本環境基於cas3.4.2進行配置,3個tomcat環境:單點登錄tomcat、代理tomcat和被代理tomcat。目的是通過代理app1訪問被代理app2,此配置完全根據源代碼分析而來(因此基礎好的直接讀源代碼研究更好)。
1、單點登錄tomcat發佈配置,網上有很多資料,不在贅述。
2、代理app配置:網上有說
AuthenticationFilter和Cas20ProxyReceivingTicketValidationFilter2個過濾器順序需要調換,其實是錯誤的,把握好以下紅色字體足以。 proxyCallback網上介紹的很草率,這裏只需要在代理端新建一個servlet作爲代理url即可,內部邏輯什麼都不用做。
<!-- SSO配置 --> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://127.0.0.1:8081/tjsso/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://127.0.0.1:8080</param-value> </init-param> </filter> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter </filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://127.0.0.1:8081/tjsso</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://127.0.0.1:8080</param-value> </init-param> <init-param> <param-name>useSession</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> </filter> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class> org.jasig.cas.client.util.HttpServletRequestWrapperFilter </filter-class> </filter> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class> org.jasig.cas.client.util.AssertionThreadLocalFilter </filter-class> </filter> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/proxyCallback</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!--web定義的代理回調-->
3、被代理app配置:
<!-- SSO配置 --> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://127.0.0.1:8081/tjsso/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://127.0.0.1:8080</param-value> </init-param> </filter> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter </filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://127.0.0.1:8081/tjsso</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://127.0.0.1:8080</param-value> </init-param> <init-param> <param-name>useSession</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> </filter> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class> org.jasig.cas.client.util.HttpServletRequestWrapperFilter </filter-class> </filter> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class> org.jasig.cas.client.util.AssertionThreadLocalFilter </filter-class> </filter> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
4、實例驗證,在代理端新建一個servlet,我這裏就是上述配置的
casProxyTest
源碼如下:
com.supermap.proxy;
org.jasig.cas.client.authentication.AttributePrincipal;
org.jasig.cas.client.util.AssertionHolder;
javax.servlet.ServletException;
javax.servlet.http.HttpServlet;
javax.servlet.http.HttpServletRequest;
javax.servlet.http.HttpServletResponse;
java.io.BufferedReader;
java.io.IOException;
java.io.InputStreamReader;
java.io.OutputStream;
java.net.HttpURLConnection;
java.net.URL;
java.net.URLEncoder;
CasProxyTestServlet HttpServlet {
doGet(HttpServletRequest req, HttpServletResponse resp)
ServletException, IOException {
(req, resp);
}
(HttpServletRequest req, HttpServletResponse resp)
ServletException, IOException {
AttributePrincipal principal = AssertionHolder.().getPrincipal();
String proxyTicket = principal.getProxyTicketFor();
URL url = URL(+ URLEncoder.(proxyTicket, ));
HttpURLConnection conn = (HttpURLConnection)url.openConnection();
conn.setDoOutput();
conn.setDoInput();
OutputStream out = conn.getOutputStream();
out.write((+URLEncoder.(proxyTicket, )).getBytes());
out.flush();
out.close();
BufferedReader br = BufferedReader(InputStreamReader(conn.getInputStream(), ));
StringBuffer content = StringBuffer();
String line = ;
((line=br.readLine()) != ) {
content.append(line).append();
}
resp.getWriter().write(content.toString());
}
}總結:其中的原理在網上有很多資料介紹,最主要還是需要個人去研讀源代碼,把握核心。