单点登录 - CAS【五】单点登出

一、配置客户端Web.xml

      

<!-- 用于单点退出,该过滤器用于实现单点登出功能  -->
	<listener>
		<listener-class>org.jasig.cas.client.javafilter.session.SingleSignOutHttpSessionListener</listener-class>
	</listener>

	<!-- 该过滤器用于实现单点登出功能  -->
	<filter>
		<filter-name>CAS Single Sign Out Filter</filter-name>
		<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>CAS Single Sign Out Filter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

 说明:此filter一定要放到别的filter之前。

 

如果想在执行CAS Single Sign Out Filter之前,想做点别的事情,我们可以自定义个servlet

<!-- 用户登出 -->
	<servlet>
		<servlet-name>LogOutServlet</servlet-name>
		<servlet-class>com.wy.cas.client.servlet.LogOutServlet</servlet-class>
		<init-param>
			<param-name>serverLogoutUrl</param-name>
			<param-value>https://sso.wy.com:8443/cas-server/logout</param-value>
		</init-param>
		<init-param>
			<param-name>serverName</param-name>
			<param-value>http://127.0.0.1:8081/cas-test</param-value>
		</init-param>
	</servlet>
	<servlet-mapping>
		<servlet-name>LogOutServlet</servlet-name>
		<url-pattern>/logout</url-pattern>
	</servlet-mapping>

 

说明:登出为什么要使用https协议?

    我们可以在ticketGrantingTicketCookieGenerator.xml找到原因:

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:p="http://www.springframework.org/schema/p"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
	<description>
		Defines the cookie that stores the TicketGrantingTicket.  You most likely should never modify these (especially the "secure" property).
		You can change the name if you want to make it harder for people to guess.
	</description>
	<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
		p:cookieSecure="true"
		p:cookieMaxAge="-1"
		p:cookieName="CASTGC"
		p:cookiePath="/cas" />
</beans>

 p:cookieSecure="true",作用就是要求客户端和Cas Server之间通过HTTPS或者其它安全协议传递数据。

cookie的Secure属性,只能保证cookie与Cas Server服务器之间的数据传输过程加密,而保存在本地的cookie文件并不加密。

 

如果我们不是HTTPS协议进行登出,就会发现登出是不会成功的。通过fireBug查看提交的内容时,发现注销时,并没有相关的cookie。

二、登出成功后,重定向到登录页面

    在cas-servlet.xml中,logoutController的p:followServiceRedirects="${cas.logout.followServiceRedirects:false}"默认是false

我们只需要修改为true,然后在业务系统的注销连接中加入"service参数",值为业务系统的绝对URL,这样就OK了,如:https://sso.wy.com:8443/cas-server/login?service=http://127.0.0.1:8081/cas-test

<bean id="logoutController" class="org.jasig.cas.web.LogoutController"
        p:centralAuthenticationService-ref="centralAuthenticationService"
        p:logoutView="casLogoutView"
        p:warnCookieGenerator-ref="warnCookieGenerator"
        p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator"
        p:servicesManager-ref="servicesManager"
        p:followServiceRedirects="${cas.logout.followServiceRedirects:true}"/>

 

 

三、自定义Servlet

public class LogOutServlet extends javax.servlet.http.HttpServlet{
	private static final long serialVersionUID = 1L;
       
	
    /**
     * @see HttpServlet#HttpServlet()
     */
    public LogOutServlet() {
        super();
    }
    
    public static String serverLogoutUrl = "";
    
    public static String serverName = "";

    public void init() throws ServletException {
    	serverLogoutUrl = this.getInitParameter("serverLogoutUrl");
    	serverName = this.getInitParameter("serverName");
     }
	/**
	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		this.doPost(request, response);
	}

	/**
	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		UserInfo user = new UserInfo();
		response.sendRedirect(serverLogoutUrl + "?service=" + serverName + "&username=" + user.getIscUserSourceId());
	}
	

}

 

 

你可能感兴趣的:(单点登录)