概述说明
按照本系列的前3篇文章描述的步骤,我们已经搭建好cas sso server。那应用程序怎么接入到实现sso呢? (如果您还没有搭建cas server,可以到《轻松搭建CAS 5.x系列文章》按照步驟) CAS官方支持了JAVA、.NET和PHP客户端程序接入支持,其他语言如Python,可以找找非官方的支持。 本章节是编写最简单版本的Java的客户端接入。
操作步骤
进入正题
·1. 首先启动tomcat,看下之前搭建的cas server启动是否正常
双击D:\casoverlay\apache-tomcat-8.5.31\bin\startup.bat 访问 https://cas.example.org:8443/cas/login
2.编写一个war程序cas-client-demo
项目的目录结构件下图
·3. cas-client-demo添加项目依赖jar包
从cas server的项目lib目录中(D:\casoverlay\apache-tomcat-8.5.31\webapps\cas\WEB-INF\lib)
直接copy如下文件到D:\casoverlay\apache-tomcat-8.5.31\webapps\cas-client-demo\WEB-INF\lib
cas-client-core-3.4.1.jar
commons-logging-1.2.jar
log4j-api-2.8.2.jar
log4j-slf4j-impl-2.8.2.jar
slf4j-api-1.7.25.jar
·4. cas-client-demo的web.xml
新增文件D:\casoverlay\apache-tomcat-8.5.31\webapps\cas-client-demo\WEB-INF\web.xml
内容如下:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1"
metadata-complete="true">
<display-name>Tomcat Documentation</display-name>
<description>
Tomcat Documentation.
</description>
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://cas.example.org:8443/cas</param-value>
</init-param>
</filter>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://cas.example.org:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://127.0.0.1:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://cas.example.org:8443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://127.0.0.1:8080</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>true</param-value>
</init-param>
<!--
<init-param>
<param-name>acceptAnyProxy</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>proxyReceptorUrl</param-name>
<param-value>/sample/proxyUrl</param-value>
</init-param>
<init-param>
<param-name>proxyCallbackUrl</param-name>
<param-value>https://mmoayyed.unicon.net:9443/sample/proxyUrl</param-value>
</init-param>
-->
<init-param>
<param-name>authn_method</param-name>
<param-value>mfa-duo</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>
index.jsp
</welcome-file>
</welcome-file-list>
</web-app>
·5. cas-client-demo编写获取cas当前登录信息的帐号名
新增文件D:\casoverlay\apache-tomcat-8.5.31\webapps\cas-client-demo\index.jsp
内容如下
<html>
<body>
Hello World,<%=request.getRemoteUser()%>!
<HR>
<a href="https://cas.example.org:8443/cas/logout">Logout</a>
</body>
</html>
`6. 至此我们的cas客户端的代码已经编写好了
不过,
由于CAS认证是通过web servcie方式调用cas服务端的,
cas服务端的SSL证书是我们本地生成,
直接调用cas的web接口会出现报错,
需要将证书导入到客户端。
具体导入客户端的步骤,我后面会写新的文章。
·7. 重新启动tomcat,访问 cas-client-demo
https://127.0.0.1:8443/cas-client-demo/index.jsp
系统会自动跳转到登录页面
-8. 输入帐号名密码
admin/123456
大功告成!
参考文档
最后,
大家想更多CAS了解的话,
可以来CAS中文文档站点(http://www.cassso-china.cn)来瞅瞅
