使用C/S的方式进行单点登陆

 

CAS单点登录服务器很多时候都是被B/S的应用使用，那么对已有些系统是CS的那么怎么去调用呢，这个时候就需要使用webservice来给CS的系统调用了，我们先来说说先决条件吧：

1）集成需要的jar包，这个是必不可少的

com.noelios.restlet.ext.servlet-1.1.1.jar

com.noelios.restlet.ext.spring-1.1.1.jar

com.noelios.restlet-1.1.1.jar

org.restlet.ext.spring-1.1.1.jar

org.restlet-1.1.1.jar

cglib-2.2.jar

cas-server-integration-restlet-3.4.7.jar

2)配置，在web.xml中增加一个servlet配置

restlet
com.noelios.restlet.ext.spring.RestletFrameworkServlet
1

 

restlet
/v1/*

那么我们的CS客户端怎么去处理呢，以及怎么去拿到用户数据呢？需要有三次交互才能取得用户数据

1)CS客户端提供用户名和密码，请求http://localhost:8080/TFP-S/v1/tickets，如果用户合法则得到TGT数据。

2）根据TGT和service取得ST票据，请求的路径是：http://localhost:8080/TFP-S/v1/tickets/TGT_编号

3)验证ST票据，得到用户信息的XML格式信息。

样例代码如下：

public class Client {

    public static String getTicket(final String server, final String username, final String password,
            final String service) {
        notNull(server, "server must not be null");
        notNull(username, "username must not be null");
        notNull(password, "password must not be null");
        notNull(service, "service must not be null");

        return getServiceTicket(server, getTicketGrantingTicket(server, username, password), service);
    }

    /**
     * 取得ST
     * @param server
     * @param ticketGrantingTicket
     * @param service
     */
    private static String getServiceTicket(final String server, final String ticketGrantingTicket, final String service) {
        if (ticketGrantingTicket == null)
            return null;

        final HttpClient client = new HttpClient();

        final PostMethod post = new PostMethod(server + "/" + ticketGrantingTicket);

        post.setRequestBody(new NameValuePair[] { new NameValuePair("service", service) });

        try {
            client.executeMethod(post);

            final String response = post.getResponseBodyAsString();

            switch (post.getStatusCode()) {
            case 200:
                return response;

            default:
                warning("Invalid response code (" + post.getStatusCode() + ") from CAS server!");
                info("Response (1k): " + response.substring(0, Math.min(1024, response.length())));
                break;
            }
        }

        catch (final IOException e) {
            warning(e.getMessage());
        }

        finally {
            post.releaseConnection();
        }

        return null;
    }

    /**
     * @param server
     * @param username
     * @param password
     */
    private static String getTicketGrantingTicket(final String server, final String username, final String password) {
        final HttpClient client = new HttpClient();

        final PostMethod post = new PostMethod(server);

        post.setRequestBody(new NameValuePair[] { new NameValuePair("username", username),
                new NameValuePair("password", password) });

        try {
            client.executeMethod(post);

            final String response = post.getResponseBodyAsString();
            info("TGT="+response);
            switch (post.getStatusCode()) {
            case 201: {
                final Matcher matcher = Pattern.compile(".*action=\".*/(.*?)\".*").matcher(response);

                if (matcher.matches())
                    return matcher.group(1);

                warning("Successful ticket granting request, but no ticket found!");
                info("Response (1k): " + response.substring(0, Math.min(1024, response.length())));
                break;
            }

            default:
                warning("Invalid response code (" + post.getStatusCode() + ") from CAS server!");
                info("Response (1k): " + response.substring(0, Math.min(1024, response.length())));
                break;
            }
        }

        catch (final IOException e) {
            warning(e.getMessage());
        }

        finally {
            post.releaseConnection();
        }

        return null;
    }

    private static void ticketValidate(String serverValidate, String serviceTicket, String service) {
        notNull(serviceTicket, "paramter 'serviceTicket' is not null");
        notNull(service, "paramter 'service' is not null");

        final HttpClient client = new HttpClient();
        GetMethod post = null;

        try {
            post = new GetMethod(serverValidate+"?"+"ticket="+serviceTicket+"&service="+URLEncoder.encode(service, "UTF-8"));
            client.executeMethod(post);

            final String response = post.getResponseBodyAsString();
            info(response);
            switch (post.getStatusCode()) {
            case 200: {
                info("成功取得用户数据");
            }
            default: {

            }
            }

        } catch (Exception e) {
            warning(e.getMessage());
        } finally {
            //释放资源
            post.releaseConnection();
        }

    }

    private static void notNull(final Object object, final String message) {
        if (object == null)
            throw new IllegalArgumentException(message);
    }

    public static void main(final String[] args) throws Exception {
        final String server = "http://localhost:8080/TFP-S/v1/tickets";
        final String username = "username";
        final String password = "username";
        final String service = "http://localhost:8080/service";
        final String proxyValidate = "http://localhost:8080/TFP-S/proxyValidate";


        ticketValidate(proxyValidate, getTicket(server, username, password, service), service);

    }

    private static void warning(String msg) {
        System.out.println(msg);
    }

    private static void info(String msg) {
        System.out.println(msg);
    }

}

如果对返回来的用户信息是什么格式不清楚，那么下面是一个xml格式。

<cas:serviceResponse >
    <cas:authenticationSuccess>
        <cas:user>xufcas:user>
        <cas:attributes>
            <cas:securityLevel>2cas:securityLevel>
            <cas:userType>个人用户cas:userType>
            <cas:age>32cas:age>
        cas:attributes>
    cas:authenticationSuccess>
cas:serviceResponse>

这个格式怎么修改？在透露一点吧，就是在CAS服务器那边是不是有casServiceValidationFailure.jsp文件，对了，就是它决定返回的xml格式的。如果使用Filter，其实也是传递回来这个xml，只是验证票据的过滤器，将这个xml转换成Assertion对象了。明白了吧。