别拿无知当个性,跟新哥学CAS单点登录,手把手带你分析CAS源码

最新推荐文章于 2020-11-28 14:41:28 发布
最新推荐文章于 2020-11-28 14:41:28 发布
阅读量1.5k 收藏 3
点赞数 1
分类专栏: JAVA
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/nimasike/article/details/80324294
版权

1:假设有web服务器A,web服务器B,和CasServer。

A(www.a.com)    B(www.b.com)  CasServer(www.cas.com)

2:当用户访问A的受保护资源时,如果没有登录,则A会让客户端浏览器重定向到CAS SERVER。

假设:https://www.cas.com/server/login?service=http://www.a.com/client/cas

其中红色为cas的登录地址,黄色为登录成功后的重定向地址。

3:客户在CasServer的登录页面进行登录,如果登录成功则CasServer会让客户端浏览器重定向到

http://www.a.com/client/cas?ticket=ST-1-eh2cIo92F9syvoMs5DOg-cas01.example.org 这个地址

附加了一个ticket,同时会在Cookie中设置一个CASTGC,该cookie是CasServer(www.cas.com)的cookie,只有访问这个网站才会携带这个cookie过去。

 

4:客户端需要一个filter,拦截client/cas。

然后获取到ticket,然后通过https的方式访问CasServer进行验证,验证成功返回用户身份信息,完成登录。

 

5:假设用户直接访问 B的受保护资源,显然B此时是未登录的。所以流程跟2一样,会让浏览器重定向到CasServer去登录。

https://www.cas.com/server/login?service=http://www.b.com/client/cas

但此次重定向时请求中多了一个cookit(CASTGC),CasServer会发现这个cookie对应的用户已经登录过了,那么此时不需要显示登录页面,而直接让客户端浏览器重定向到http://www.b.com/client/cas?ticket=ST-1-eh2cIo92F9syvoMs5DOg-cas01.example.org。

B站点会用ticket去casCerver换取身份信息,完成登录。

 

/*
 * Licensed to Jasig under one or more contributor license
 * agreements. See the NOTICE file distributed with this work
 * for additional information regarding copyright ownership.
 * Jasig licenses this file to you under the Apache License,
 * Version 2.0 (the "License"); you may not use this file
 * except in compliance with the License.  You may obtain a
 * copy of the License at the following location:
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.jasig.cas;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import javax.validation.constraints.NotNull;

import org.jasig.cas.authentication.Authentication;
import org.jasig.cas.authentication.AuthenticationManager;
import org.jasig.cas.authentication.MutableAuthentication;
import org.jasig.cas.authentication.handler.AuthenticationException;
import org.jasig.cas.authentication.principal.Credentials;
import org.jasig.cas.authentication.principal.PersistentIdGenerator;
import org.jasig.cas.authentication.principal.Principal;
import org.jasig.cas.authentication.principal.Service;
import org.jasig.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator;
import org.jasig.cas.authentication.principal.SimplePrincipal;
import org.jasig.cas.services.RegisteredService;
import org.jasig.cas.services.ServicesManager;
import org.jasig.cas.services.UnauthorizedProxyingException;
import org.jasig.cas.services.UnauthorizedServiceException;
import org.jasig.cas.services.UnauthorizedSsoServiceException;
import org.jasig.cas.ticket.ExpirationPolicy;
import org.jasig.cas.ticket.InvalidTicketException;
import org.jasig.cas.ticket.ServiceTicket;
import org.jasig.cas.ticket.TicketCreationException;
import org.jasig.cas.ticket.TicketException;
import org.jasig.cas.ticket.TicketGrantingTicket;
import org.jasig.cas.ticket.TicketGrantingTicketImpl;
import org.jasig.cas.ticket.TicketValidationException;
import org.jasig.cas.ticket.registry.TicketRegistry;
import org.jasig.cas.util.UniqueTicketIdGenerator;
import org.jasig.cas.validation.Assertion;
import org.jasig.cas.validation.ImmutableAssertionImpl;
import org.perf4j.aop.Profiled;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;

import com.github.inspektr.audit.annotation.Audit;

/**
 * Concrete implementation of a CentralAuthenticationService, and also the
 * central, organizing component of CAS's internal implementation.
 * <p>
 * This class is threadsafe.
 * <p>
 * This class has the following properties that must be set:
 * <ul>
 * <li> <code>ticketRegistry</code> - The Ticket Registry to maintain the list
 * of available tickets.</li>
 * <li> <code>serviceTicketRegistry</code> - Provides an alternative to configure separate registries for TGTs and ST in order to store them
 * in different locations (i.e. long term memory or short-term)</li>
 * <li> <code>authenticationManager</code> - The service that will handle
 * authentication.</li>
 * <li> <code>ticketGrantingTicketUniqueTicketIdGenerator</code> - Plug in to
 * generate unique secure ids for TicketGrantingTickets.</li>
 * <li> <code>serviceTicketUniqueTicketIdGenerator</code> - Plug in to
 * generate unique secure ids for ServiceTickets.</li>
 * <li> <code>ticketGrantingTicketExpirationPolicy</code> - The expiration
 * policy for TicketGrantingTickets.</li>
 * <li> <code>serviceTicketExpirationPolicy</code> - The expiration policy for
 * ServiceTickets.</li>
 * </ul>
 *
 * @author William G. Thompson, Jr.
 * @author Scott Battaglia
 * @author Dmitry Kopylenko
 * @version $Revision: 1.16 $ $Date: 2007/04/24 18:11:36 $
 * @since 3.0
 */
public final class CentralAuthenticationServiceImpl implements CentralAuthenticationService {

    /** Log instance for logging events, info, warnings, errors, etc. */
    private final Logger log = LoggerFactory.getLogger(this.getClass());

    /** TicketRegistry for storing and retrieving tickets as needed. */
    @NotNull
    private TicketRegistry ticketRegistry;

    /** New Ticket Registry for storing and retrieving services tickets. Can point to the same one as the ticketRegistry variable. */
    @NotNull
    private TicketRegistry serviceTicketRegistry;

    /**
     * AuthenticationManager for authenticating credentials for purposes of
     * obtaining tickets.
     */
    @NotNull
    private AuthenticationManager authenticationManager;

    /**
     * UniqueTicketIdGenerator to generate ids for TicketGrantingTickets
     * created.
     */
    @NotNull
    private UniqueTicketIdGenerator ticketGrantingTicketUniqueTicketIdGenerator;

    /** Map to contain the mappings of service->UniqueTicketIdGenerators */
    @NotNull
    private Map<String, UniqueTicketIdGenerator> uniqueTicketIdGeneratorsForService;

    /** Expiration policy for ticket granting tickets. */
    @NotNull
    private ExpirationPolicy ticketGrantingTicketExpirationPolicy;

    /** ExpirationPolicy for Service Tickets. */
    @NotNull
    private ExpirationPolicy serviceTicketExpirationPolicy;

    /** Implementation of Service Manager */
    @NotNull
    private ServicesManager servicesManager;

    /** Encoder to generate PseudoIds. */
    @NotNull
    private PersistentIdGenerator persistentIdGenerator = new ShibbolethCompatiblePersistentIdGenerator();

    /**
     * Implementation of destoryTicketGrantingTicket expires the ticket provided
     * and removes it from the TicketRegistry.
     *
     * @throws IllegalArgumentException if the TicketGrantingTicket ID is null.
     */
    @Audit(
        action="TICKET_GRANTING_TICKET_DESTROYED",
        actionResolverName="DESTROY_TICKET_GRANTING_TICKET_RESOLVER",
        resourceResolverName="DESTROY_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER")
    @Profiled(tag = "DESTROY_TICKET_GRANTING_TICKET",logFailuresSeparately = false)
    @Transactional(readOnly = false)
    public void destroyTicketGrantingTicket(final String ticketGrantingTicketId) {
        Assert.notNull(ticketGrantingTicketId);

        if (log.isDebugEnabled()) {
            log.debug("Removing ticket [" + ticketGrantingTicketId + "] from registry.");
        }
        final TicketGrantingTicket ticket = (TicketGrantingTicket) this.ticketRegistry.getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);

        if (ticket == null) {
            return;
        }

        if (log.isDebugEnabled()) {
            log.debug("Ticket found.  Expiring and then deleting.");
        }
        ticket.expire();
        this.ticketRegistry.deleteTicket(ticketGrantingTicketId);
    }

    /**
     * @throws IllegalArgumentException if TicketGrantingTicket ID, Credentials
     * or Service are null.
     */
    @Audit(
        action="SERVICE_TICKET",
        actionResolverName="GRANT_SERVICE_TICKET_RESOLVER",
        resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
    @Profiled(tag="GRANT_SERVICE_TICKET", logFailuresSeparately = false)
    @Transactional(readOnly = false)
    public String grantServiceTicket(final String ticketGrantingTicketId, final Service service, final Credentials credentials) throws TicketException {

        Assert.notNull(ticketGrantingTicketId, "ticketGrantingticketId cannot be null");
        Assert.notNull(service, "service cannot be null");

        //从缓存中获取TGT
        final TicketGrantingTicket ticketGrantingTicket;
        ticketGrantingTicket = (TicketGrantingTicket) this.ticketRegistry.getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);
        
        //TGT不存在则抛出异常
        if (ticketGrantingTicket == null) {
            throw new InvalidTicketException();
        }
        
        //检查tgt是否过期
        synchronized (ticketGrantingTicket) {
            if (ticketGrantingTicket.isExpired()) {
                this.ticketRegistry.deleteTicket(ticketGrantingTicketId);
                throw new InvalidTicketException();
            }
        }
        
        //这里的service代表客户端信息,检查客户端身份,是否允许接入
        final RegisteredService registeredService = this.servicesManager
            .findServiceBy(service);

        //如果返回信息为空 或者 客户端不允许接入CAS 抛出异常
        if (registeredService == null || !registeredService.isEnabled()) {
            log.warn("ServiceManagement: Unauthorized Service Access. Service [" + service.getId() + "] not found in Service Registry.");
            throw new UnauthorizedServiceException();
        }

        //判断客户端是否允许接入SSO Session 单点登录 大概的意思就是当前的客户端必须重新登录,不能使用旧的TGT凭据
        if (!registeredService.isSsoEnabled() && credentials == null
            && ticketGrantingTicket.getCountOfUses() > 0) {		
            log.warn("ServiceManagement: Service Not Allowed to use SSO.  Service [" + service.getId() + "]");
            throw new UnauthorizedSsoServiceException();
        }

        //CAS-1019
        final List<Authentication> authns = ticketGrantingTicket.getChainedAuthentications();
        if(authns.size() > 1) {
            if (!registeredService.isAllowedToProxy()) {
                final String message = String.format("ServiceManagement: Service Attempted to Proxy, but is not allowed. Service: [%s] | Registered Service: [%s]", service.getId(), registeredService.toString());
                log.warn(message);
                throw new UnauthorizedProxyingException(message);
            }
        }
        
        if (credentials != null) {
            try {
                final Authentication authentication = this.authenticationManager
                    .authenticate(credentials);
                final Authentication originalAuthentication = ticketGrantingTicket.getAuthentication();

                if (!(authentication.getPrincipal().equals(originalAuthentication.getPrincipal()) && authentication.getAttributes().equals(originalAuthentication.getAttributes()))) {
                    throw new TicketCreationException();
                }
            } catch (final AuthenticationException e) {
                throw new TicketCreationException(e);
            }
        }

        //ID生成器
        // this code is a bit brittle by depending on the class name.  Future versions (i.e. CAS4 will know inherently how to identify themselves)
        final UniqueTicketIdGenerator serviceTicketUniqueTicketIdGenerator = this.uniqueTicketIdGeneratorsForService
            .get(service.getClass().getName());

        //创建一个ST
        final ServiceTicket serviceTicket = ticketGrantingTicket
            .grantServiceTicket(serviceTicketUniqueTicketIdGenerator
                .getNewTicketId(ServiceTicket.PREFIX), service,
                this.serviceTicketExpirationPolicy, credentials != null);

        //ST放入缓存
        this.serviceTicketRegistry.addTicket(serviceTicket);

        if (log.isInfoEnabled()) {
            final List<Authentication> authentications = serviceTicket.getGrantingTicket().getChainedAuthentications();
            final String formatString = "Granted %s ticket [%s] for service [%s] for user [%s]";
            final String type;
            final String principalId = authentications.get(authentications.size()-1).getPrincipal().getId();

            if (authentications.size() == 1) {
                type = "service";

            } else {
                type = "proxy";
            }

            log.info(String.format(formatString, type, serviceTicket.getId(), service.getId(), principalId));
        }

        return serviceTicket.getId();
    }

    @Audit(
        action="SERVICE_TICKET",
        actionResolverName="GRANT_SERVICE_TICKET_RESOLVER",
        resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
    @Profiled(tag = "GRANT_SERVICE_TICKET",logFailuresSeparately = false)
    @Transactional(readOnly = false)
    public String grantServiceTicket(final String ticketGrantingTicketId,
        final Service service) throws TicketException {
        return this.grantServiceTicket(ticketGrantingTicketId, service, null);
    }

    /**
     * @throws IllegalArgumentException if the ServiceTicketId or the
     * Credentials are null.
     */
    @Audit(
        action="PROXY_GRANTING_TICKET",
        actionResolverName="GRANT_PROXY_GRANTING_TICKET_RESOLVER",
        resourceResolverName="GRANT_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER")
    @Profiled(tag="GRANT_PROXY_GRANTING_TICKET",logFailuresSeparately = false)
    @Transactional(readOnly = false)
    public String delegateTicketGrantingTicket(final String serviceTicketId,
        final Credentials credentials) throws TicketException {

        Assert.notNull(serviceTicketId, "serviceTicketId cannot be null");
        Assert.notNull(credentials, "credentials cannot be null");

        try {
            final Authentication authentication = this.authenticationManager
                .authenticate(credentials);

            final ServiceTicket serviceTicket;
            serviceTicket = (ServiceTicket) this.serviceTicketRegistry.getTicket(serviceTicketId, ServiceTicket.class);

            if (serviceTicket == null || serviceTicket.isExpired()) {
                throw new InvalidTicketException();
            }

            final RegisteredService registeredService = this.servicesManager
                .findServiceBy(serviceTicket.getService());

            if (registeredService == null || !registeredService.isEnabled()
                || !registeredService.isAllowedToProxy()) {
                log.warn("ServiceManagement: Service Attempted to Proxy, but is not allowed.  Service: [" + serviceTicket.getService().getId() + "]");
                throw new UnauthorizedProxyingException();
            }

            final TicketGrantingTicket ticketGrantingTicket = serviceTicket
                .grantTicketGrantingTicket(
                    this.ticketGrantingTicketUniqueTicketIdGenerator
                        .getNewTicketId(TicketGrantingTicket.PREFIX),
                    authentication, this.ticketGrantingTicketExpirationPolicy);

            this.ticketRegistry.addTicket(ticketGrantingTicket);

            return ticketGrantingTicket.getId();
        } catch (final AuthenticationException e) {
            throw new TicketCreationException(e);
        }
    }

    /**
     * @throws IllegalArgumentException if the ServiceTicketId or the Service
     * are null.
     */
    @Audit(
        action="SERVICE_TICKET_VALIDATE",
        actionResolverName="VALIDATE_SERVICE_TICKET_RESOLVER",
        resourceResolverName="VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER")
    @Profiled(tag="VALIDATE_SERVICE_TICKET",logFailuresSeparately = false)
    @Transactional(readOnly = false)
    public Assertion validateServiceTicket(final String serviceTicketId, final Service service) throws TicketException {
        Assert.notNull(serviceTicketId, "serviceTicketId cannot be null");
        Assert.notNull(service, "service cannot be null");

        //从缓存中获取ST
        final ServiceTicket serviceTicket = (ServiceTicket) this.serviceTicketRegistry.getTicket(serviceTicketId, ServiceTicket.class);

        //根据service拿到客户端信息
        final RegisteredService registeredService = this.servicesManager.findServiceBy(service);

        //如果客户端不存在或客户端不允许接入cas
        if (registeredService == null || !registeredService.isEnabled()) {
            log.warn("ServiceManagement: Service does not exist is not enabled, and thus not allowed to validate tickets.   Service: [" + service.getId() + "]");
            throw new UnauthorizedServiceException("Service not allowed to validate tickets.");
        }
        
        //如果st不存在
        if (serviceTicket == null) {
            log.info("ServiceTicket [" + serviceTicketId + "] does not exist.");
            throw new InvalidTicketException();
        }

        try {
        	//判断ST是否过期
            synchronized (serviceTicket) {
                if (serviceTicket.isExpired()) {
                    log.info("ServiceTicket [" + serviceTicketId + "] has expired.");
                    throw new InvalidTicketException();
                }
                
                //更新ST状态  countOfUses与使用时间 并且与之前的service对比 主要对比回调路径
                if (!serviceTicket.isValidFor(service)) {
                    log.error("ServiceTicket [" + serviceTicketId + "] with service [" + serviceTicket.getService().getId() + " does not match supplied service [" + service + "]");
                    throw new TicketValidationException(serviceTicket.getService());
                }
            }

            final int authenticationChainSize = serviceTicket
                .getGrantingTicket().getChainedAuthentications().size();
            final Authentication authentication = serviceTicket
                .getGrantingTicket().getChainedAuthentications().get(
                    authenticationChainSize - 1);
            //获取用户信息
            final Principal principal = authentication.getPrincipal();
            //如果允许匿名登录则返回随机ID 否则返回用户ID
            final String principalId = registeredService.isAnonymousAccess()
                ? this.persistentIdGenerator.generate(principal, serviceTicket
                    .getService()) : principal.getId();

            final Authentication authToUse;
            
            //不忽略用户其它属性
            if (!registeredService.isIgnoreAttributes()) {
                final Map<String, Object> attributes = new HashMap<String, Object>();
                
                //客户端配置的属性key
                for (final String attribute : registeredService
                    .getAllowedAttributes()) {
                	//从用户的属性信息中根据key查找value
                    final Object value = principal.getAttributes().get(
                        attribute);
                    
                    //存入临时map
                    if (value != null) {
                        attributes.put(attribute, value);
                    }
                }
                
                //创建一个新的用户对象 放入ID和用户属性
                final Principal modifiedPrincipal = new SimplePrincipal(
                    principalId, attributes);
                
                final MutableAuthentication mutableAuthentication = new MutableAuthentication(
                    modifiedPrincipal, authentication.getAuthenticatedDate());
                
                mutableAuthentication.getAttributes().putAll(
                    authentication.getAttributes());
                mutableAuthentication.getAuthenticatedDate().setTime(
                    authentication.getAuthenticatedDate().getTime());
                authToUse = mutableAuthentication;
            } else {
                authToUse = authentication;
            }


            final List<Authentication> authentications = new ArrayList<Authentication>();

            for (int i = 0; i < authenticationChainSize - 1; i++) {
                authentications.add(serviceTicket.getGrantingTicket().getChainedAuthentications().get(i));
            }
            authentications.add(authToUse);

            return new ImmutableAssertionImpl(authentications, serviceTicket.getService(), serviceTicket.isFromNewLogin());
        } finally {
        	//最后让st过期,只使用一次
            if (serviceTicket.isExpired()) {
            	//在缓存中清除
                this.serviceTicketRegistry.deleteTicket(serviceTicketId);
            }
        }
    }

    /**
     * @throws IllegalArgumentException if the credentials are null.
     */
    @Audit(
        action="TICKET_GRANTING_TICKET",
        actionResolverName="CREATE_TICKET_GRANTING_TICKET_RESOLVER",
        resourceResolverName="CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER")
    @Profiled(tag = "CREATE_TICKET_GRANTING_TICKET", logFailuresSeparately = false)
    @Transactional(readOnly = false)
    public String createTicketGrantingTicket(final Credentials credentials) throws TicketCreationException {
        Assert.notNull(credentials, "credentials cannot be null");

        try {
        	//登录认证 成功返回Authentication对象  失败抛出异常
            final Authentication authentication = this.authenticationManager
                .authenticate(credentials);
            
            //创建TGT 传入唯一的ID,Authentication对象,和ticket过期策略
            final TicketGrantingTicket ticketGrantingTicket = new TicketGrantingTicketImpl(
                this.ticketGrantingTicketUniqueTicketIdGenerator
                    .getNewTicketId(TicketGrantingTicket.PREFIX),
                authentication, this.ticketGrantingTicketExpirationPolicy);
            
            //将TGT放入缓存 默认 DefaultTicketRegistry 内嵌 ConcurrentHashMap 实现
            this.ticketRegistry.addTicket(ticketGrantingTicket);
            return ticketGrantingTicket.getId();
        } catch (final AuthenticationException e) {
            throw new TicketCreationException(e);
        }
    }

    /**
     * Method to set the TicketRegistry.
     *
     * @param ticketRegistry the TicketRegistry to set.
     */
    public void setTicketRegistry(final TicketRegistry ticketRegistry) {
        this.ticketRegistry = ticketRegistry;

        if (this.serviceTicketRegistry == null) {
            this.serviceTicketRegistry = ticketRegistry;
        }
    }

    public void setServiceTicketRegistry(final TicketRegistry serviceTicketRegistry) {
        this.serviceTicketRegistry = serviceTicketRegistry;
    }

    /**
     * Method to inject the AuthenticationManager into the class.
     *
     * @param authenticationManager The authenticationManager to set.
     */
    public void setAuthenticationManager(
        final AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    /**
     * Method to inject the TicketGrantingTicket Expiration Policy.
     *
     * @param ticketGrantingTicketExpirationPolicy The
     * ticketGrantingTicketExpirationPolicy to set.
     */
    public void setTicketGrantingTicketExpirationPolicy(
        final ExpirationPolicy ticketGrantingTicketExpirationPolicy) {
        this.ticketGrantingTicketExpirationPolicy = ticketGrantingTicketExpirationPolicy;
    }

    /**
     * Method to inject the Unique Ticket Id Generator into the class.
     *
     * @param uniqueTicketIdGenerator The uniqueTicketIdGenerator to use
     */
    public void setTicketGrantingTicketUniqueTicketIdGenerator(
        final UniqueTicketIdGenerator uniqueTicketIdGenerator) {
        this.ticketGrantingTicketUniqueTicketIdGenerator = uniqueTicketIdGenerator;
    }

    /**
     * Method to inject the TicketGrantingTicket Expiration Policy.
     *
     * @param serviceTicketExpirationPolicy The serviceTicketExpirationPolicy to
     * set.
     */
    public void setServiceTicketExpirationPolicy(
        final ExpirationPolicy serviceTicketExpirationPolicy) {
        this.serviceTicketExpirationPolicy = serviceTicketExpirationPolicy;
    }

    public void setUniqueTicketIdGeneratorsForService(
        final Map<String, UniqueTicketIdGenerator> uniqueTicketIdGeneratorsForService) {
        this.uniqueTicketIdGeneratorsForService = uniqueTicketIdGeneratorsForService;
    }

    public void setServicesManager(final ServicesManager servicesManager) {
        this.servicesManager = servicesManager;
    }

    public void setPersistentIdGenerator(
        final PersistentIdGenerator persistentIdGenerator) {
        this.persistentIdGenerator = persistentIdGenerator;
    }
}

 

征服.刘华强
关注
专栏目录
手把手教Apereo CAS5.2.3 登出问题跟踪流程,算是源码解析吧
无人问津的博客
05-05 5319
顺手贴上CAS 5.2.X官方文档:https://apereo.github.io/cas/5.2.x/index.html hugeo的CAS系列:https://blog.csdn.net/u010588262/article/category/7548325 DEMO下载: part1: https://download.csdn.net/download/u...
手把手教你用代码实现SSO单点登录
uuqaz的博客
07-25 662
单点登录(SingleSign-On,简称SSO)是目前比较流行的服务于企业业务整合的解决方案之一,SSO使得在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。随着SSO技术的流行,相关产品也比较多,其中CAS就是一套解决方案,CAS(CentralAuthenticationService)中文翻译为统一身份认证服务或中央身份服务,它由服务端和客户端组成,实现SSO,并且容易进行企业应用的集成。...
从http验证流程解析CAS单点登录
weixin_34128501的博客
07-12 276
JAVA单点登录有好多种方式,譬如用cookie的domain做,用中间代理做等等,但都需要自行做许多开发工作。而其中耶鲁大学的开源项目CAS提供了一个一站式解决方案,只需很少的扩展即可轻松实现企业级单点登录。基础知识网上其他挺多的,这里我就不详述了。本文通过分析http请求过程中httpheader,cookie等数据剖析了cas(非代...
CAS(1)-简介
零度的博客专栏
05-25 1027
Cas的全称是Centeral Authentication Service,是对单点登录SSO(Single Sign On)的一种实现。其由Cas Server和Cas Client两部分组成,Cas Server是核心,而Cas Client通常就对应于我们的应用。一个Cas Server可以对应于多个Cas Client。它允许我们在一个Client进行登录以后无需再让用户输入用户名和密码
cas入门之二十二:自动单点登出之后的问题
snoopy
08-12 1万+
cas登录之后,产生tgt,当tgt过期之后,cas会自动消毁服务器端的tgt存根。如果开启自动登出(cas默认是开启的),则cas会向应用端发送 自动登出请求,应用接到这个请求,会消毁相应的session,这样就完成了自动登出。 之后用户,再次访问应用,就会出现页面假死,此时用户会刷新页面, 则会出现登录页面。用户输入用户名/密码直接登录就可以了。但是实际应用时 出现了很大的问题,那就是
CAS单点登录开源框架解读(九)--CAS单点登录客户端认证之服务端验证票据返回认证信息
joeljx的专栏
04-03 5867
服务端如何返回用户认证信息 上一章节中我们已经知道是通过http请求去到CAS服务端获取信息,根据CAS单点登录客户端的请求地址/serviceValidate,我们再CAS单点登录服务端上通过Springmvc根据url里的/serviceValidate,匹配到@RequestMapping(path="/serviceValidate") 1. ticket校验开始:serviceValid...
cas单点登录 server端,运行成功
12-02
总之,CAS 4.0的单点登录服务器配置成功后,可以极大地提升用户体验,简化身份验证流程,并为权限控制提供了强大的基础。通过不断的测试和优化,你可以确保这个系统在实际环境中稳定可靠地运行。
【转载】CAS实现单点登录(SSO)经典完整教程
08-12
CAS(Central Authentication Service)是一种广泛使用的开放源码单点登录(Single ...在提供的文档《手把手教你利用CAS实现单点登录.docx》中,你将找到更详细的步骤和示例代码,帮助你更好地理解和实施CAS SSO。
Apereo CAS5.2.3 自定义登录页,验证码,扩展开发,注册功能
04-25
完整项目在https://download.csdn.net/download/u010588262/10327539 这个资源是新增功能之后的main文件夹 对应博客系列:https://blog.csdn.net/u010588262/article/category/7548325 对应博客这篇:...
开源SSO-CAS实现单点登录
www.i201314.net
04-27 1474
开源SSO-CAS实现单点登录
SSO之CAS单点登录报错
小武的博客
08-16 3013
HTTP Status 500 - type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception javax.servlet.ServletExcepti
CAS总结之Ticket篇(转,非常详细,后文还提到一个ppt,非常易懂)
热门推荐
燃烧JAVA
07-18 1万+
CAS的核心就是其Ticket,及其在Ticket之上的一系列处理操作。CAS的主要票据有TGT、ST、PGT、PGTIOU、PT,其中TGT、ST是CAS1.0协议中就有的票据,PGT、PGTIOU、PT是CAS2.0协议中有的票据。   一 名词解释 TGT(Ticket Grangting Ticket) TGT是CAS为用户签发的登录票据,拥有了TGT,用户就可以证明自己在
cas无法使用在试图完成你的请求_CAS中央认证系统
weixin_39621774的博客
11-28 2920
CAS它的全称是Central Authentication Service,它是用来解决单点登录的问题的。假设现在有一个云平台,上面挂了许多子系统或者其它的服务,登录这些子系统或者使用服务的话就都需要使用云平台的账号,这样就不适合在每个子系统或者服务上自己来实现登陆验证,另一种场景是某个企业存在有N多业务系统,但是这些业务各自为政,有着自己的一套用户认证机制,这样业务人员就得记住N多的用户名和密...
用代码获取cas服务器的ticket
chenxiaju5595的博客
08-19 1344
importjava.io.IOException; importjava.util.HashMap; importjava.util.Map; importorg.apache.commons.httpclient.HttpClient; importorg.apache.com...
CAS cas单点登入和认证流程
guohao_Kwok的博客
04-30 1529
面试:你懂什么是分布式系统吗?Redis分布式锁都不会?>>> ...
CAS单点登录技术研究报告:部署与源码分析
"这篇报告详细探讨了基于CAS框架的单点登录(Single Sign-On, SSO)技术,包括其技术背景、配置方法、客户端与服务器端的处理逻辑,以及源码分析。报告由作者落雨于2013年编写,旨在为技术团队成员提供SSO实施的指南...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值