- 我们知道,CAS SSO是一种WEB SSO,对针对WEB应用的单点登录解决方案。随着移动互联网应用崛起,通常应用群不仅包括WEB应用,常常也包含手机原生应用、桌面应用等C/S架构应用。如何让这些应用也纳入CAS认证服务器的管辖范围,统一认证、统一调度,是我们需要解决的问题。
手机和桌面应用访问CAS,我们不能直接使用CAS提供的web api。不过CAS提供了一个插件,叫CAS Restlet Integration,该插件提供了CAS API的Restful接口,这个接口可以被程序级调用,这样就给我们手机应用认证带来一种思路。首先,手机应用可以程序方式CAS认证服务器,获得TGT和ST,然后访问配置好CAS Client的应用Server,Server与CAS进行通信验证ST的有效性,如果有效即登录成功。登出处理比较简单,直接访问CAS API删除TGT即可,CAS会通知删除所有登录过应用的登录信息。
对 CAS Server,我们要安装Restlet Integration插件,
以CAS Server 3.4.5为例(CAS Server的基本配置参见 CAS Server 部署基本步骤),首先下载CAS Restlet Integration插件包及其依赖包(http://mvnrepository.com/artifact/org.jasig.cas/cas-server-integration-restlet/3.4.5),所需包名列表如下:
cas-server-integration-restlet-3.4.5.jar
cglib-nodep-2.1_3.jar
com.noelios.restlet.ext.servlet-1.1.1.jar
com.noelios.restlet.ext.spring-1.1.1.jar
com.noelios.restlet-1.1.1.jar
org.restlet.ext.spring-1.1.1.jar
org.restlet-1.1.1.jar
然后在web.xml中加入:
- <!-- for restful api -->
- <servlet>
- <servlet-name>restlet</servlet-name>
- <servlet-class>com.noelios.restlet.ext.spring.RestletFrameworkServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>restlet</servlet-name>
- <url-pattern>/v1/*</url-pattern>
- </servlet-mapping>
程序获取TGT,ST和Logout,我们可以参考官方的例子:
- /* 获取tgt和st的API接口是 /v1/tickets */
- private String getTicketGrantingTicket(final String server,final String username, final String password) {
- final HttpClient client = new HttpClient();
- final PostMethod post = new PostMethod(server);
- post.setRequestBody(new NameValuePair[] {
- new NameValuePair("username", username),
- new NameValuePair("password", password) });
- try {
- client.executeMethod(post);
- final String response = post.getResponseBodyAsString();
- switch (post.getStatusCode()) {
- case 200:
- return response;
- default:
- break;
- }
- } catch (Exception e) {
- } finally {
- post.releaseConnection();
- }
- return null;
- }
- @SuppressWarnings("unchecked")
- private String getServiceTicket(final String server,final String ticketGrantingTicket, final String service) {
- if (ticketGrantingTicket == null) return null;
- final HttpClient client = new HttpClient();
- final PostMethod post = new PostMethod(server + "/"+ ticketGrantingTicket);
- post.setRequestBody(new NameValuePair[] { new NameValuePair("service",service) });
- try {
- client.executeMethod(post);
- final String response = post.getResponseBodyAsString();
- switch (post.getStatusCode()) {
- case 200:
- return response;
- default:
- break;
- }
- } catch (Exception e) {
- } finally {
- post.releaseConnection();
- }
- return null;
- }
- /* 删除tgt的API接口是 /v1/tickets/<tgt> ,delete方法 */
- public String logout(String tgt) {
- String result = "success";
- final HttpClient client = new HttpClient();
- final DeleteMethod delete = new DeleteMethod(server + "/" + tgt);
- try {
- client.executeMethod(delete);
- final String response = delete.getResponseBodyAsString();
- switch (delete.getStatusCode()) {
- case 200:
- break;
- default:
- result = "error";
- break;
- }
- } catch (IOException e) {
- result = "error";
- }finally{
- delete.releaseConnection();
- }
- return result;
- }