上面很多文章都是说一些原理性的东西,大家可能更关心如果使用,那么来介绍一下各个过滤器需要那些参数,以及这些参数什么意思(摘自官方wiki:https://wiki.jasig.org/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml):
org.jasig.cas.client.authentication.AuthenticationFilter
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value></param-value>
</init-param>
</filter>
Required Properties
- casServerLoginUrl - Defines the location of the CAS server login URL, i.e. https://localhost:8443/cas/login
- service or serverName
- service - the service URL to send to the CAS server, e.g. https://localhost:8443/yourwebapp/index.html
- serverName - the server name of the server this application is hosted on. Service URL will be dynamically constructed using this, i.e.https://localhost:8443 (you must include the protocol, but port is optional if it's a standard port).
Optional Properties
- renew - specifies whether renew=true should be sent to the CAS server. Valid values are either "true" or "false" (or no value at all).
- gateway - specifies whether gateway=true should be sent to the CAS server. Valid values are either "true" or "false" (or no value at all).
- artifactParameterName - specifies the name of the request parameter on where to find the artifact (i.e. "ticket").
- serviceParameterName - specifies the name of the request parameter on where to find the service (i.e. "service").
org.jasig.cas.client.authentication.Saml11AuthenticationFilter
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value></param-value>
</init-param>
</filter>
Required Properties
- casServerLoginUrl - Defines the location of the CAS server login URL, i.e. https://localhost:8443/cas/login
- service - the service URL to send to the CAS server, e.g. https://localhost:8443/yourwebapp/index.html
- serverName - the server name of the server this application is hosted on. Service URL will be dynamically constructed using this, i.e. https://localhost:8443(you must include the protocol, but port is optional if it's a standard port).
Optional Properties
- renew - specifies whether renew=true should be sent to the CAS server. Valid values are either "true" or "false" (or no value at all).
- gateway - specifies whether gateway=true should be sent to the CAS server. Valid values are either "true" or "false" (or no value at all).
- artifactParameterName - specifies the name of the request parameter on where to find the artifact (i.e. "SAMLArt").
- serviceParameterName - specifies the name of the request parameter on where to find the service (i.e. "TARGET").
org.jasig.cas.client.validation.Cas10TicketValidationFilter
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value></param-value>
</init-param>
</filter>
Required Properties
- casServerUrlPrefix - the start of the CAS server URL, i.e. https://localhost:8443/cas.
- serverName - the server name of the server this application is hosted on. Service URL will be dynamically constructed using this, i.e. https://localhost:8443(you must include the protocol, but port is optional if it's a standard port).
Optional Properties
- redirectAfterValidation (default: true) - whether to redirect to the same URL after ticket validation, but without the ticket in the parameter.
- useSession (default: true) - whether to store the Assertion in session or not. If sessions are not used, tickets will be required for each request.
- exceptionOnValidationFailure (default: true) - whether to throw an exception or not on ticket validation failure.
- renew (default: false) - specifies whether renew=true should be sent to the CAS server. Valid values are either "true" or "false"
org.jasig.cas.client.validation.Saml11TicketValidationFilter
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value></param-value>
</init-param>
</filter>
Required Properties
- casServerUrlPrefix - the start of the CAS server URL, i.e. https://localhost:8443/cas.
Optional Properties
- redirectAfterValidation (default: true) - whether to redirect to the same URL after ticket validation, but without the ticket in the parameter.
- useSession (default: true) - whether to store the Assertion in session or not. If sessions are not used, tickets will be required for each request.
- exceptionOnValidationFailure (default: true) - whether to throw an exception or not on ticket validation failure.
- tolerance (default: 1000 mSec) - the tolerance for drifting clocks when validating SAML tickets. Note that 10 seconds should be more than enough for most environments that have NTP time synchronization.
- renew (default: false) - specifies whether renew=true should be sent to the CAS server. Valid values are either "true" or "false" (NOTE: Available as of version 3.1.6.)
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value></param-value>
</init-param>
</filter>
Required Properties
- casServerUrlPrefix - the start of the CAS server URL, i.e. https://localhost:8443/cas.
- serverName - the start of the URL that this application is running on. Service URL will be dynamically constructed using this, i.e. https://localhost:8443 (you must include the protocol, but port is optional if it's a standard port). Service URL is passed to the CAS server for ticket validation.
Optional Properties
- redirectAfterValidation (default: true) - whether to redirect to the same URL after ticket validation, but without the ticket in the parameter.
- useSession (default: true) - whether to store the Assertion in session or not. If sessions are not used, tickets will be required for each request.
- exceptionOnValidationFailure (default: true) - whether to throw an exception or not on ticket validation failure.
- proxyReceptorUrl (default: null) - the URL to watch for PGTIOU/PGT responses from the CAS server. Should be defined from the root of the context. For example, ff your application is deployed in /cas-client-app and you want the proxy receptor URL to be /cas-client-app/my/receptor you need to configure proxyReceptorUrl to be /my/receptor
- renew (default: false) - specifies whether renew=true should be sent to the CAS server. Valid values are either "true" or "false."
- acceptAnyProxy (default: false) - specifies whether any proxy is OK.
- allowedProxyChains (default: null) - specifies the proxy chain. Each acceptable proxy chain should include a space-separated list of URLs. Each acceptable proxy chain should appear on its own line.
- proxyCallbackUrl (default: none) - the callback URL to provide the CAS server to accept Proxy Granting Tickets.
- proxyGrantingTicketStorageClass (@since 3.1.9) (default: none) - specify an implementation of the ProxyGrantingTicketStorage class that has a no-arg constructor.
org.jasig.cas.client.util.HttpServletRequestWrapperFilter
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
org.jasig.cas.client.util.AssertionThreadLocalFilter
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
Required Properties
None
Optional Properties
None