cas4.0 单点登录 之 cas-client
cas4.0 单点登录 之 https证书 已经做好了证书的准备工作,现在结合cas-server来配置单点登录;
一、安装cas服务端(cas-server)
cas服务端是一个war包,这里只做体验单点登录,cas-server下载点这里cas-server-webapp-4.0.0.war,将war包放tomcat下运行即可,运行cas-server的tomcat的要开启SSL支持,上面文章也有说明,server.xml需要如下配置:
<Connector port="8443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="d:/cas/keystore" keystorePass="caspass"/>
- 1
- 2
- 3
cas-server的定制开发后面文章再讲。
二、cas客户端配置(cas-client)
1、web.xml方式配置
写了个简单客户端配置,源码cas_client_test_demo.zip
a) pom.xml
<dependencies>
<dependency>
<groupId>junit</groupId> <artifactId>junit</artifactId> <version>3.8.1</version> <scope>test</scope> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>2.5</version> <scope>provided</scope> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>4.0.3.RELEASE</version> </dependency> <dependency> <groupId>org.jasig.cas.client</groupId> <artifactId>cas-client-core</artifactId> <version>3.4.1</version> </dependency> </dependencies>
b) web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <servlet> <servlet-name>mvc-dispatcher</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:/spring-mvc.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>mvc-dispatcher</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <!-- ****************** 单点登录开始 ********************--> <!-- 用于实现单点登出功能 可选 --> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <!-- 该过滤器用于实现单点登出功能,单点退出配置,一定要放在其他filter之前 可选 --> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://cas.castest.com:8443/cas/</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 该过滤器负责用户的认证工作,必须 --> <filter> <filter-name>CASFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <!--casServerLoginUrl:cas服务的登陆url --> <param-name>casServerLoginUrl</param-name> <param-value>https://cas.castest.com:8443/cas/login</param-value> </init-param> <init-param> <!--serverName:本项目的ip+port --> <param-name>serverName</param-name> <param-value>http://www.zrk1000.com:8081</param-value> </init-param> <init-param> <param-name>useSession</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>CASFilter</filter-name> <url-pattern>/test</url-pattern> </filter-mapping> <!-- 该过滤器负责对Ticket的校验工作,必须--> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter </filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://cas.castest.com:8443/cas/</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://www.zrk1000.com:8081</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <!-- 对test做登录拦截--> <url-pattern>/test</url-pattern> </filter-mapping> <!-- 该过滤器对HttpServletRequest请求包装, 可通过HttpServletRequest的getRemoteUser()方法获得登录用户的登录名,可选 --> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class> org.jasig.cas.client.util.HttpServletRequestWrapperFilter </filter-class> </filter> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>