Cas filter client端没有自带过滤掉某些url不进行单点登录的init-param ,需要实现自定义的Filter 取代org.jasig.cas.client.authentication.AuthenticationFilter和org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
1.实现CASAuthenticationFilter extends AbstractCasFilter
因为cas自带的filter中org.jasig.cas.client.authentication.AuthenticationFilter 的doFilter方法是final的,无法重写,所以需要直接继承AbstractCasFilter
实现代码如下
[public class CASAuthenticationFilter extends AbstractCasFilter {
private final String ExcludeFile = "ExcludeFile"; //excludeFile 列表
private String casServerLoginUrl;
private boolean renew;
private boolean gateway;
private GatewayResolver gatewayStorage;
private String strExcludeFile;
private String[] arrExcludeFile = null;
public CASAuthenticationFilter(){
this.renew = false;
this.gateway = false;
this.gatewayStorage = new DefaultGatewayResolverImpl();
setStrExcludeFile("");
}
protected void initInternal(FilterConfig filterConfig) throws ServletException {
if (!(isIgnoreInitConfiguration())) {
super.initInternal(filterConfig);
setCasServerLoginUrl(getPropertyFromInitParams(filterConfig, "casServerLoginUrl", null));
this.log.trace("Loaded CasServerLoginUrl parameter: " + this.casServerLoginUrl);
setRenew(parseBoolean(getPropertyFromInitParams(filterConfig, "renew", "false")));
this.log.trace("Loaded renew parameter: " + this.renew);
setGateway(parseBoolean(getPropertyFromInitParams(filterConfig, "gateway", "false")));
this.log.trace("Loaded gateway parameter: " + this.gateway);
setStrExcludeFile(getPropertyFromInitParams(filterConfig, ExcludeFile, ""));
this.log.trace("Loaded ExcludeFile parameter: " + this.strExcludeFile);
String gatewayStorageClass = getPropertyFromInitParams(filterConfig, "gatewayStorageClass", null);
if (gatewayStorageClass == null) return;
try {
this.gatewayStorage = ((GatewayResolver)Class.forName(gatewayStorageClass).newInstance());
} catch (Exception e) {
this.log.error(e, e);
throw new ServletException(e);
}
}
}
public void init()
{
super.init();
CommonUtils.assertNotNull(this.casServerLoginUrl, "casServerLoginUrl cannot be null.");
if (strExcludeFile != null && strExcludeFile.trim().length() > 0) {
arrExcludeFile = strExcludeFile.split(",");
}
}
public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
String modifiedServiceUrl;
HttpServletRequest request = (HttpServletRequest)servletRequest;
HttpServletResponse response = (HttpServletResponse)servletResponse;
HttpSession session = request.getSession(false);
Assertion assertion = (session != null) ? (Assertion)session.getAttribute("_const_cas_assertion_") : null;
if (assertion != null) {
filterChain.doFilter(request, response);
return;
}
[color=red]//excludeFile 跳出filter
String requestStr = request.getRequestURL().toString();
this.log.debug("requestStr-->"+requestStr);
PathMatcher matcher = new AntPathMatcher();
if(arrExcludeFile != null){
for(String excludePath : arrExcludeFile){
boolean flag = matcher.match(excludePath, requestStr);
if(!flag){
flag = requestStr.indexOf(excludePath) > 0;
}
if(flag){
this.log.debug("excludePath " + excludePath + " pass sso authentication");
filterChain.doFilter(request, response);
return;
}
}
}[/color]
String serviceUrl = constructServiceUrl(request, response);
String ticket = CommonUtils.safeGetParameter(request, getArtifactParameterName());
boolean wasGatewayed = this.gatewayStorage.hasGatewayedAlready(request, serviceUrl);
if ((CommonUtils.isNotBlank(ticket)) || (wasGatewayed)) {
filterChain.doFilter(request, response);
return;
}
this.log.debug("no ticket and no assertion found");
if (this.gateway) {
this.log.debug("setting gateway attribute in session");
modifiedServiceUrl = this.gatewayStorage.storeGatewayInformation(request, serviceUrl);
} else {
modifiedServiceUrl = serviceUrl;
}
if (this.log.isDebugEnabled()) {
this.log.debug("Constructed service url: " + modifiedServiceUrl);
}
String urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), modifiedServiceUrl, this.renew, this.gateway);
if (this.log.isDebugEnabled()) {
this.log.debug("redirecting to \"" + urlToRedirectTo + "\"");
}
response.sendRedirect(urlToRedirectTo);
}
public final void setRenew(boolean renew) {
this.renew = renew;
}
public final void setGateway(boolean gateway) {
this.gateway = gateway;
}
public final void setCasServerLoginUrl(String casServerLoginUrl) {
this.casServerLoginUrl = casServerLoginUrl;
}
public final void setGatewayStorage(GatewayResolver gatewayStorage) {
this.gatewayStorage = gatewayStorage;
}
public void setStrExcludeFile(String strExcludeFile) {
this.strExcludeFile = strExcludeFile;
}
}]
2.实现CasTicketValidationFilter extends AbstractTicketValidationFilter
同样实现filter,过滤掉url
//exclude file
this.log.debug("requestStr-->"+requestUri);
PathMatcher matcher = new AntPathMatcher();
if(arrExcludeFile != null){
for(String excludePath : arrExcludeFile){
boolean flag = matcher.match(excludePath, requestUri);
if(!flag){
flag = requestUri.indexOf(excludePath) > 0;
}
if(flag){
this.log.debug("excludePath " + excludePath + " pass sso authentication in validationFilter");
filterChain.doFilter(request, response);
return false;
}
}
}
3.配置web.xml
<!-- cas begin -->
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>CASAuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://localhost:8088/cas-web/login</param-value>
</init-param>
<init-param>
<param-name>renew</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>gateway</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8090</param-value>
</init-param>
<init-param>
<param-name>ExcludeFile</param-name>
<param-value>ShowOrderDetail.jsp,OrderDtl.jsp</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>CasTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://localhost:8088/cas-web</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8090</param-value>
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>ExcludeFile</param-name>
<param-value>ShowOrderDetail.jsp,OrderDtl.jsp</param-value>
</init-param>
</filter>