cas单点退出,登陆,区域获取信息,及切换特性注意事项
cas过滤器放前,不前于编码
http://blog.csdn.net/thc1987/article/details/8678645
web.xml
要加入单点登陆的过滤器,这个过滤器要放于其他过滤器之前,字符串编码过滤器之后
<filter>
<filter-name>characterEncoding</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>characterEncoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<jsp-config>
<jsp-property-group>
<url-pattern>*.jsp</url-pattern>
<page-encoding>UTF-8</page-encoding>
</jsp-property-group>
</jsp-config>
单点登陆:
shrio.xml最好不要配置自己的sessionManager,要么一个地方生产,其他项目地方公用,不可每个项目自己都生成一个sessionManager,虽然名字相同,但是值不同
所以不能根据这个cookie单点登陆
<!-- 安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="casRealm" />
<property name="subjectFactory" ref="casSubjectFactory" />
<!-- <property name="sessionManager" ref="sessionManager" /> -->
<!-- <property name="cacheManager" ref="shiroEhcacheManager" /> -->
</bean>
至于不同项目头部登陆信息的显示就每个项目从cas取,控制展现
cas 一个单点切换到了另一个,那么登陆记录就在当前单点,切换的时候还是从切换前的端点来取,切换好了只能从当前切换后的项目取
前者涉及跨域请求用如下跨域获取cas,但是到了后者就可以直接用普通的ajax获取当前项目cas信息(当然jsop的原理同样适合本项目中),
在cas过滤管理中的url才有登陆信息放在cas中,一但有了之后再去请求不被过滤的url在它指向的方法里可以取到登陆信息了:
<script>
function jsonpcallback11(customerName){
alert("hd"+customerName);
var state="unlogin";
if(customerName!=''&&customerName!=null){
state="hadlogin";
}
document.getElementById("top-header-login-userName").innerHTML=customerName;//显示已登录用户信息
if(state=="hadlogin"){
document.getElementById("top-header-had-login").style.display="";//显示已登录用户信息
document.getElementById("top-header-un-login").style.display="none"; //隐藏未登录时信息
}
if(state=="unlogin"){
document.getElementById("top-header-had-login").style.display="none";//隐藏已登录用户信息
document.getElementById("top-header-un-login").style.display=""; //显示未登录时信息
}
if(state=="register"){
document.getElementById("top-header-had-login").style.display="none";//隐藏已登录用户信息
document.getElementById("top-header-un-login").style.display="none"; //隐藏未登录时信息
}
}
</script>
<script src="http://localhost:8081/web/siteindex.do/kyTop">
function jsonpcallback11(customerName){
alert("hd"+customerName);
var state="unlogin";
var dis= document.getElementById("top-header-had-login").style.display;
if((dis==''||dis==null)){
}else{
if((customerName!=''&&customerName!=null)){
state="hadlogin";
}
document.getElementById("top-header-login-userName").innerHTML=customerName;//显示已登录用户信息
if(state=="hadlogin"){
document.getElementById("top-header-had-login").style.display="";//显示已登录用户信息
document.getElementById("top-header-un-login").style.display="none"; //隐藏未登录时信息
}
if(state=="unlogin"){
document.getElementById("top-header-had-login").style.display="none";//隐藏已登录用户信息
document.getElementById("top-header-un-login").style.display=""; //显示未登录时信息
}
if(state=="register"){
document.getElementById("top-header-had-login").style.display="none";//隐藏已登录用户信息
document.getElementById("top-header-un-login").style.display="none"; //隐藏未登录时信息
}
}
}
</script>
后台:
至于打到前台的回调指令要不要加<script type=\"text/javascript\">看是<script src="http://localhost:8081/web/siteindex.do/kyTop">请求的还是
看请求的src标签是<script>的话就不要加,这个就已经有了(直接打在<srcipt>中),是form等的就要加,这个是直接打在页面上
@RequestMapping(value = "/kyTop")
@ResponseBody
public void kyTop(Model model,HttpServletRequest request,HttpServletResponse response, HttpSession session) throws IOException {
/*CusUserBean cusUserBean = CASUtil.getCusUserBean();*/
CusFirmBean cusFirmBean= CASUtil.getCustomer();
//request.getSession().setAttribute(Constants.SESSION_FIRM, cusUserBean);
response.setCharacterEncoding("UTF-8");
if(cusFirmBean!=null){
//String dx=JSONUtils.valueToString(JSONObject.fromObject(cusFirmBean)) ;
//response.getWriter().write("jsonpcallback11"+ "('"+cusFirmBean.getCustomerName()+"');");//moduleId
String dx="<script type=\"text/javascript\">alert(1);this.jsonpcallback11"+ "("+cusFirmBean.getEnglishName()+");</script>";
response.getWriter().write("jsonpcallback11"+ "('"+cusFirmBean.getEnglishName()+"');");//moduleId
//response.getWriter().write(dx);
}
else{
response.getWriter().write("jsonpcallback11"+ "();");//moduleId
}
// return "frame/index.p";
}
二:
证件动态上传:
这是form请求打回的没有<script>所以要加<script type=\"text/javascript\">
<form action="${pageContext.request.contextPath}/account/tbCusFirmChg/uploadSave?allowFileType=${allowFileType}&callBackFunction=${callBackFunction}&virtualSavePath=${virtualSavePath}&fileType=${fileType}" method="post" enctype="multipart/form-data" >
<input type="file" name="file" id="file">
<input type="submit" value="上传" style="height:22px">
</form>
后台
if("PIC".equals(upMap.get("fileType"))){
is_delete_old_image = true;
lessFileName=new SimpleDateFormat("HHmmss").format(new Date())+getRandStr("",6)+".jpg";
lessUrl="/"+path+"/"+lessFileName;
String re =ImageUtil.lessImageTfs(fileFileName, lessFileName, 1);
lessUrl="/"+path+"/"+re;
if("".equals(re)){
is_delete_old_image = false;
lessUrl=url;
}
ResponseUtil.print("<script type=\"text/javascript\">parent." + upMap.get("callBackFunction") + "('/file/upload/originName/" + re + "/open','" + StaticVariables.Base_Path + "','" + filePath + "','" + fileSize + "','" + fileFileName + "','" + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date()) + "');history.back();</script>", response);
return null;
}