pom.xml新增
<!-- 单点登录的支持 -->
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.2.1</version>
<exclusions>
<exclusion>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
</exclusions>
<!-- 单点登录的支持 -->
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.2.1</version>
<exclusions>
<exclusion>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
</exclusions>
</dependency>
web.xml
<!-- CAS:START - Java Client Filters -->
<filter>
<filter-name>CasSingleSignOutFilter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
<filter-name>CasAuthenticationFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://192.168.56.101:8080/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://127.0.0.1:8080</param-value>
</init-param>
<init-param>
<param-name>renew</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>gateway</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter>
<filter-name>CasValidationFilter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://192.168.56.101:8080/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://127.0.0.1:8080</param-value>
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<!--- CAS:END -->
<!-- CAS:START - Java Client Filter Mappings -->
<filter-mapping>
<filter-name>CasSingleSignOutFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CasAuthenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CasValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- CAS:END -->
<!-- 自动根据单点登录的结果设置本系统的用户信息 -->
<filter>
<display-name>autoSetuserAdapterFilter</display-name>
<filter-name>autoSetuserAdapterFilter</filter-name>
<filter-class>com.southgis.scout.hub.userfilter.AutoSetUserAdapterFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>autoSetuserAdapterFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 用户权限判断 -->
<filter>
<display-name>userRightsFilter</display-name>
<filter-name>userRightsFilter</filter-name>
<filter-class>com.southgis.scout.hub.userfilter.UserRightsFilter</filter-class>
<init-param>
<param-name>userRightsURL</param-name>
<param-value>http://192.168.10.94:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>userRightsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- CAS:START - Java Client Single Sign Out Listener -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- CAS:END -->
filter代码:
package com.southgis.scout.hub.userfilter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.jasig.cas.client.validation.Assertion;
/**
* 自动根据单点登录系统的信息设置本系统的用户信息
* @author HuangLeibing
* @Date 2013.1.16
*/
public class AutoSetUserAdapterFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpSession session = httpRequest.getSession();
// _const_cas_assertion_是CAS中存放登录用户名的session标志
Object object = session.getAttribute("_const_cas_assertion_");
if (object != null) {
Assertion assertion = (Assertion) object;
String loginName = assertion.getPrincipal().getName();
session.setAttribute("loginName",loginName );
}
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
}
package com.southgis.scout.hub.userfilter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.southgis.scout.core.util.HttpUtil;
/**
* 用户权限设置
* @author lmc
* @Date 2014.6.5
*/
public class UserRightsFilter implements Filter {
private String userRightsURL;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
this.userRightsURL = filterConfig.getInitParameter("userRightsURL");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpSession session = httpRequest.getSession(false);
String loginName=(String)session.getAttribute("loginName");
String apply=(String)session.getAttribute("apply");
if(loginName!=null){
if(apply==null){
//还没查询权限
String url= userRightsURL+"/rmis/userRights/getMenuForAppSys?syscode=zdhbs&position=frontend&loginname="+loginName;
String json = HttpUtil.getJSON(url);
//如果有权限就转到index.html,否则就转到no.html
if(json!=null && json.length()>1){
session.setAttribute("apply","true");
}else{
session.setAttribute("apply","false");
//用这个就不会重定向循环
httpRequest.getRequestDispatcher("no.html").forward(request,response);
return;
}
}else{
//设置好权限后
if(apply.equals("false")){
//用这个就不会重定向循环
httpRequest.getRequestDispatcher("no.html").forward(request,response);
return;
}
}
}else{
//用这个就不会重定向循环
httpRequest.getRequestDispatcher("no.html").forward(request,response);
return;
}
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
}
注销用户客户端代码:
<script>
function logout()
{
window.location.replace("../user/signOut.action");
}
</script>
<input type="button" class="dpybutn" value="切换用户" οnclick="logout();"/>
后台action代码:
package com.southgis.scout.hub.action.user;
import java.util.Map;
import org.apache.struts2.convention.annotation.Action;
import org.apache.struts2.convention.annotation.Namespace;
import org.springframework.beans.factory.annotation.Value;
import com.opensymphony.xwork2.ActionContext;
import com.southgis.scout.core.action.BaseAction;
@Namespace("/user")
public class UserAction extends BaseAction {
@Value("${logoutURL}")
private String logoutURL;
private static final long serialVersionUID = 1L;
@Action("signOut")
public void signOut() throws Exception {
Map<String,Object> map = ActionContext.getContext().getSession();
map.clear();
String path = request.getContextPath();
String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path+"/index.html?uuid="+UUID.randomUUID().toString();
//logoutURL=http://192.168.56.101:8080/cas/logout
basePath = logoutURL + "?service=" + basePath;
response.sendRedirect(basePath);
}
}
注意:
这里的/index.html?uuid="+UUID.randomUUID().toString()很重要。如果你没有登录,直接在IE和chrome的地址栏输入http://127.0.0.1:8080/hub/index.html,系统会自动跳转到SSO登录界面,但是如果在firefox下则会出现index.html界面,没出现SSO登录界面;所以我在这里的url加了uuid参数,用来防止浏览器缓存。
另外javascript是不能读写cookie中的JSESSIONID的,理由是tomcat用了HttpOnly,下面的是我用Fiddler抓包得到的内容
Set-Cookie: JSESSIONID=AF5C5A1F764F609755A09E475C2393CA; Path=/cas/; HttpOnly