基于CAS的SSO(单点登录)实例

第一步　部署CAS-Server（服务端）

　　1.从CAS官方网站（http://developer.jasig.org/cas/）下载最新版本的CAS-Server（当前最新版本cas-server-4.0.0-release.zip），将其解压，找到modules/cas-server-webapp-3.5.2.war，复制到本地tomcat下的webapps下，并重命名为cas.war（可以是其他名称），启动tomcat，在webapps下生成了名为cas的web项目。

　　2.CAS默认使用https协议通信，需要tomcat配置SSL协议（这一部分会在以后详细介绍）。 但是由于一般项目不需要这么高的安全级别， 为了简化操作，将使用http协议通信。

　　打开webapps\cas\WEB-INF\spring-configuration\warnCookieGenerator.xml，找到如下配置，将p:cookieSecure="true"改为p:cookieSecure="false"

　　

　　打开webapps\cas\WEB-INF\spring-configuration\ticketGrantingTicketCookieGenerator.xml ，找到如下配置，将p:cookieSecure="true"改为p:cookieSecure="false"

　　

　　打开webapps\cas\WEB-INF\deployerConfigContext.xml 文件 ，找到如下配置，将p:requireSecure="false"添加到下图标记的位置

　　

　　3.重新启动tomcat，访问  http://localhost:8085/cas  则可以看到如下登陆界面。

　　

 　　至于下图所显示的错误Non-secure Connection，是由于没有使用HTTPS协议的关系，而默认的登陆界面有对此进行验证的代码，而在实际项目中的登陆界面一般需要自己写，通过修改webapps\cas\WEB-INF\view\jsp\default\ui下的casLoginView.jsp即可。将下图所示代码删掉即可去除错误警告。

　　

 

　　4.CAS-Server的默认验证规则：只要用户名和密码相同就认证通过（仅仅用于测试，生成环境需要根据实际情况修改，如何更改认证规则会在以后详细介绍），输入admin/admin 点击登录，就可以看到登录成功的页面。至此CAS服务端配置完成。

　　

 
第二步　部署CAS-Client（客户端）

　　1.从网上下载对应CAS-Server版本的CAS-Client（当前对应版本cas-client-3.2.1-release.zip）， 解压提取cas-client-3.2.1/modules/cas-client-core-3.2.1.jar，复制到实际web项目的lib下。

　　2.配置web.xml文件，添加以下代码

    
    <listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListenerlistener-class>
    listener>

    
    <filter>
        <filter-name>CAS Single Sign Out Filterfilter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilterfilter-class>
    filter>
    <filter-mapping>
        <filter-name>CAS Single Sign Out Filterfilter-name>
        <url-pattern>/*url-pattern>
    filter-mapping>

    <filter>
        <filter-name>CAS Filterfilter-name>
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilterfilter-class>
        <init-param>
            <param-name>casServerLoginUrlparam-name>
            <param-value>http://127.0.0.1:8080/cas/loginparam-value>
        init-param>
        <init-param>
            <param-name>serverNameparam-name>
            <param-value>http://127.0.0.1:8080param-value>
        init-param>
    filter>
    <filter-mapping>
        <filter-name>CAS Filterfilter-name>
        <url-pattern>/*url-pattern>
    filter-mapping>
    
    <filter>
        <filter-name>CAS Validation Filterfilter-name>
        <filter-class>
            org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilterfilter-class>
        <init-param>
            <param-name>casServerUrlPrefixparam-name>
            <param-value>http://127.0.0.1:8080/casparam-value>
        init-param>
        <init-param>
            <param-name>serverNameparam-name>
            <param-value>http://127.0.0.1:8080param-value>
        init-param>
    filter>
    <filter-mapping>
        <filter-name>CAS Validation Filterfilter-name>
        <url-pattern>/*url-pattern>
    filter-mapping>

    
    <filter>
        <filter-name>CAS HttpServletRequest Wrapper Filterfilter-name>
        <filter-class>
            org.jasig.cas.client.util.HttpServletRequestWrapperFilterfilter-class>
    filter>
    <filter-mapping>
        <filter-name>CAS HttpServletRequest Wrapper Filterfilter-name>
        <url-pattern>/*url-pattern>
    filter-mapping>

    
    <filter>
        <filter-name>CAS Assertion Thread Local Filterfilter-name>
        <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilterfilter-class>
    filter>
    <filter-mapping>
        <filter-name>CAS Assertion Thread Local Filterfilter-name>
        <url-pattern>/*url-pattern>
    filter-mapping>

  

　　3.模拟两个子系统。

　　　　首先，创建两个servlet（App1.java和App2.java）。

　　　　App1.java代码

package servlet;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class App1 extends HttpServlet {

    private static final long serialVersionUID = -6593274907821061823L;

    public void doGet(HttpServletRequest request, HttpServletResponse response)
            throws IOException, ServletException {
        response.setContentType("text/html");
        PrintWriter out = response.getWriter();
        out.println("App1");
    }
}

　　　　App2.java代码

package servlet;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class App2 extends HttpServlet {

    private static final long serialVersionUID = -6593274907821061823L;

    public void doGet(HttpServletRequest request, HttpServletResponse response)
            throws IOException, ServletException {
        response.setContentType("text/html");
        PrintWriter out = response.getWriter();
        out.println("App2");
    }
}

　　　　最终的web.xml代码

xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" 
    xmlns="http://java.sun.com/xml/ns/javaee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
    http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
  <display-name>display-name>    
  <welcome-file-list>
    <welcome-file>index.jspwelcome-file>
  welcome-file-list>
  
  
    
    <listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListenerlistener-class>
    listener>

    
    <filter>
        <filter-name>CAS Single Sign Out Filterfilter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilterfilter-class>
    filter>
    <filter-mapping>
        <filter-name>CAS Single Sign Out Filterfilter-name>
        <url-pattern>/*url-pattern>
    filter-mapping>

    <filter>
        <filter-name>CAS Filterfilter-name>
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilterfilter-class>
        <init-param>
            <param-name>casServerLoginUrlparam-name>
            <param-value>http://127.0.0.1:8080/cas/loginparam-value>
        init-param>
        <init-param>
            <param-name>serverNameparam-name>
            <param-value>http://127.0.0.1:8080param-value>
        init-param>
    filter>
    <filter-mapping>
        <filter-name>CAS Filterfilter-name>
        <url-pattern>/*url-pattern>
    filter-mapping>
    
    <filter>
        <filter-name>CAS Validation Filterfilter-name>
        <filter-class>
            org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilterfilter-class>
        <init-param>
            <param-name>casServerUrlPrefixparam-name>
            <param-value>http://127.0.0.1:8080/casparam-value>
        init-param>
        <init-param>
            <param-name>serverNameparam-name>
            <param-value>http://127.0.0.1:8080param-value>
        init-param>
    filter>
    <filter-mapping>
        <filter-name>CAS Validation Filterfilter-name>
        <url-pattern>/*url-pattern>
    filter-mapping>

    
    <filter>
        <filter-name>CAS HttpServletRequest Wrapper Filterfilter-name>
        <filter-class>
            org.jasig.cas.client.util.HttpServletRequestWrapperFilterfilter-class>
    filter>
    <filter-mapping>
        <filter-name>CAS HttpServletRequest Wrapper Filterfilter-name>
        <url-pattern>/*url-pattern>
    filter-mapping>

    
    <filter>
        <filter-name>CAS Assertion Thread Local Filterfilter-name>
        <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilterfilter-class>
    filter>
    <filter-mapping>
        <filter-name>CAS Assertion Thread Local Filterfilter-name>
        <url-pattern>/*url-pattern>
    filter-mapping>

  
    <servlet>
    <display-name>App1display-name>
    <servlet-name>App1servlet-name>
    <servlet-class>servlet.App1servlet-class>
  servlet>
  <servlet>
    <display-name>App2display-name>
    <servlet-name>App2servlet-name>
    <servlet-class>servlet.App2servlet-class>
  servlet>
  
  <servlet-mapping>
    <servlet-name>App1servlet-name>
    <url-pattern>/App1url-pattern>
  servlet-mapping>
  <servlet-mapping>
    <servlet-name>App2servlet-name>
    <url-pattern>/App2url-pattern>
  servlet-mapping>
web-app>

　　4.添加jar依赖包commons-logging.jar（日志工具），如果不添加会报错误，但是没有测试是否影响正常功能的使用。

第三步　测试SSO

　　1.浏览器中输入地址http://127.0.0.1:8080/SSO_CAS/App1（SSO_CAS为web项目名称），跳转到CAS-Server的默认登陆界面中，输入admin/admin，点击登陆，显示App1。

　　

 

　　2.浏览器中输入地址http://127.0.0.1:8080/SSO_CAS/App2，则跳过登陆验证，直接显示App2。

　　

到此已经全部完成了基于CAS的单点登录实例演示。

转载于:https://www.cnblogs.com/java-meng/p/7269990.html