CAS4.0集成(restlet)与使用实例

CAS提供了C/S端登录的组件，集成restlet即可，步骤还是很方便的,可以先下载依赖包

---

注意3.x版本的restlet与4.0集成的包有所不同,这里只描述4.0版本
百度云依赖包下载 密码: p917

1.加入依赖包

2.配置web.xml

<!-- 集成RESTFul API-->
<servlet>
    <servlet-name>restlet</servlet-name>
    <servlet-class>org.restlet.ext.spring.RestletFrameworkServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>restlet</servlet-name>
    <url-pattern>/v1/*</url-pattern>
</servlet-mapping>  

3.重启服务器,测试

1. 获取登录TGT

参数：username,password,service
地址:/v1/tickets

例：curl -i -X  POST -d "username=admin&password=admin&service=http://www.google.com"  
    http://127.0.0.1:8080/websso/v1/tickets 

返回值：
HTTP/1.1 201 Created Date: Thu, 03 Nov 2016 01:39:45 GMT Accept-Ranges:
bytes Location:
http://127.0.0.1:8080/websso/v1/tickets/TGT-2-kfxOmoqdU7HfIf5wjKuQgbsE
xZB34mhT6QcGcetuzLYRmmWT4x-cas01.example.org Server:
Restlet-Framework/2.1.0 Content-Type: text/html;charset=UTF-8
Content-Length: 447

<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">
<html>
<head>
<title>201 The r equest has been fulfilled and resulted in a new
    resource being created</title></ head>
<body>
    <h1>TGT Created</h1>
    <form
        action="http://127.0.0.1:8080/websso/v1/tic
kets/TGT-2-kfxOmoqdU7HfIf5wjKuQgbsExZB34mhT6QcGcetuzLYRmmWT4x-cas01.example.org"
        method="POST">
        Service:<input type="text" name="service" value=""><br>
        <input typ e="submit" value="Submit">
    </form>
</body>
</html>

2. 通过TGT获取TK

参数：service
地址:/v1/tickets/{TGT id}

例：curl -i  -X POST -d "service=http://www.google.com"  
http://127.0.0.1:8080/websso/v1/tickets/TGT-2-kfxOmoqdU7HfIf5wjKuQgbsExZB34mhT6QcGcetuzLYRmmWT4x-cas01.example.org  

返回值：
HTTP/1.1 200 OK
Date: Thu, 03 Nov 2016 01:40:41 GMT
Accept-Ranges: bytes
Server: Restlet-Framework/2.1.0
Content-Type: text/plain;charset=UTF-8
Content-Length: 43

ST-2-PjRJUXN2rVL2Z6c1OIif-cas01.example.org

3. 获取登录用户信息

参数：ticket,service
地址:/serviceValidate

例：curl -i  -X POST -d "ticket=ST-2-PjRJUXN2rVL2Z6c1OIif-cas01.example.org&service=http://www.google.com" 
http://127.0.0.1:8080/websso/serviceValidate


返回值：(可能与您的有所不同，因为这是我另外拓展的属性)
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type:
application/xml;charset=UTF-8 Content-Language: zh-CN Content-Length:
663 Date: Thu, 03 Nov 2016 01:45:27 GMT
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
    <cas:authenticationSuccess>
        <cas:user>admin</cas:user>
        <cas:attributes>
            <cas:postid>0</cas:postid>
            <cas:username>admin</cas:username>
            <cas:systemcode>1</cas:systemcode>
            <cas:userid>4028d881436d514601436d5215ac0043</cas:userid>
            <cas:salt>admin</cas:salt>
        </cas:attributes>
        </cas:authenticationSuccess>
</cas:serviceResponse>

4. 注销退出用户

参数：无
地址:cas/v1/tickets/{TGT id}

例：curl -i  -X DELETE 
http://127.0.0.1:8080/websso/cas/v1/tickets/TGT-2-fxOmoqdU7HfIf5wjKuQgbsExZB34mhT6QcGcetuzLYRmmWT4x-cas01.example.org

返回值：
HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Length: 0
Date: Thu, 03 Nov 2016 01:50:06 GMT

退出之后可以再次获取用户信息
curl -i  -X POST -d "ticket=ST-2-PjRJUXN2rVL2Z6c1OIif-cas01.example.org&service=http://www.google.com" 
http://127.0.0.1:8080/websso/serviceValidate

返回值：(会提示票据已经过期了)
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml;charset=UTF-8
Content-Language: zh-CN
Content-Length: 256
Date: Thu, 03 Nov 2016 01:50:22 GMT

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
        <cas:authenticationFailure code='INVALID_TICKET'>
        鏈兘澶熻瘑鍒嚭鐩爣 &#039;ST-2-PjRJUXN2rVL2Z6c1OIif-cas01.e
xample.org&#039;绁ㄦ牴
        </cas:authenticationFailure>
</cas:serviceResponse>

网上拓展

1. 在测试类中可以得到用户的ST.一般ST的有效时间都很短，在 /cas/WebRoot/WEB-INF/spring-configuration/ticketExpirationPolicies.xml ，这个文件中设置
   

2. 得到ST之后，拼接访问地址，拷贝到浏览器中就可以时间浏览器的免登陆，直接访问到 受保护资源