环境:两个web服务作为Cas的client端,CAS服务端cas-server-webapp-3.5.1.war,配置tomcat虚拟主机(hosts 与 servers.xml)
(1)cas的client1的web.xml配置,同理配置client2:
<!-- 该过滤器负责用户的认证工作,必须启用它 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://cas.com:8080/login</param-value>
</init-param>
<!-- 这里的serverName是服务端的IP -->
<init-param>
<param-name>serverName</param-name>
<param-value>http://client1.com:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://cas.com:8080/</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://client1.com:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
(2)cas默认使用https协议,修改其票据检查为http协议认证: spring-cnfiguration/ticketGrantingTicketCookieGenerator.xml
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="false"
p:cookieMaxAge="-1"
p:cookieName="CASTGC"
p:cookiePath="/" />
测试步骤:
浏览器访问 http://client1.com:8080/index,重定向到 http://cas.com:8080/login?service=http://client1.com:8080/index
输入用户名密码登录:
client1访问过程总结:
<1> 浏览器访问 http://client1.com:8080/index.jsp
重定向到 http://cas.com:8080/login?service=http%3A%2F%2Fclient1.com%3A8080%2Findex.jsp
<2> 访问 http://cas.com:8080/login?service=http://client1.com:8080/index.jsp
输入用户名密码登录
<3> 登录成功,CAS服务器向浏览器传回 cookie CASTGC=TGT-2-ZdbzVTdbhDmSI9KEk0tkPsMbrXfuDstwJaiKpj1I9hhVIXBAla-cas01.example.org; Path=/,
重定向到 http://client1.com:8080/index.jsp?ticket=ST-3-iGfw4MaDc0X0WeoHBDFz-cas01.example.org
<4> 浏览器携带ticket访问:http://client1.com:8080/index.jsp?ticket=ST-3-iGfw4MaDc0X0WeoHBDFz-cas01.example.org
重定向到 http://client1.com:8080/index.jsp;jsessionid=29C6C3310A5B68406823E55AF70CE234
<5> 访问 http://client1.com:8080/index.jsp;jsessionid=29C6C3310A5B68406823E55AF70CE234
浏览器访问 http://client2.com:8080/index.jsp
client2访问过程总结:
<1> http://client2.com:8080/index.jsp
重定向到 http://cas.com:8080/cas/login?service=http%3A%2F%2Fclient2.com%3A8080%2Findex.jsp
<2> 访问:http://cas.com:8080/cas/login?service=http://client2.com:8080/index.jsp
携带上次浏览器访问CAS服务的cookie:
JSESSIONID=6DBC4492CCA25B05715794F4002266EA; CASTGC=TGT-2-JpMDcVawHdUQJd0OOPwEHODOqN3z6BaqMpiRvdYsRtoo7brNAY-cas01.example.org
重定向到 http://client2.com:8080/index.jsp?ticket=ST-2-iewA1oyRijfvYTtIMIBR-cas01.example.org
<3> 携带CAS的ticket访问:http://client2.com:8080/index.jsp?ticket=ST-2-iewA1oyRijfvYTtIMIBR-cas01.example.org
重定向到 http://client2.com:8080/index.jsp;jsessionid=DD50A2513F232D614069CD3B40790319
<4> http://client2.com:8080/index.jsp;jsessionid=DD50A2513F232D614069CD3B40790319