web项目接入cas单点登陆

注：访问和web.xml的配置中不要使用localhost或127.0.0.1，因为cas服务器有时需要回调，如果写的是localhost或127.0.0.1，将无法回调回来。
我的ip是10.10.10.12

PS: java客户端下载地址：http://developer.jasig.org/cas-clients/

前置条件：

导入证书到jdk的证书库。注意jdk证书库的路径和sso证书路径：
证书相关生成过程请看文章：TODO

keytool -import -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -file D:/security/xxx-sso.crt -alias sso.xxx.com -storepass changeit

1、创建好相应的maven web项目，我的是SsoClientDemo

2、添加cas-client的jar包

由于是用maven，直接在pom.xml中加入下面内容即可：
依赖cas 3.3.3

<dependencies>
    <dependency>
      <groupId>org.jasig.cas.clientgroupId>
      <artifactId>cas-client-coreartifactId>
      <version>3.3.3version>
    dependency>
dependencies>

3、修改web.xml，加入下面的配置内容：

注：我的cas服务的url为：https://sso.xxx.com:8443/xxx-cas-server

<listener>  
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListenerlistener-class>  
listener>  

<filter>  
    <filter-name>CAS Single Sign Out Filterfilter-name>  
    <filter-class>org.jasig.cas.client.session.SingleSignOutFilterfilter-class>  
filter>
<filter-mapping>  
    <filter-name>CAS Single Sign Out Filterfilter-name>  
    <url-pattern>/*url-pattern>  
filter-mapping>  
<filter>  
    <filter-name>CASFilterfilter-name>  
    <filter-class>org.jasig.cas.client.authentication.AuthenticationFilterfilter-class>  
    <init-param>  
        <param-name>casServerLoginUrlparam-name>  
        <param-value>https://sso.xxx.com:8443/xxx-cas-server/loginparam-value>  

    init-param>  
    <init-param>
        <param-name>serverNameparam-name>  
        <param-value>http://10.10.10.12:8080param-value>  
    init-param>  
filter>  
<filter-mapping>  
    <filter-name>CASFilterfilter-name>  
    <url-pattern>/*url-pattern>  
filter-mapping>  

<filter>  
    <filter-name>CAS Validation Filterfilter-name>  
    <filter-class>  
        org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilterfilter-class>  
    <init-param>  
        <param-name>casServerUrlPrefixparam-name>  
        <param-value>https://sso.xxx.com:8443/xxx-cas-serverparam-value>  
    init-param>
    <init-param> 
        <param-name>serverNameparam-name>  
        <param-value>http://10.10.10.12:8080param-value>  
    init-param>
filter>
<filter-mapping>  
    <filter-name>CAS Validation Filterfilter-name>  
    <url-pattern>/*url-pattern>
filter-mapping>  

4、新建一个Servlet，并在web.xml中进行配置

package com.xxx.sso.client.demo.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class HelloServlet extends HttpServlet {
    private static final long serialVersionUID = 1634321560241660991L;
    @Override
    protected void service(HttpServletRequest req, HttpServletResponse resp)
            throws ServletException, IOException {
        resp.getWriter().append("This is Hello Servlet...");
    }

}

在web.xml配置servlet

<servlet>
    <servlet-name>helloServletservlet-name>
    <servlet-class>com.xxx.sso.client.demo.servlet.HelloServletservlet-class>
servlet>
<servlet-mapping>
    <servlet-name>helloServletservlet-name>
    <url-pattern>/helloServleturl-pattern>
servlet-mapping>

5、部署项目并启动tomcat，访问helloServlet

在浏览器输入：10.10.10.12:8080/SsoClientDemo/helloServlet
会自动跳转到单点登陆服务器：

使用相应的账号密码登陆就好了。具体cas服务器配置请参考 TODO

6、接入的子系统获取登陆的用户名

从cas登陆回调回来之后，我们需要知道到底是谁登陆的，可以通过AttributePrincipal来获取登陆的用户名。

Assertion assertion = (Assertion) req.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);  
AttributePrincipal principal = assertion.getPrincipal();  
String username = principal.getName();  
System.out.println(username);