cas client用于部署在应用中,与cas server交互实现单点登录功能,每个需要实现单点登录的应用均需要部署cas client。出于达到对后期快速开发的目的,我在研究cas server的同时,也基于cas官方提供的client模板JA-SIG Java Client Simple WebApp Sample对cas client进行配置和封装出一套部署包,该套部署包需要与cas server部署包同时使用
该部署包使用Eclipse配置开发,可以直接使用Eclipse导入后运行,下面提供tomcat下部署方法:
-
部署部署包中文件夹
/WebContent/
中的文件到tomcat的webapps/mywebapp/
下 -
复制部署包文件夹
/source/
中的文件log4j2.xml
到webapps/mywebapp/WEB-INF/classes/
下 -
配置
/WEB-INF/web.xml
:-
配置
context-param
:-
cas server部署地址
<context-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://localhost:8080/cas</param-value> </context-param>
<param-value>
配置为cas server部署网站地址,如果cas server部署在http://localhost:8080/cas
下,那么该值配置为http://localhost:8080/cas
-
cas server登录地址
<context-param> <param-name>casServerLoginUrl</param-name> <param-value>http://localhost:8080/cas/login</param-value> </context-param>
<param-value>
配置为cas server登录地址
-
cas client部署的网站根目录地址
<context-param> <param-name>serverName</param-name> <param-value>http://localhost:8081</param-value> </context-param>
<param-value>
配置为cas client部署网站根目录地址,如果cas client部署在http://localhost:8081/cas
下,那么该值配置为http://localhost:8081
-
-
配置需要登陆才能访问的地址
... <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/protected/*</url-pattern> ...
<url-pattern>
配置为需要登录才能访问的地址,默认为/protected/*
,当访问/protected/*
是会跳转到cas server要求登陆
-
基本配置完成,启动tomcat即可通过http://localhost:8081/mywebapp
访问cas client,访问http://localhost:8081/mywebapp/protected
需要同时开启cas server,cas server部署包和配置参见:cas server部署包
- 注:
*.log
文件默认保存位置配置到D:/cas_client/logs/
下(linux请更改为/cas_client/logs
,否则可能无法启动),如需配置见更多配置
的3. 日志配置
-
环境参数配置用于filter的参数,由于多个filter拥有相同参数,cas client支持读取环境参数来配置,因此将各个filter重复的参数配置为环境参数
-
见上述
Quick Start
中3. 配置context-param
:
-
cas client配置filter用于与cas server交互,主要有5类filter,并且配置需要按如下顺序进行配置,否则无法正常使用:
SingleSignOutFilter,AuthenticationFilter,TicketValidationFilter,HttpServletRequestWrapperFilter,AssertionThreadLocalFilter
-
-
控制单点登出,当cas server退出后,会发送请求要求cas client清除登录session,请求由该filter处理
<filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
-
验证用户是否登陆,如果没有登录,就会重定向到cas server,进行登录操作,如果已经登陆,就会获取ST,配置如下:
<filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/protected/*</url-pattern> </filter-mapping>
<url-pattern>
配置为需要登录才能访问的地址
-
用于验证ST,默认配置使用cas protocol3.0验证,即
Cas30TicketValidationFilter
<filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
-
cas封装的HttpServletRequest,通过
getRemoteUser
和getPrincipal
方法返回Pincipal信息<filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
-
将Principal信息放入ThreadLocal中,便于无法使用request的方法获取Principal信息
<filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
-
filter更多参数配置请参见官方文档:Configuring the Jasig CAS Client for Java in the web.xml
默认已配置,用于cas client的session失效后,清除记录的用于与cas server交互的TGT信息
```
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
```
-
log4j2.xml
默认
/WEB-INF/classes/
下,配置参见:cas-server-4.2.x-deployment-package - 4. /WEB-INF/classes/log4j2.xml -
*.log
默认
D:/cas_client/logs/
下,配置参见:cas-server-4.2.x-deployment-package - 5. /WEB-INF/logs/*.log