单点登出功能跟单点登录功能是相对应的,旨在通过Cas Server的登出使所有的Cas Client都登出。Cas Server的登出是通过请求“/logout”发生的,即如果你的Cas Server部署的访问路径为“https://localhost:8443/cas”时,通过访问“https://localhost:8443/cas/logout”可以触发CasServer的登出操作,进而触发Cas Client的登出。在请求Cas Server的logout时,Cas Server会将客户端携带的TGC删除,同时回调该TGT对应的所有service,即所有的Cas Client。Cas Client如果需要响应该回调,进而在Cas Client端进行登出操作的话就需要有对应的支持。
配置文件
具体来说,需要在Cas Client应用的web.xml文件中添加如下Filter和Listener。
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
当然,也可以自定义filter和监听,通过该继承或者组合SingleSignOutFilter
和SingleSignOutHttpSessionListener
的方式
下面我们来具体看看这几个过滤器
SingleSignOutFilter
下面我们来看下该过滤器的代码:
@Override
public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse,
final FilterChain filterChain) throws IOException, ServletException {
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
/**
* <p>Workaround for now for the fact that Spring Security will fail since it doesn't call {@link #init(javax.servlet.FilterConfig)}.</p>
* <p>Ultimately we need to allow