CAS4.0集成(restlet)与使用实例

CAS提供了C/S端登录的组件,集成restlet即可,步骤还是很方便的,可以先下载依赖包


注意3.x版本的restlet与4.0集成的包有所不同,这里只描述4.0版本
百度云依赖包下载 密码: p917

1.加入依赖包

2.配置web.xml


<servlet>
    <servlet-name>restletservlet-name>
    <servlet-class>org.restlet.ext.spring.RestletFrameworkServletservlet-class>
    <load-on-startup>1load-on-startup>
servlet>
<servlet-mapping>
    <servlet-name>restletservlet-name>
    <url-pattern>/v1/*url-pattern>
servlet-mapping>  

3.重启服务器,测试

1. 获取登录TGT

参数:username,password,service
地址:/v1/tickets

例:curl -i -X  POST -d "username=admin&password=admin&service=http://www.google.com"  
    http://127.0.0.1:8080/websso/v1/tickets 

返回值:
HTTP/1.1 201 Created Date: Thu, 03 Nov 2016 01:39:45 GMT Accept-Ranges:
bytes Location:
http://127.0.0.1:8080/websso/v1/tickets/TGT-2-kfxOmoqdU7HfIf5wjKuQgbsE
xZB34mhT6QcGcetuzLYRmmWT4x-cas01.example.org Server:
Restlet-Framework/2.1.0 Content-Type: text/html;charset=UTF-8
Content-Length: 447


<html>
<head>
<title>201 The r equest has been fulfilled and resulted in a new
    resource being createdtitle>head>
<body>
    <h1>TGT Createdh1>
    <form
        action="http://127.0.0.1:8080/websso/v1/tic
kets/TGT-2-kfxOmoqdU7HfIf5wjKuQgbsExZB34mhT6QcGcetuzLYRmmWT4x-cas01.example.org"
        method="POST">
        Service:<input type="text" name="service" value=""><br>
        <input typ e="submit" value="Submit">
    form>
body>
html>

2. 通过TGT获取TK

参数:service
地址:/v1/tickets/{TGT id}

例:curl -i  -X POST -d "service=http://www.google.com"  
http://127.0.0.1:8080/websso/v1/tickets/TGT-2-kfxOmoqdU7HfIf5wjKuQgbsExZB34mhT6QcGcetuzLYRmmWT4x-cas01.example.org  

返回值:
HTTP/1.1 200 OK
Date: Thu, 03 Nov 2016 01:40:41 GMT
Accept-Ranges: bytes
Server: Restlet-Framework/2.1.0
Content-Type: text/plain;charset=UTF-8
Content-Length: 43

ST-2-PjRJUXN2rVL2Z6c1OIif-cas01.example.org

3. 获取登录用户信息

参数:ticket,service
地址:/serviceValidate

例:curl -i  -X POST -d "ticket=ST-2-PjRJUXN2rVL2Z6c1OIif-cas01.example.org&service=http://www.google.com" 
http://127.0.0.1:8080/websso/serviceValidate


返回值:(可能与您的有所不同,因为这是我另外拓展的属性)
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type:
application/xml;charset=UTF-8 Content-Language: zh-CN Content-Length:
663 Date: Thu, 03 Nov 2016 01:45:27 GMT
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
    <cas:authenticationSuccess>
        <cas:user>admincas:user>
        <cas:attributes>
            <cas:postid>0cas:postid>
            <cas:username>admincas:username>
            <cas:systemcode>1cas:systemcode>
            <cas:userid>4028d881436d514601436d5215ac0043cas:userid>
            <cas:salt>admincas:salt>
        cas:attributes>
        cas:authenticationSuccess>
cas:serviceResponse>

4. 注销退出用户

参数:无
地址:cas/v1/tickets/{TGT id}

例:curl -i  -X DELETE 
http://127.0.0.1:8080/websso/cas/v1/tickets/TGT-2-fxOmoqdU7HfIf5wjKuQgbsExZB34mhT6QcGcetuzLYRmmWT4x-cas01.example.org

返回值:
HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Length: 0
Date: Thu, 03 Nov 2016 01:50:06 GMT

退出之后可以再次获取用户信息
curl -i  -X POST -d "ticket=ST-2-PjRJUXN2rVL2Z6c1OIif-cas01.example.org&service=http://www.google.com" 
http://127.0.0.1:8080/websso/serviceValidate

返回值:(会提示票据已经过期了)
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml;charset=UTF-8
Content-Language: zh-CN
Content-Length: 256
Date: Thu, 03 Nov 2016 01:50:22 GMT

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
        <cas:authenticationFailure code='INVALID_TICKET'>
        鏈兘澶熻瘑鍒嚭鐩爣 &#039;ST-2-PjRJUXN2rVL2Z6c1OIif-cas01.e
xample.org&#039;绁ㄦ牴
        </cas:authenticationFailure>
</cas:serviceResponse>

网上拓展

  1. 在测试类中可以得到用户的ST.一般ST的有效时间都很短,在 /cas/WebRoot/WEB-INF/spring-configuration/ticketExpirationPolicies.xml ,这个文件中设置
    CAS4.0集成(restlet)与使用实例_第1张图片

  2. 得到ST之后,拼接访问地址,拷贝到浏览器中就可以时间浏览器的免登陆,直接访问到 受保护资源

你可能感兴趣的:(sso)