上一节中介绍了CAS服务器端的配置,服务已经run起来了,接下来就新建另一个web工程,该工程通过先前的CAS Server统一认证
客户端的配置主要是4个filter配置
1.AuthenticationFilter
这个filter负责对请求进行登录验证拦截,这里我们配置了位于/security/目录中的文件需要该验证
casServerLoginUrl:CAS登录地址url
serverName:当前应用所在主机名,注意不要写成ip,格式为http(s)://hostName:port
<filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://localhost:8443/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8080</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/security/*</url-pattern> </filter-mapping>2.ValidationFilter
这个filter负责对请求参数ticket进行验证(ticket参数是负责子系统与CAS进行验证交互的凭证)
casServerUrlPrefix:CAS服务访问地址
serverName:当前应用所在的主机名
<filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://localhost:8443/cas/</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8080</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/security/*</url-pattern> </filter-mapping>3.HttpServletRequestWrapperFilter
这个是HttpServletRequet的包裹类,让他支持getUserPrincipal,getRemoteUser方法来取得用户信息
<filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/security/*</url-pattern> </filter-mapping>4.AssertionThreadLocalFilter
这个类把Assertion信息放在ThreadLocal变量中,这样应用程序不在web层也能够获取到当前登录信息
Assertion assersion =AssertionHolder.getAssertion();
<filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/security/*</url-pattern> </filter-mapping>5.启动tomcat访问 http://localhost:8080/cas-client/security/hello.jsp 如下
该访问请求会被我们的AuthenticationFilter拦截,进入到登录页面,而URL后面会自动填上访问链接的地址,用来登录成功后跳转到原页面
6.输入正确的用户密码,成功后跳转到/security/hello.jsp页面
注意,如果客户端应用和CAS服务不是部署在同一台机器上,则客户端应用必须导入服务器端的证书才可以运行,方法
将服务器端证书复制到客户端,名称为tomcat.crt
在客户端命令行上运行
keytool -import -alias tomcat -file tomcat.crt -keystore %java_home%/jre/lib/security/cacerts -storepass
重启tomcat后生效