CAS客户端配置及定制

一、   配置CAS客户端及个性化定制

目前实现了由cas统一认证登陆,但用户在每个系统的权限由各个系统自己进行验证,相当于各个系统根据返回的用户信息后台登陆了一次。

因为我们的系统需要支持内外网址都能访问,因此我对cas客户端做了一些修改,主要是访问地址的修改。

Web.xml中的配置信息如下:

CASSingle Sign Out Filter

cas.session.SingleSignOutFilter

CASSingle Sign Out Filter

/*

cas.session.SingleSignOutHttpSessionListener

CASAuthentication Filter

cas.authentication.AuthenticationFilter

casServerLoginUrl

https://cas.server:8443/cas/login

renew

false

gateway

false

serverName

http://localhost:9999/

service

http://localhost:9999/ewp/login/doLogin

 

CASValidation Filter

cas.validation.Cas20ProxyReceivingTicketValidationFilter

casServerUrlPrefix

 

https://cas.server:8443/cas

serverName

http://localhost:9999

service

http://localhost:9999/ewp/login/doLogin

useSession

true

redirectAfterValidation

true

 

CASHttpServletRequestWrapperFilter

cas.util.HttpServletRequestWrapperFilter

 

CASAssertion Thread Local Filter

cas.util.AssertionThreadLocalFilter

 

CASAuthentication Filter

/*

 

CASValidation Filter

/*

 

 

CASHttpServletRequestWrapperFilter

/*

 

CASAssertion Thread Local Filter

/*

主要修改了以下几点:

1、修改AuthenticationFilter文件中的doFilter

publicfinal void doFilter(final ServletRequestservletRequest, final ServletResponseservletResponse,final FilterChainfilterChain) throws IOException, ServletException {

finalHttpServletRequestrequest = (HttpServletRequest) servletRequest;

finalHttpServletResponseresponse = (HttpServletResponse) servletResponse;

finalHttpSessionsession = request.getSession(false);

finalString ticket = request.getParameter(getArtifactParameterName());

finalAssertion assertion = session != null ? (Assertion) session

               .getAttribute(CONST_CAS_ASSERTION) : null;

finalbooleanwasGatewayed= session != null

&&session.getAttribute(CONST_CAS_GATEWAY)!= null;

 

        //判断是否为注销的url参数中带有isToLogout=1参数的url均认为是系统注销的url

 StringisToLogout=request.getParameter("isToLogout");

 

if(CommonUtils.isBlank(ticket) && assertion == null && !wasGatewayed&& !("1".equals(isToLogout))) {

log.debug("noticket and no assertion found");

if(this.gateway) {

log.debug("settinggateway attribute in session");

request.getSession(true).setAttribute(CONST_CAS_GATEWAY,"yes");

            }

 

finalString serviceUrl = constructServiceUrl(request, response,"auth");

 

 //从配置文件中取出cas服务器的登陆地址

           Mapconfig=CustomConfigUtil.getCustomConfig(request.getServletContext(), request);

this.casServerLoginUrl=config.get("authServerUrl").toString();

 

finalString urlToRedirectTo =CommonUtils.constructRedirectUrl(this.casServerLoginUrl,getServiceParameterName(), serviceUrl, this.renew, this.gateway);

 

if(log.isDebugEnabled()) {

log.debug("redirectingto \"" + urlToRedirectTo + "\"");

            }

 

response.sendRedirect(urlToRedirectTo);

return;

        }

 

if(session != null) {

log.debug("removinggateway attribute from session");

session.setAttribute(CONST_CAS_GATEWAY,null);

        }

 

filterChain.doFilter(request,response);

}

 

2、修改文件AbstractCasFilter中的constructServiceUrl

protectedfinal String constructServiceUrl(final HttpServletRequest request, finalHttpServletResponseresponse,final String type) {

 //从配置文件中取出cas服务器的登陆地址

       Mapconfig= CustomConfigUtil.getCustomConfig(request.getServletContext(),request);

if("auth".equals(type)){

this.serverName=config.get("localAuthServerName").toString();

this.service=config.get("localAuthServiceUrl").toString();

}else if("validation".equals(type)){

           this.serverName=config.get("localValidationServerName").toString();

this.service=config.get("localValidationServiceUrl").toString();

        }

 

returnCommonUtils.constructServiceUrl(request,response, this.service, this.serverName, this.artifactParameterName,this.encodeServiceUrl);


附上customConfig源码:

package cn.com.wz


/**
 * @Description 系统配置公共方法类
 * @Author: huxx
 * @createTime: 2013-5-28 上午11:25
 */
class CustomConfigUtil {
    /**
     * @Description 获取属性文件中的属性信息
     * @param servletContext ,request 可以为null,如果为null就取工作流内部地址
     * @return
     * @create huxx 2013-05-28
     */
    static Map getCustomConfig(def servletContext,def request){
        def result=[:]
        def realPath=servletContext.getRealPath('/data/config.xml')
        def xml=FileUtil.readXML(realPath)


        result.appCode="${xml.app.appCode}"    //应用系统编码
        result.defaultCategoryId="${xml.home.defaultCategoryId}" //页面默认栏目ids
        result.defaultChecked="${xml.home.defaultChecked}" //页面默认选中栏目ids
        result.inWFRootUrl="${xml.home.inWFRootUrl}"   //工作流内部根地址
        result.outWFRootUrl="${xml.home.outWFRootUrl}" //工作流外部根地址
        result.inEWPRootUrl="${xml.home.inRootUrl}" //EWP内部跟地址
        result.outEWPRootUrl="${xml.home.outRootUrl}"//EWP外部根地址
        result.isSSO="${xml.isSSO}"


        //判断ewp请求是从外网访问还是从内网访问,判断使用工作流的外网地址还是内网地址
        String rootUrl=""
        String authServerUrl=""
        String localAuthServiceUrl=""
        String localAuthServerName=""


        String validationServerUrl=""
        String localValidationServiceUrl=""
        String localValidationServerName=""
        String logoutUrl=""
        if (request){
            def url=request.getRequestURL()
            def outRootUrl="${xml.home.outRootUrl}"


            if (url.toString().toUpperCase().indexOf(outRootUrl.toString().toUpperCase())>=0){
                rootUrl="${xml.home.outWFRootUrl}"


                authServerUrl="${xml.cas.authserver.outurl}"
                localAuthServiceUrl="${xml.cas.localauthserviceurl.outurl}"
                localAuthServerName= "${xml.cas.localauthservername.outurl}"


                validationServerUrl="${xml.cas.validationserver.outurl}"
                localValidationServiceUrl="${xml.cas.localvalidationserviceurl.outurl}"
                localValidationServerName= "${xml.cas.localvalidationservername.outurl}"


                logoutUrl="${xml.cas.logout.outurl}"
            }else{
                rootUrl="${xml.home.inWFRootUrl}"


                authServerUrl="${xml.cas.authserver.inurl}"
                localAuthServiceUrl="${xml.cas.localauthserviceurl.inurl}"
                localAuthServerName= "${xml.cas.localauthservername.inurl}"


                validationServerUrl="${xml.cas.validationserver.inurl}"
                localValidationServiceUrl="${xml.cas.localvalidationserviceurl.inurl}"
                localValidationServerName= "${xml.cas.localvalidationservername.inurl}"


                logoutUrl="${xml.cas.logout.inurl}"
            }
        }else{
            rootUrl="${xml.home.inWFRootUrl}"


            authServerUrl="${xml.cas.authserver.inurl}"
            localAuthServiceUrl="${xml.cas.localauthserviceurl.inurl}"
            localAuthServerName= "${xml.cas.localauthservername.inurl}"


            validationServerUrl="${xml.cas.validationserver.inurl}"
            localValidationServiceUrl="${xml.cas.localvalidationserviceurl.inurl}"
            localValidationServerName= "${xml.cas.localvalidationservername.inurl}"


            logoutUrl="${xml.cas.logout.inurl}"
        }
        result.logoutUrl=logoutUrl
        result.authServerUrl=authServerUrl
        result.localAuthServiceUrl=localAuthServiceUrl
        result.localAuthServerName= localAuthServerName


        result.validationServerUrl=validationServerUrl
        result.localValidationServiceUrl=localValidationServiceUrl
        result.localValidationServerName= localValidationServerName


        result.rootUrl=rootUrl
        result.getBackLogUrl="${xml.home.getBackLogUrl}"
        result.getmessages="${xml.home.getmessages}"
        result.uploadRootDir="${xml.upload.rootDir}"
        result.noNeedLoginUrl="${xml.security.noNeedLoginUrl}".toString()
        return result
    }
}


配置文件信息:



   
        app_ewp
   


div_userInfo,div_linkTools,div_links;div_workFlow,div_schedule,div_message,div_address;div_bookTicket,div_itAndPro,div_activity,div_ygwy,div_gszd,div_qywh
div_userInfo,div_linkTools,div_workFlow,div_schedule,div_message,div_address,div_bookTicket,div_itAndPro,div_activity,div_links,div_gszd,div_ygwy,div_qywh
http://192.168.1.162/
            http://wf.wuzheng.com.cn/


            http://192.168.1.8/
            http://192.168.107.24:9999/ewp/


interfaces/getBackLog
message/processMessages

   
       
            https://cas.server:8443/cas
            https://192.168.107.8:8443/cas
       

       
           
           
       

       
            http://localhost:9999/ewp/login/doLogin
            http://192.168.107.24:9999/ewp/login/doLogin
       



       
            https://cas.server:8443/cas
            https://192.168.107.8:8443/cas
       

       
            http://localhost:9999
            http://192.168.107.24:9999
       



       
           
           
       



       
            https://cas.server:8443/cas/logout
            https://192.168.107.8:8443/cas/logout
       

   

   
        D:
   

   
   
       
        /_
        /login/doLogin_
        /login/doLoginForCas_
        /login/login_
        /common/ajax_
        /ShortMessage/sendForWF_
   



   1

你可能感兴趣的:(SSO)