6.1Cas-Client 下载
CAS-Client 下载地址:http://downloads.jasig.org/cas-clients/
以cas-client-3.2.1-release.zip 为例,解压提取cas-client-3.2.1/modules/cas-client-core-3.2.1.jar
借以tomcat默认自带的 webapps\examples 作为演示的简单web项目
6.2 安装配置 tomcat-app1
解压apache-tomcat-6.0.29.tar.gz并重命名后的路径为 G:\sso\tomcat-app1,修改tomcat的启动端口,在文件conf/server.xml文件找到如下内容:
1 | < Connector port = "8080" protocol = "HTTP/1.1" |
2 | connectionTimeout = "20000" |
4 | < Connector port = "8009" protocol = "AJP/1.3" redirectPort = "8443" /> |
修改成如下:
1 | < Connector port = "18080" protocol = "HTTP/1.1" |
2 | connectionTimeout = "20000" |
3 | redirectPort = "18443" /> |
4 | < Connector port = "18009" protocol = "AJP/1.3" redirectPort = "18443" /> |
启动tomcat-app1,浏览器输入 http://app1.micmiu.com:18080/examples/servlets/ 回车:
看到上述界面表示tomcat-app1的基本安装配置已经成功。
接下来复制 client的lib包cas-client-core-3.2.1.jar到 tomcat-app1\webapps\examples\WEB-INF\lib\目录下, 在tomcat-app1\webapps\examples\WEB-INF\web.xml 文件中增加如下内容:
4 | < listener-class >org.jasig.cas.client.session.SingleSignOutHttpSessionListener</ listener-class > |
9 | < filter-name >CAS Single Sign Out Filter</ filter-name > |
10 | < filter-class >org.jasig.cas.client.session.SingleSignOutFilter</ filter-class > |
13 | < filter-name >CAS Single Sign Out Filter</ filter-name > |
14 | < url-pattern >/*</ url-pattern > |
18 | < filter-name >CAS Filter</ filter-name > |
19 | < filter-class >org.jasig.cas.client.authentication.AuthenticationFilter</ filter-class > |
21 | < param-name >casServerLoginUrl</ param-name > |
25 | < param-name >serverName</ param-name > |
30 | < filter-name >CAS Filter</ filter-name > |
31 | < url-pattern >/*</ url-pattern > |
35 | < filter-name >CAS Validation Filter</ filter-name > |
37 | org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</ filter-class > |
39 | < param-name >casServerUrlPrefix</ param-name > |
43 | < param-name >serverName</ param-name > |
48 | < filter-name >CAS Validation Filter</ filter-name > |
49 | < url-pattern >/*</ url-pattern > |
57 | < filter-name >CAS HttpServletRequest Wrapper Filter</ filter-name > |
59 | org.jasig.cas.client.util.HttpServletRequestWrapperFilter</ filter-class > |
62 | < filter-name >CAS HttpServletRequest Wrapper Filter</ filter-name > |
63 | < url-pattern >/*</ url-pattern > |
71 | < filter-name >CAS Assertion Thread Local Filter</ filter-name > |
72 | < filter-class >org.jasig.cas.client.util.AssertionThreadLocalFilter</ filter-class > |
75 | < filter-name >CAS Assertion Thread Local Filter</ filter-name > |
76 | < url-pattern >/*</ url-pattern > |
有关cas-client的web.xml修改的详细说明见官网介绍:
https://wiki.jasig.org/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml
6.3 安装配置 tomcat-app2
解压apache-tomcat-6.0.29.tar.gz并重命名后的路径为 G:\sso\tomcat-app2,修改tomcat的启动端口,在文件 conf/server.xml文件找到如下内容:
1 | < Connector port = "8080" protocol = "HTTP/1.1" |
2 | connectionTimeout = "20000" |
4 | < Connector port = "8009" protocol = "AJP/1.3" redirectPort = "8443" /> |
修改成如下:
1 | < Connector port = "28080" protocol = "HTTP/1.1" |
2 | connectionTimeout = "20000" |
3 | redirectPort = "28443" /> |
4 | < Connector port = "28009" protocol = "AJP/1.3" redirectPort = "28443" /> |
启动tomcat-app2,浏览器输入 http://app2.micmiu.com:28080/examples/servlets/ 回车,按照上述6.2中的方法验证是否成功。
同6.2中的复制 client的lib包cas-client-core-3.2.1.jar到 tomcat-app2\webapps\examples\WEB-INF\lib\目录下, 在tomcat-app2\webapps\examples\WEB-INF\web.xml 文件中增加如下内容:
4 | < listener-class >org.jasig.cas.client.session.SingleSignOutHttpSessionListener</ listener-class > |
9 | < filter-name >CAS Single Sign Out Filter</ filter-name > |
10 | < filter-class >org.jasig.cas.client.session.SingleSignOutFilter</ filter-class > |
13 | < filter-name >CAS Single Sign Out Filter</ filter-name > |
14 | < url-pattern >/*</ url-pattern > |
18 | < filter-name >CAS Filter</ filter-name > |
19 | < filter-class >org.jasig.cas.client.authentication.AuthenticationFilter</ filter-class > |
21 | < param-name >casServerLoginUrl</ param-name > |
25 | < param-name >serverName</ param-name > |
30 | < filter-name >CAS Filter</ filter-name > |
31 | < url-pattern >/*</ url-pattern > |
35 | < filter-name >CAS Validation Filter</ filter-name > |
37 | org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</ filter-class > |
39 | < param-name >casServerUrlPrefix</ param-name > |
43 | < param-name >serverName</ param-name > |
48 | < filter-name >CAS Validation Filter</ filter-name > |
49 | < url-pattern >/*</ url-pattern > |
57 | < filter-name >CAS HttpServletRequest Wrapper Filter</ filter-name > |
59 | org.jasig.cas.client.util.HttpServletRequestWrapperFilter</ filter-class > |
62 | < filter-name >CAS HttpServletRequest Wrapper Filter</ filter-name > |
63 | < url-pattern >/*</ url-pattern > |
71 | < filter-name >CAS Assertion Thread Local Filter</ filter-name > |
72 | < filter-class >org.jasig.cas.client.util.AssertionThreadLocalFilter</ filter-class > |
75 | < filter-name >CAS Assertion Thread Local Filter</ filter-name > |
76 | < url-pattern >/*</ url-pattern > |
七、 测试验证SSO
启动之前配置好的三个tomcat分别为:tomcat-cas、tomcat-app1、tomcat-app2.
7.1 基本的测试
预期流程: 打开app1 url —-> 跳转cas server 验证 —-> 显示app1的应用 —-> 打开app2 url —-> 显示app2应用 —-> 注销cas server —-> 打开app1/app2 url —-> 重新跳转到cas server 验证.
打开浏览器地址栏中输入:http://app1.micmiu.com:18080/examples/servlets/servlet/HelloWorldExample,回车:
地址栏中输入:https://demo.micmiu.com:8443/cas/logout,回车显示:
地址栏中输入:https://demo.micmiu.com:8443/cas/logout,回车显示:
上述表示 认证注销成功,此时如果再访问 : http://app1.micmiu.com:18080/examples/servlets/servlet/HelloWorldExample 或 http://app2.micmiu.com:28080/examples/servlets/servlet/HelloWorldExample 需要重新进行认证。
7.2 获取登录用户的信息
修改HelloWorldExample.java,重新编译替换webapps\examples\WEB-INF\classes\HelloWorldExample.class文件,修改后的HelloWorldExample.java代码如下:
3 | import java.util.Map.Entry; |
5 | import javax.servlet.*; |
6 | import javax.servlet.http.*; |
8 | import org.jasig.cas.client.authentication.AttributePrincipal; |
9 | import org.jasig.cas.client.util.AbstractCasFilter; |
10 | import org.jasig.cas.client.validation.Assertion; |
13 | * The simplest possible servlet. |
15 | * @author James Duncan Davidson |
18 | public class HelloWorldExample extends HttpServlet { |
20 | public void doGet(HttpServletRequest request, HttpServletResponse response) |
21 | throws IOException, ServletException { |
22 | ResourceBundle rb = ResourceBundle.getBundle( "LocalStrings" , request |
24 | response.setContentType( "text/html" ); |
25 | PrintWriter out = response.getWriter(); |
27 | out.println( "<html>" ); |
28 | out.println( "<head>" ); |
30 | String title = rb.getString( "helloworld.title" ); |
32 | out.println( "<title>" + title + "</title>" ); |
33 | out.println( "</head>" ); |
34 | out.println( "<body bgcolor=\"white\">" ); |
36 | out.println( "<a href=\"../helloworld.html\">" ); |
37 | out.println( "<img src=\"../images/code.gif\" height=24 " |
38 | + "width=24 align=right border=0 alt=\"view code\"></a>" ); |
39 | out.println( "<a href=\"../index.html\">" ); |
40 | out.println( "<img src=\"../images/return.gif\" height=24 " |
41 | + "width=24 align=right border=0 alt=\"return\"></a>" ); |
42 | out.println( "<h1>" + title + "</h1>" ); |
44 | Assertion assertion = (Assertion) request.getSession().getAttribute( |
45 | AbstractCasFilter.CONST_CAS_ASSERTION); |
47 | if ( null != assertion) { |
48 | out.println( " Log | ValidFromDate =:" |
49 | + assertion.getValidFromDate() + "<br>" ); |
50 | out.println( " Log | ValidUntilDate =:" |
51 | + assertion.getValidUntilDate() + "<br>" ); |
52 | Map<Object, Object> attMap = assertion.getAttributes(); |
53 | out.println( " Log | getAttributes Map size = " + attMap.size() |
55 | for (Entry<Object, Object> entry : attMap.entrySet()) { |
56 | out.println( " | " + entry.getKey() + "=:" |
57 | + entry.getValue() + "<br>" ); |
61 | AttributePrincipal principal = assertion.getPrincipal(); |
66 | String username = null ; |
67 | out.print( " Log | UserName:" ); |
68 | if ( null != principal) { |
69 | username = principal.getName(); |
70 | out.println( "<span style='color:red;'>" + username + "</span><br>" ); |
73 | out.println( "</body>" ); |
74 | out.println( "</html>" ); |
再进行上述测试显示结果如下:
http://app1.micmiu.com:18080/examples/servlets/servlet/HelloWorldExample :