一、前言
CAS Client端可分为简单的Servlet配置方式和Spring MVC,Shiro整合配置方式,将分两次说明,这里先讲简单的Servlet配置方式
二、环境
Tomcat7
JDK7
CAS Client版本:3.4.1
IDE:IDEA 14.1.7
测试源代码下载:http://git.oschina.net/tsfdez/cas-test
三、建立项目
通过Maven建立名为cas-test的项目,在里面建立三个web模组,分别是test1,test2,test3,其中test1,test2都是Servlet配置方式,test3是Spring MVC,Shiro整合配置方式,这个下一讲在说明
四、项目配置
先配置test1模组
将之前生成的证书复制过去
打开pom.xml文件,增加cas-client-core依赖配置及Tomcat配置
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<artifactId>cas-test</artifactId>
<groupId>com.company.cas-test</groupId>
<version>1.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>test1</artifactId>
<packaging>war</packaging>
<name>test1 Maven Webapp</name>
<url>http://maven.apache.org</url>
<dependencies>
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.4.1</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<finalName>test1</finalName>
<plugins>
<plugin>
<!-- 插件在仓库里的group ID -->
<groupId>org.apache.tomcat.maven</groupId>
<!-- 插件在仓库里的artifact ID -->
<artifactId>tomcat7-maven-plugin</artifactId>
<!-- 被使用的插件的版本(或版本范围) -->
<version>2.0</version>
<!-- 作为DOM对象的配置 -->
<configuration>
<port>8002</port>
<path>/test1</path>
<uriEncoding>UTF-8</uriEncoding>
<keystoreFile>${project.basedir}\localhost</keystoreFile>
<keystorePass>123456</keystorePass>
<httpsPort>9002</httpsPort>
</configuration>
</plugin>
</plugins>
</build>
</project>
打开WEB-INF/web.xml,增加CAS配置
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0" metadata-complete="true">
<display-name>Archetype Created Web Application</display-name>
<!-- ======================== 单点登录开始 ======================== -->
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置 -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- 该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:9001/cas</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责用户的认证工作,必须启用它 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://localhost:9001/cas/login</param-value>
<!--这里的server是服务端的IP -->
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://localhost:9002</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:9001/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://localhost:9002</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- ======================== 单点登录结束 ======================== -->
</web-app>
启动Tomcat,在浏览器输入https://localhost:9002/test1,试试账号登录与退出,退出输入https://localhost:9001/cas/logout
这边说下单点登出,登出实际上访问Server端的logout地址,Server端会通知其他Client端登出,若是不想同步的,可以注释掉web.xml的这一段
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置 -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- 该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:9001/cas</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
在webapp下增加一个登出页面logout.jsp,通过访问这个页面实现登出
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title></title>
</head>
<body>
<%
session.invalidate();
response.sendRedirect("https://localhost:9001/cas/logout?service=https://localhost:9002/test1");
%>
</body>
</html>
test2的配置就不细说了,跟test1一样,修改一下端口就行
test2配置好了,可以测试一下两个节点登录登出是否同步