一点感悟:由于项目需要用到了CAS单点登录技术,前段时间对CAS单点登录进行了服务器端配置,比较顺利,难就难做在CAS客户端配置,花了不少时间,希望借此一点经验与大家分析,让学习的人少走弯路。
一、环境准备
<property name="authenticationHandlers"> <list> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <!-- 注释原有的数据库认证方式 <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> --> <!-- 创建数据库认证方式 --> <bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"> <property name="dataSource" ref="casDataSource" /> <property name="sql" value="select t_password from app_user where t_username=?" /> </bean> </list> </property>
添加配置mysql数据源
<span style="font-family:SimSun;font-size:14px;"><bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> <!-- 配置mysql数据源 --> <bean id="casDataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName" value="com.mysql.jdbc.Driver"></property> <property name="url" value="jdbc:mysql://172.22.6.9:3306/casuserdatabase"/> <property name="username" value="root"/> <property name="password" value="123456"/> </bean><span style="color:#ff0000;"> </span></span>2、创建casuserdatabase数据库,新建app_user数据表,如下:
CREATE TABLE `app_user` ( `t_id` int(11) PRIMARY KEY AUTO_INCREMENT NOT NULL<span style="font-family: SimSun;">,</span> `t_username` varchar(30) NOT NULL, `t_password` varchar(30) NOT NULL, );
1、下载cas-client-3.2.1客户端,下载地址:https://www.apereo.org/projects/cas/download-cas,
2、将cas-client-3.2.1进行解压,然后在modules文件夹中将cas-client-core-3.2.1.jar,cas-client-integration-tomcat-v7-3.2.1.jar、commons-logging-1.1.jar、commons-codec-1.4.jar四个jar包拷贝到web项目工程WEB-INF/lib下,如图:
3、配置web项目中的web.xml,如下:
<?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <welcome-file-list> <welcome-file>login.jsp</welcome-file> </welcome-file-list> <!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置 --> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <!-- 该过滤器用于实现单点功能,可选配置 --> <filter> <filter-name>CasSingleSignOutFilter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter-mapping> <filter-name>CasSingleSignOutFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 该过滤器负责用户的认证工作,必须启用它 --> <filter> <filter-name>CASFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <!-- cas服务器登录地址 --> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://172.22.6.9:8888/cas/login</param-value> </init-param> <!-- 连接服务器登录ip --> <init-param> <param-name>serverName</param-name> <param-value>http://172.22.6.9:8888</param-value> </init-param> </filter> <filter-mapping> <filter-name>CASFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 该过滤器负责对Ticket的校验工作,必须启用它 --> <filter> <filter-name>CASTicketValidator</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <!-- 配置当前web应用所在的的web服务器域名URL --> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://172.22.6.9:8888/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://172.22.6.9:8888</param-value> </init-param> </filter> <filter-mapping> <filter-name>CASTicketValidator</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 该过滤器负责实现HttpServletRequest请求的包裹, 比如允许开发者通过HttpServletRequest的getRemoteUser() 方法获得SSO登录用户的登录名,可选配置。 --> <filter> <filter-name>CASRequestWrapperFilter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>CASRequestWrapperFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 比如 AssertionHolder.getAssertion().getPrincipal().getName()。 --> <filter> <filter-name>CASAssertionThreadLocalFilter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter-mapping> <filter-name>CASAssertionThreadLocalFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>AutoSetUserAdapterFilter</filter-name> <filter-class>com.demo.servlet.AutoSetUserAdapterFilter</filter-class> </filter> <filter-mapping> <filter-name>AutoSetUserAdapterFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>
1、CASFilter中的cas服务器地址要配置http://localhost:8888/cas/login;
<filter> <filter-name>CASFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <!-- cas服务器登录地址 --> <init-param> <param-name>casServerLoginUrl</param-name> <span style="color:#ff0000;"><param-value>http://172.22.6.9:8888/cas/login</param-value>//注意URL</span> </init-param> <!-- 连接服务器登录ip --> <init-param> <param-name>serverName</param-name> <param-value>http://172.22.6.9:8888</param-value> </init-param> </filter>
2、CASTicketValidator中的cas服务器地址要配置http://172.22.6.9:8888/cas
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 --> <filter> <filter-name>CASTicketValidator</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <!-- cas服务器登录地址 --> <init-param> <param-name>casServerUrlPrefix</param-name> <span style="color:#ff0000;"> <param-value>http://172.22.6.9:8888/cas</param-value>//注意URL</span> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://172.22.6.9:8888</param-value> </init-param> </filter>如果URL地址一致,会出现错误:
org.xml.sax.SAXParseException; lineNumber: 64; columnNumber: 23; 元素类型 "label" 必须由匹配的结束标记 "</label>" 终止。 org.xml.sax.SAXParseException; lineNumber: 64; columnNumber: 23; 元素类型 "label" 必须由匹配的结束标记 "</label>" 终止。 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:198) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:177) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:441) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:368) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1436)效果:
在浏览器中输入web项目地址:172.22.6.9:8888/demo,会跳转到http://172.22.6.9:8888/cas/login?service=http%3A%2F%2F172.22.6.9%3A8888%2Fdemo%2F单点登录界面,然后输入帐号与密码,ok!