对接单点登录不是这个端退出不了,就是用户账号实现多模块切换,甚是烦恼
1、cas服务端:下载地址:http://downloads.jasig.org/cas/,cas的服务端和客户端有许多版本,最新版本和老版本
有很大的区别,目前服务端最新版本为:cas-server-3.4.4-release.zip
解压cas-server-3.4.4-release.zip将modules目录下的cas-server-webapp-3.4.4.war改名称为cas.war复制到
tomcat的webapps下,启动tomcat,访问:http://localhost:8080/cas/login 就可以看到登录界面了:
cas服务端默认采用的是 用户名=密码的验证,并且采用的是https验证,需要给tomcat配置证书,本系统没有采用https验证,若采用https验证可参考:
http://blog.csdn.net/haydenwang8287/archive/2010/07/26/5765941.aspx。
1.1、若不采用https验证,服务器端需要配置
1、cas\WEB-INF\deployerConfigContext.xml
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient"/>
增加参数p:requireSecure="false",是否需要安全验证,即HTTPS,false为不采用,加上去之后如下:
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" p:requireSecure="false"/>
2、cas\WEB-INF\spring-configuration\
ticketGrantingTicketCookieGenerator.xml
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="true"
p:cookieMaxAge="-1"
p:cookieName="CASTGC"
p:cookiePath="/cas" />
参数p:cookieSecure="true",同理为HTTPS验证相关,TRUE为采用HTTPS验证,FALSE为不采用https验证。
参数p:cookieMaxAge="-1",简单说是COOKIE的最大生命周期,-1为无生命周期,即只在当前打开的IE窗口有效,IE关闭或重新打开其它窗口,仍会要求验证。可以根据需要修改为大于0的数字,比如3600等,意思是在3600秒内,打开任意IE窗口,都不需要验证。
1.2、服务器端退出访问:http://localhost:8080/cas/logout,
若希望退出后能返回则需要配置
服务端cas-servlet.xml配置
<bean id="logoutController" class="org.jasig.cas.web.LogoutController" ... .../>
增加属性 p:followServiceRedirects="true"
退出链接为:http://localhost:8080/cas/logout?service=http://localhost:8080/Casclient/index.jsp
1.3、更改服务器端验证方式,采用数据库验证:
修改配置文件deployerConfigContext.xml,加dbcp连接池:(以oracle为例)
<bean id="casDataSource" class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName">
<value>oracle.jdbc.driver.OracleDriver</value>
</property>
<property name="url">
<value>jdbc:oracle:thin:@192.168.18.26:1521:orcl</value>
</property>
<property name="username">
<value>test</value>
</property>
<property name="password">
<value>test</value>
</property>
</bean>
需要的jar包有:(见附件:cas-server-support-jdbc-3.4.4.jar,commons-dbcp-1.2.1.jar,commons-pool-1.3.jar,ojdbc14_g.jar)
配置加密方式,cas内置的有MD5加密,也可以写自己的加密类,实现org.jasig.cas.authentication.handler.PasswordEncoder接口即可:
<bean id="passwordEncoder"
class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" autowire="byName">
<constructor-arg value="MD5"/>
</bean>
注释掉默认的验证方式,采用数据库查询验证:
<property name="authenticationHandlers">
<list>
<!----注释掉这里的默认验证方式,采用以下验证QueryDatabaseAuthenticationHandler-->
<!--
<bean
class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> -->
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="casDataSource" />
<property name="sql"
value="select password from userinfo where lower(username) = lower(?)" />
<property name="passwordEncoder" ref="passwordEncoder"/>
</bean>
</list>
</property>
---------------到这里cas服务端的配置就完成了。
2、java客户端配置,下载客户端:http://downloads.jasig.org/cas-clients/,目前最新版本为:cas-client-3.2.0
将modules下的jar复制到java客户端Casclient1的lib下,在web.xml中配置过滤器,配置如下(详情见附件):
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<!-- 用于单点退出,该过滤器用于实现单点登出功能,通知其他应用单点登出-->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- 该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责用户的认证工作,必须启用它 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://192.168.18.8:8080/cas/login</param-value>
<!--这里的server是服务端的IP-->
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://192.168.18.8:8989</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://192.168.18.8:8080/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://192.168.18.8:8989</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
该过滤器负责实现HttpServletRequest请求的包裹,
比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。
-->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
页面为:
<%
AttributePrincipal principal = (AttributePrincipal)request.getUserPrincipal();
String username = principal.getName();
%>
<br/>----------------------------------------------------------<br/>
<h1>登录成功,这是客户端1啊</h1><br/>
用户名:<%=username %><br/>
<a href="http://localhost:8989/Casclient2/index.jsp">进入客户端2</a><br/>
<a href="http://localhost:8080/cas/logout?service=http://localhost:8989/Casclient1/index.jsp">退出</a><br/>
-----------到这里java客户端配置成功,发布到tomcat,复制Casclient1改名为Casclient2,启动tomcat,
访问Casclient1,跳转到登录页面,登录成功后成功转向登录成功页面,这时访问Casclient2发现不需要登录即显示登录成功页面,java单点登录成功。
参考网址:
http://blog.csdn.net/DL88250/archive/2008/08/20/2799522.aspx
http://www.wsria.com/archives/1349
http://tonrenyuye.blog.163.com/blog/static/30012576200922925820471/