目前实现了由cas统一认证登陆,但用户在每个系统的权限由各个系统自己进行验证,相当于各个系统根据返回的用户信息后台登陆了一次。
因为我们的系统需要支持内外网址都能访问,因此我对cas客户端做了一些修改,主要是访问地址的修改。
Web.xml中的配置信息如下:
主要修改了以下几点:
1、修改AuthenticationFilter文件中的doFilter
publicfinal void doFilter(final ServletRequestservletRequest, final ServletResponseservletResponse,final FilterChainfilterChain) throws IOException, ServletException {
finalHttpServletRequestrequest = (HttpServletRequest) servletRequest;
finalHttpServletResponseresponse = (HttpServletResponse) servletResponse;
finalHttpSessionsession = request.getSession(false);
finalString ticket = request.getParameter(getArtifactParameterName());
finalAssertion assertion = session != null ? (Assertion) session
.getAttribute(CONST_CAS_ASSERTION) : null;
finalbooleanwasGatewayed= session != null
&&session.getAttribute(CONST_CAS_GATEWAY)!= null;
//判断是否为注销的url参数中带有isToLogout=1参数的url均认为是系统注销的url
StringisToLogout=request.getParameter("isToLogout");
if(CommonUtils.isBlank(ticket) && assertion == null && !wasGatewayed&& !("1".equals(isToLogout))) {
log.debug("noticket and no assertion found");
if(this.gateway) {
log.debug("settinggateway attribute in session");
request.getSession(true).setAttribute(CONST_CAS_GATEWAY,"yes");
}
finalString serviceUrl = constructServiceUrl(request, response,"auth");
//从配置文件中取出cas服务器的登陆地址
Map
this.casServerLoginUrl=config.get("authServerUrl").toString();
finalString urlToRedirectTo =CommonUtils.constructRedirectUrl(this.casServerLoginUrl,getServiceParameterName(), serviceUrl, this.renew, this.gateway);
if(log.isDebugEnabled()) {
log.debug("redirectingto \"" + urlToRedirectTo + "\"");
}
response.sendRedirect(urlToRedirectTo);
return;
}
if(session != null) {
log.debug("removinggateway attribute from session");
session.setAttribute(CONST_CAS_GATEWAY,null);
}
filterChain.doFilter(request,response);
}
2、修改文件AbstractCasFilter中的constructServiceUrl
protectedfinal String constructServiceUrl(final HttpServletRequest request, finalHttpServletResponseresponse,final String type) {
//从配置文件中取出cas服务器的登陆地址
Map
if("auth".equals(type)){
this.serverName=config.get("localAuthServerName").toString();
this.service=config.get("localAuthServiceUrl").toString();
}else if("validation".equals(type)){
this.serverName=config.get("localValidationServerName").toString();
this.service=config.get("localValidationServiceUrl").toString();
}
returnCommonUtils.constructServiceUrl(request,response, this.service, this.serverName, this.artifactParameterName,this.encodeServiceUrl);
附上customConfig源码:
package cn.com.wz
/**
* @Description 系统配置公共方法类
* @Author: huxx
* @createTime: 2013-5-28 上午11:25
*/
class CustomConfigUtil {
/**
* @Description 获取属性文件中的属性信息
* @param servletContext ,request 可以为null,如果为null就取工作流内部地址
* @return
* @create huxx 2013-05-28
*/
static Map
def result=[:]
def realPath=servletContext.getRealPath('/data/config.xml')
def xml=FileUtil.readXML(realPath)
result.appCode="${xml.app.appCode}" //应用系统编码
result.defaultCategoryId="${xml.home.defaultCategoryId}" //页面默认栏目ids
result.defaultChecked="${xml.home.defaultChecked}" //页面默认选中栏目ids
result.inWFRootUrl="${xml.home.inWFRootUrl}" //工作流内部根地址
result.outWFRootUrl="${xml.home.outWFRootUrl}" //工作流外部根地址
result.inEWPRootUrl="${xml.home.inRootUrl}" //EWP内部跟地址
result.outEWPRootUrl="${xml.home.outRootUrl}"//EWP外部根地址
result.isSSO="${xml.isSSO}"
//判断ewp请求是从外网访问还是从内网访问,判断使用工作流的外网地址还是内网地址
String rootUrl=""
String authServerUrl=""
String localAuthServiceUrl=""
String localAuthServerName=""
String validationServerUrl=""
String localValidationServiceUrl=""
String localValidationServerName=""
String logoutUrl=""
if (request){
def url=request.getRequestURL()
def outRootUrl="${xml.home.outRootUrl}"
if (url.toString().toUpperCase().indexOf(outRootUrl.toString().toUpperCase())>=0){
rootUrl="${xml.home.outWFRootUrl}"
authServerUrl="${xml.cas.authserver.outurl}"
localAuthServiceUrl="${xml.cas.localauthserviceurl.outurl}"
localAuthServerName= "${xml.cas.localauthservername.outurl}"
validationServerUrl="${xml.cas.validationserver.outurl}"
localValidationServiceUrl="${xml.cas.localvalidationserviceurl.outurl}"
localValidationServerName= "${xml.cas.localvalidationservername.outurl}"
logoutUrl="${xml.cas.logout.outurl}"
}else{
rootUrl="${xml.home.inWFRootUrl}"
authServerUrl="${xml.cas.authserver.inurl}"
localAuthServiceUrl="${xml.cas.localauthserviceurl.inurl}"
localAuthServerName= "${xml.cas.localauthservername.inurl}"
validationServerUrl="${xml.cas.validationserver.inurl}"
localValidationServiceUrl="${xml.cas.localvalidationserviceurl.inurl}"
localValidationServerName= "${xml.cas.localvalidationservername.inurl}"
logoutUrl="${xml.cas.logout.inurl}"
}
}else{
rootUrl="${xml.home.inWFRootUrl}"
authServerUrl="${xml.cas.authserver.inurl}"
localAuthServiceUrl="${xml.cas.localauthserviceurl.inurl}"
localAuthServerName= "${xml.cas.localauthservername.inurl}"
validationServerUrl="${xml.cas.validationserver.inurl}"
localValidationServiceUrl="${xml.cas.localvalidationserviceurl.inurl}"
localValidationServerName= "${xml.cas.localvalidationservername.inurl}"
logoutUrl="${xml.cas.logout.inurl}"
}
result.logoutUrl=logoutUrl
result.authServerUrl=authServerUrl
result.localAuthServiceUrl=localAuthServiceUrl
result.localAuthServerName= localAuthServerName
result.validationServerUrl=validationServerUrl
result.localValidationServiceUrl=localValidationServiceUrl
result.localValidationServerName= localValidationServerName
result.rootUrl=rootUrl
result.getBackLogUrl="${xml.home.getBackLogUrl}"
result.getmessages="${xml.home.getmessages}"
result.uploadRootDir="${xml.upload.rootDir}"
result.noNeedLoginUrl="${xml.security.noNeedLoginUrl}".toString()
return result
}
}
配置文件信息: