
<a href="https://cf-cas:8443/cas-server/logout">退出</a>
</body>
5、cas-server, cas-app1, cas-app2 三个工程,它们分别部署在不同的tomcat中,注意各自的tomcat端口,避免出现端口占用的异常发生,运行这三个tomcat
6、测试,地址栏中输入http://cas-app1.com:8080/cas-app1,由于第一次访问,没有Ticket,会跳转到cas server的登陆界面,要求用户授权登陆。在cas-server-webapp-4.0.0版本中,默认的登陆用户名和密码是:casuser/Mellon,登陆成功后,展现cas-app1的index.jxp页面内容。点击链接到cas-app2后,发现不用登陆,直接跳转到cas-app2的index.jsp页面,实现单点登陆
7、host 的映射关系
127.0.0.1 app1.cas.com
127.0.0.1 app2.cas.com
127.0.0.1 cf-cas.com