1.本示例中使用cas4.0+cas-client-core3.4版本,ide则是myeclipse2014 blue版本,mvn使用3.9版本
2.注意事项:请先实现破解cas-client-core,https请求证书的限制
3.在pom.xml引入cas-client-core.jar,并用破解版替换mvn仓库版本
4.web.xml配置
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> <display-name>cas-client-demo</display-name> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> <!--SSO认证根地址--> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://xxx.cn:7143/cas</param-value> </init-param> </filter> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <!--SSO登录地址--> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://xxx.cn:7143/cas/login</param-value> </init-param> <!--本系统根地址--> <init-param> <param-name>serverName</param-name> <param-value>https://localhost:7143</param-value> </init-param> <init-param> <description>不拦截的请求</description> <param-name>ignorePattern</param-name> <param-value>/js/*|/img/*|/view/*|/css/*|/sys/*</param-value> </init-param> </filter> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://xxx.cn:7143/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>https://localhost:7143</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>useSession</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> <!-- <init-param> <param-name>acceptAnyProxy</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>proxyReceptorUrl</param-name> <param-value>/sample/proxyUrl</param-value> </init-param> <init-param> <param-name>proxyCallbackUrl</param-name> <param-value>https://mmoayyed.unicon.net:9443/sample/proxyUrl</param-value> </init-param> --> <init-param> <param-name>authn_method</param-name> <param-value>mfa-duo</param-value> </init-param> </filter> <!--SSO退出地址--> <context-param> <param-name>casServerLogoutUrl</param-name> <param-value>https://xxx.cn:7143/cas/logout</param-value> </context-param> <!--本系统根地址--> <context-param> <param-name>serverName</param-name> <param-value>https://localhost:7143</param-value> </context-param> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <welcome-file-list> <!-- 本地默认登陆页面 --> <welcome-file>sys/index.jsp</welcome-file> <welcome-file>index.jsp</welcome-file> </welcome-file-list> </web-app>
5.webapp目录新建home,sys文件夹
5.1sys文件夹添加index.jsp文件
代码如下
<%@page contentType="text/html;charset=UTF-8" %> <%@page pageEncoding="UTF-8" %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>CAS-Demo-不需要认证界面</title> </head> <body> <p> 本页面内可完成自定义登录功能 </p> </body> </html>
5.2home添加index.jsp,代码如下
<%@page contentType="text/html;charset=UTF-8" %> <%@page pageEncoding="UTF-8" %> <%@ page import="java.util.Map" %> <%@ page import="java.util.Iterator" %> <%@ page import="java.util.List" %> <%@ page import="org.jasig.cas.client.authentication.AttributePrincipal" %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>CAS-Demo</title> </head> <body> <h3>Cas-Client接入示例.</h3> <hr> <p> <b>用户:<%= request.getRemoteUser() %></b> <% //此处默认使用了单点退出,实际操作根据实际的项目框架特点来调整,思路参考SignOut.jsp %> <a href="logout.jsp" title="退出">退出</a> </p> <% if (request.getUserPrincipal() != null) { AttributePrincipal principal = (AttributePrincipal) request.getUserPrincipal(); final Map attributes = principal.getAttributes(); if (attributes != null) { Iterator attributeNames = attributes.keySet().iterator(); out.println("<b>Attributes:</b>"); if (attributeNames.hasNext()) { out.println("<hr><table border='3pt' width='100%'>"); out.println("<th colspan='2'>Attributes</th>"); out.println("<tr><td><b>Key</b></td><td><b>Value</b></td></tr>"); for (; attributeNames.hasNext(); ) { out.println("<tr><td>"); String attributeName = (String) attributeNames.next(); out.println(attributeName); out.println("</td><td>"); final Object attributeValue = attributes.get(attributeName); if (attributeValue instanceof List) { final List values = (List) attributeValue; out.println("<strong>Multi-valued attribute: " + values.size() + "</strong>"); out.println("<ul>"); for (Object value : values) { out.println("<li>" + value + "</li>"); } out.println("</ul>"); } else { out.println(attributeValue); } out.println("</td></tr>"); } out.println("</table>"); } else { out.print("No attributes are supplied by the CAS server.</p>"); } } else { out.println("<pre>The attribute map is empty. Review your CAS filter configurations.</pre>"); } } else { out.println("<pre>The user principal is empty from the request object. Review the wrapper filter configuration.</pre>"); } %> </body> </html>
5.3home添加logout.jsp
<%@page contentType="text/html" %> <%@page pageEncoding="UTF-8" %> <%@ page import="java.util.Map" %> <%@ page import="java.util.Iterator" %> <%@ page import="org.jasig.cas.client.authentication.AttributePrincipal" %> <% //判定退出类型 Boolean isSsoLogout=true; if(isSsoLogout){ //单点退出模式 //本地退出操作模拟 session.invalidate(); //调用单点退出接口 response.sendRedirect(application.getInitParameter("casServerLogoutUrl")+ "?service=" + application.getInitParameter("serverName") + "/cas-client-demo-1/home"); } else{ //本地退出模式 //本地退出操作模拟 session.invalidate(); //跳转至本地登录页/ty/login.jsp response.sendRedirect("/ty/login.jsp"); } %>
5.4webapp下面添加index.jsp页面
<%@page contentType="text/html;charset=UTF-8" %> <%@page pageEncoding="UTF-8" %> <%@ page import="java.util.Map" %> <%@ page import="java.util.Iterator" %> <%@ page import="java.util.List" %> <%@ page import="org.jasig.cas.client.authentication.AttributePrincipal" %> <% response.sendRedirect("/home"); %>
6.运行结果
sys/index.jsp页面不需要认证就可以进入
系统默认页面路径:sys/index.jsp
home以及其他访问路径下的请求需要认证