CAS配置(一)-集成RESTFul
CAS单点登录服务器很多时候都是被B/S的应用使用,那么对已有些系统是CS的那么怎么去调用呢,这个时候就需要使用webservice来给CS的系统调用了,我们先来说说先决条件吧:
1)集成需要的jar包,这个是必不可少的
com.noelios.restlet.ext.servlet-1.1.1.jar
com.noelios.restlet.ext.spring-1.1.1.jar
com.noelios.restlet-1.1.1.jar
org.restlet.ext.spring-1.1.1.jar
org.restlet-1.1.1.jar
cglib-2.2.jar
cas-server-integration-restlet-3.4.7.jar
2)配置,在web.xml中增加一个servlet配置
<servlet>
<servlet-name>restlet</servlet-name>
<servlet-class>com.noelios.restlet.ext.spring.RestletFrameworkServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>restlet</servlet-name>
<url-pattern>/v1/*</url-pattern>
</servlet-mapping>
那么我们的CS客户端怎么去处理呢,以及怎么去拿到用户数据呢?需要有三次交互才能取得用户数据
1)CS客户端提供用户名和密码,请求http://localhost:8080/TFP-S/v1/tickets,如果用户合法则得到TGT数据。
2)根据TGT和service取得ST票据,请求的路径是:http://localhost:8080/TFP-S/v1/tickets/TGT_编号
3)验证ST票据,得到用户信息的XML格式信息。
样例代码如下:
- public class Client {
- public static String getTicket(final String server, final String username, final String password,
- final String service) {
- notNull(server, "server must not be null");
- notNull(username, "username must not be null");
- notNull(password, "password must not be null");
- notNull(service, "service must not be null");
- return getServiceTicket(server, getTicketGrantingTicket(server, username, password), service);
- }
- /**
- * 取得ST
- * @param server
- * @param ticketGrantingTicket
- * @param service
- */
- private static String getServiceTicket(final String server, final String ticketGrantingTicket, final String service) {
- if (ticketGrantingTicket == null)
- return null;
- final HttpClient client = new HttpClient();
- final PostMethod post = new PostMethod(server + "/" + ticketGrantingTicket);
- post.setRequestBody(new NameValuePair[] { new NameValuePair("service", service) });
- try {
- client.executeMethod(post);
- final String response = post.getResponseBodyAsString();
- switch (post.getStatusCode()) {
- case 200:
- return response;
- default:
- warning("Invalid response code (" + post.getStatusCode() + ") from CAS server!");
- info("Response (1k): " + response.substring(0, Math.min(1024, response.length())));
- break;
- }
- }
- catch (final IOException e) {
- warning(e.getMessage());
- }
- finally {
- post.releaseConnection();
- }
- return null;
- }
- /**
- * @param server
- * @param username
- * @param password
- */
- private static String getTicketGrantingTicket(final String server, final String username, final String password) {
- final HttpClient client = new HttpClient();
- final PostMethod post = new PostMethod(server);
- post.setRequestBody(new NameValuePair[] { new NameValuePair("username", username),
- new NameValuePair("password", password) });
- try {
- client.executeMethod(post);
- final String response = post.getResponseBodyAsString();
- info("TGT="+response);
- switch (post.getStatusCode()) {
- case 201: {
- final Matcher matcher = Pattern.compile(".*action=\".*/(.*?)\".*").matcher(response);
- if (matcher.matches())
- return matcher.group(1);
- warning("Successful ticket granting request, but no ticket found!");
- info("Response (1k): " + response.substring(0, Math.min(1024, response.length())));
- break;
- }
- default:
- warning("Invalid response code (" + post.getStatusCode() + ") from CAS server!");
- info("Response (1k): " + response.substring(0, Math.min(1024, response.length())));
- break;
- }
- }
- catch (final IOException e) {
- warning(e.getMessage());
- }
- finally {
- post.releaseConnection();
- }
- return null;
- }
- private static void ticketValidate(String serverValidate, String serviceTicket, String service) {
- notNull(serviceTicket, "paramter 'serviceTicket' is not null");
- notNull(service, "paramter 'service' is not null");
- final HttpClient client = new HttpClient();
- GetMethod post = null;
- try {
- post = new GetMethod(serverValidate+"?"+"ticket="+serviceTicket+"&service="+URLEncoder.encode(service, "UTF-8"));
- client.executeMethod(post);
- final String response = post.getResponseBodyAsString();
- info(response);
- switch (post.getStatusCode()) {
- case 200: {
- info("成功取得用户数据");
- }
- default: {
- }
- }
- } catch (Exception e) {
- warning(e.getMessage());
- } finally {
- //释放资源
- post.releaseConnection();
- }
- }
- private static void notNull(final Object object, final String message) {
- if (object == null)
- throw new IllegalArgumentException(message);
- }
- public static void main(final String[] args) throws Exception {
- final String server = "http://localhost:8080/TFP-S/v1/tickets";
- final String username = "username";
- final String password = "username";
- final String service = "http://localhost:8080/service";
- final String proxyValidate = "http://localhost:8080/TFP-S/proxyValidate";
- ticketValidate(proxyValidate, getTicket(server, username, password, service), service);
- }
- private static void warning(String msg) {
- System.out.println(msg);
- }
- private static void info(String msg) {
- System.out.println(msg);
- }
- }
如果对返回来的用户信息是什么格式不清楚,那么下面是一个xml格式。
- <cas:serviceResponse >
- <cas:authenticationSuccess>
- <cas:user>xuf</cas:user>
- <cas:attributes>
- <cas:securityLevel>2</cas:securityLevel>
- <cas:userType>个人用户</cas:userType>
- <cas:age>32</cas:age>
- </cas:attributes>
- </cas:authenticationSuccess>
- </cas:serviceResponse>
这个格式怎么修改?在透露一点吧,就是在CAS服务器那边是不是有casServiceValidationFailure.jsp文件,对了,就是它决定返回的xml格式的。如果使用Filter,其实也是传递回来这个xml,只是验证票据的过滤器,将这个xml转换成Assertion对象了。明白了吧。