单点登录学习(3)CAS客户端配置

上一节中介绍了CAS服务器端的配置,服务已经run起来了,接下来就新建另一个web工程,该工程通过先前的CAS Server统一认证

客户端的配置主要是4个filter配置

1.AuthenticationFilter

这个filter负责对请求进行登录验证拦截,这里我们配置了位于/security/目录中的文件需要该验证

casServerLoginUrl:CAS登录地址url

serverName:当前应用所在主机名,注意不要写成ip,格式为http(s)://hostName:port

	<filter>
		<filter-name>CAS Authentication Filter</filter-name>
		<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
		<init-param>
			<param-name>casServerLoginUrl</param-name>
			<param-value>https://localhost:8443/cas/login</param-value>
		</init-param>
		<init-param>
			<param-name>serverName</param-name>
			<param-value>http://localhost:8080</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>CAS Authentication Filter</filter-name>
		<url-pattern>/security/*</url-pattern>
	</filter-mapping>
2.ValidationFilter

这个filter负责对请求参数ticket进行验证(ticket参数是负责子系统与CAS进行验证交互的凭证)

casServerUrlPrefix:CAS服务访问地址

serverName:当前应用所在的主机名

  	<filter>
  		<filter-name>CAS Validation Filter</filter-name>
  		<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
  		<init-param>
  			<param-name>casServerUrlPrefix</param-name>
  			<param-value>https://localhost:8443/cas/</param-value>
  		</init-param>
  		<init-param>
  			<param-name>serverName</param-name>
  			<param-value>http://localhost:8080</param-value>
  		</init-param>
  	</filter>
  	<filter-mapping>
  		<filter-name>CAS Validation Filter</filter-name>
  		<url-pattern>/security/*</url-pattern>
  	</filter-mapping>
3.HttpServletRequestWrapperFilter

这个是HttpServletRequet的包裹类,让他支持getUserPrincipal,getRemoteUser方法来取得用户信息

  	<filter>
  		<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
  		<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
  	</filter>
  	<filter-mapping>
  		<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
  		<url-pattern>/security/*</url-pattern>
  	</filter-mapping>
4.AssertionThreadLocalFilter

这个类把Assertion信息放在ThreadLocal变量中,这样应用程序不在web层也能够获取到当前登录信息

Assertion assersion =AssertionHolder.getAssertion();

  	<filter>
  		<filter-name>CAS Assertion Thread Local Filter</filter-name>
  		<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
  	</filter>
  	<filter-mapping>
  		<filter-name>CAS Assertion Thread Local Filter</filter-name>
  		<url-pattern>/security/*</url-pattern>
  	</filter-mapping>
5.启动tomcat访问 http://localhost:8080/cas-client/security/hello.jsp 如下

该访问请求会被我们的AuthenticationFilter拦截,进入到登录页面,而URL后面会自动填上访问链接的地址,用来登录成功后跳转到原页面

单点登录学习(3)CAS客户端配置_第1张图片

6.输入正确的用户密码,成功后跳转到/security/hello.jsp页面
单点登录学习(3)CAS客户端配置_第2张图片
注意,如果客户端应用和CAS服务不是部署在同一台机器上,则客户端应用必须导入服务器端的证书才可以运行,方法

将服务器端证书复制到客户端,名称为tomcat.crt

在客户端命令行上运行

keytool -import -alias tomcat -file tomcat.crt -keystore %java_home%/jre/lib/security/cacerts -storepass

重启tomcat后生效

你可能感兴趣的:(thread,tomcat,validation,filter,Authentication,wrapper)