本环境基于cas3.4.2进行配置,3个tomcat环境:单点登录tomcat、代理tomcat和被代理tomcat。目的是通过代理app1访问被代理app2,此配置完全根据源代码分析而来(因此基础好的直接读源代码研究更好)。
1、单点登录tomcat发布配置,网上有很多资料,不在赘述。
2、代理app配置:网上有说
AuthenticationFilter和Cas20ProxyReceivingTicketValidationFilter2个过滤器顺序需要调换,其实是错误的,把握好以下红色字体足以。 proxyCallback网上介绍的很草率,这里只需要在代理端新建一个servlet作为代理url即可,内部逻辑什么都不用做。
<!-- SSO配置 --> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://127.0.0.1:8081/tjsso/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://127.0.0.1:8080</param-value> </init-param> </filter> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter </filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://127.0.0.1:8081/tjsso</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://127.0.0.1:8080</param-value> </init-param> <init-param> <param-name>useSession</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> </filter> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class> org.jasig.cas.client.util.HttpServletRequestWrapperFilter </filter-class> </filter> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class> org.jasig.cas.client.util.AssertionThreadLocalFilter </filter-class> </filter> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/proxyCallback</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!--web定义的代理回调-->
3、被代理app配置:
<!-- SSO配置 --> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://127.0.0.1:8081/tjsso/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://127.0.0.1:8080</param-value> </init-param> </filter> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter </filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://127.0.0.1:8081/tjsso</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://127.0.0.1:8080</param-value> </init-param> <init-param> <param-name>useSession</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> </filter> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class> org.jasig.cas.client.util.HttpServletRequestWrapperFilter </filter-class> </filter> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class> org.jasig.cas.client.util.AssertionThreadLocalFilter </filter-class> </filter> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
4、实例验证,在代理端新建一个servlet,我这里就是上述配置的
casProxyTest
源码如下:
com.supermap.proxy; org.jasig.cas.client.authentication.AttributePrincipal; org.jasig.cas.client.util.AssertionHolder; javax.servlet.ServletException; javax.servlet.http.HttpServlet; javax.servlet.http.HttpServletRequest; javax.servlet.http.HttpServletResponse; java.io.BufferedReader; java.io.IOException; java.io.InputStreamReader; java.io.OutputStream; java.net.HttpURLConnection; java.net.URL; java.net.URLEncoder; CasProxyTestServlet HttpServlet { doGet(HttpServletRequest req, HttpServletResponse resp) ServletException, IOException { (req, resp); } (HttpServletRequest req, HttpServletResponse resp) ServletException, IOException { AttributePrincipal principal = AssertionHolder.().getPrincipal(); String proxyTicket = principal.getProxyTicketFor(); URL url = URL(+ URLEncoder.(proxyTicket, )); HttpURLConnection conn = (HttpURLConnection)url.openConnection(); conn.setDoOutput(); conn.setDoInput(); OutputStream out = conn.getOutputStream(); out.write((+URLEncoder.(proxyTicket, )).getBytes()); out.flush(); out.close(); BufferedReader br = BufferedReader(InputStreamReader(conn.getInputStream(), )); StringBuffer content = StringBuffer(); String line = ; ((line=br.readLine()) != ) { content.append(line).append(); } resp.getWriter().write(content.toString()); } }
总结:其中的原理在网上有很多资料介绍,最主要还是需要个人去研读源代码,把握核心。
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。