要实现单点登录,首先要有单点登录服务器(SSO_SERVER),假设它已经存在,那么我们要实现单点登录的WEB 系统就是单点登录客户端(SSO_CLIENT),具体的实现过程如下:
1. 在web应用的web.xml文件中加入如下配置:
首先指定CAS的注销过滤器,验证过滤器,单点登录服务器的验证链接,web系统的访问地址等
<!-- CAS:START>
<filter>
<filter-name>CasSingleSignOutFilter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
<filter-name>CasAuthenticationFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://172.16.1.39:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8000</param-value>
</init-param>
<!--此处指定不需要CAS拦截的地址-->
<init-param>
<param-name>casNotFilterUrl</param-name>
<param-value>/servlet/SynchServlet</param-value>
</init-param>
<init-param>
<param-name>isTest</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter>
<filter-name>CasValidationFilter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://172.16.1.39:8443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8000</param-value>
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<!-- CAS:END -->
再次指定过滤器的拦截方式和监听
<!-- CAS:FILTER -->
<filter-mapping>
<filter-name>CasSingleSignOutFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CasAuthenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CasValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- CAS:END -->
<!-- Listener CAS LOGOUT -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
web.xml配置完成后,可重启服务器,访问web系统,测试系统是否被单点登录服务拦截,若被拦截,说明单点登录配置成功。
单点登录配置成功后,还需要做如下工作,因为单点登录验证成功后,会直接跳转到系统原始的登录页面,实际我们需要的是跳转到系统登录页后的主界面,因此我们需要改造系统原始的登录页面,让登录页面在加载时自动提交表单,同时需要将单点登录后的用户名提交到后台,后台判断该用户名是否在系统中存在,若不存在则给予提示,若存在则默认为登录成功,因此具体的实现方式可参照:
function autoSubmit(){
var message="<%=request.getAttribute("info")%>";
//alert("<%=request.getAttribute("info")%>");
if(message=="null"){
var yhm="<%=request.getRemoteUser()%>"+"_sso";
//document.forms[0].action="<%=request.getContextPath()%>/qxgl/loginAction.do?dlyhBean.yhm="+yhm;
//alert(document.getElementById("dlyhBean.yhm").value);
document.getElementById("dlyhBean.yhm").value=yhm;
//alert("1")
//alert(document.forms[0].action);
document.forms[0].submit();
}else{
alert('该用户在系统中不存在,请与管理员联系添加用户,即将跳转到公司门户');
window.location="http://172.16.1.38";
}
}
//生成功能按钮
</script>
</head>
<body οnlοad="autoSubmit();">
<form action="qxgl/loginAction.do" method="post">
<table>
<tr>
<td><input id="dlyhBean.yhm" name="dlyhBean.yhm" type="hidden" value = "<%=request.getRemoteUser()%>"></td>
</tr>
</table>
<form>
改动完成后,再测试一次,如果单点验证后直接跳转到了系统的主页面,则说明单点登录已成功。