CAS实现过滤掉某些URL不走单点登录

Cas filter client端没有自带过滤掉某些url不进行单点登录的init-param ,需要实现自定义的Filter 取代org.jasig.cas.client.authentication.AuthenticationFilter和org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
1.实现CASAuthenticationFilter extends AbstractCasFilter
因为cas自带的filter中org.jasig.cas.client.authentication.AuthenticationFilter 的doFilter方法是final的,无法重写,所以需要直接继承AbstractCasFilter
实现代码如下
[public class CASAuthenticationFilter extends AbstractCasFilter {
    private final String ExcludeFile = "ExcludeFile";  //excludeFile 列表
    private String casServerLoginUrl;
    private boolean renew;
    private boolean gateway;
    private GatewayResolver gatewayStorage;
    private String strExcludeFile;
    private String[] arrExcludeFile = null;
    public CASAuthenticationFilter(){
        this.renew = false;

        this.gateway = false;

        this.gatewayStorage = new DefaultGatewayResolverImpl(); 
        setStrExcludeFile("");
    }
    
    protected void initInternal(FilterConfig filterConfig) throws ServletException {
        if (!(isIgnoreInitConfiguration())) {
            super.initInternal(filterConfig);
            setCasServerLoginUrl(getPropertyFromInitParams(filterConfig, "casServerLoginUrl", null));
            this.log.trace("Loaded CasServerLoginUrl parameter: " + this.casServerLoginUrl);
            setRenew(parseBoolean(getPropertyFromInitParams(filterConfig, "renew", "false")));
            this.log.trace("Loaded renew parameter: " + this.renew);
            setGateway(parseBoolean(getPropertyFromInitParams(filterConfig, "gateway", "false")));
            this.log.trace("Loaded gateway parameter: " + this.gateway);
            
            setStrExcludeFile(getPropertyFromInitParams(filterConfig, ExcludeFile, ""));
            this.log.trace("Loaded ExcludeFile parameter: " + this.strExcludeFile);
            
            String gatewayStorageClass = getPropertyFromInitParams(filterConfig, "gatewayStorageClass", null);

            if (gatewayStorageClass == null) return;
            try {
              this.gatewayStorage = ((GatewayResolver)Class.forName(gatewayStorageClass).newInstance());
            } catch (Exception e) {
              this.log.error(e, e);
              throw new ServletException(e);
            }
          }
    }
    public void init()
    {
      super.init();
      CommonUtils.assertNotNull(this.casServerLoginUrl, "casServerLoginUrl cannot be null.");
      if (strExcludeFile != null && strExcludeFile.trim().length() > 0) {
          arrExcludeFile = strExcludeFile.split(",");
      }
    }

    public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
      String modifiedServiceUrl;
      HttpServletRequest request = (HttpServletRequest)servletRequest;
      HttpServletResponse response = (HttpServletResponse)servletResponse;
      HttpSession session = request.getSession(false);
      Assertion assertion = (session != null) ? (Assertion)session.getAttribute("_const_cas_assertion_") : null;
      
      if (assertion != null) {
        filterChain.doFilter(request, response);
        return;
      }
      
      [color=red]//excludeFile 跳出filter
      String requestStr = request.getRequestURL().toString();
      this.log.debug("requestStr-->"+requestStr);
      PathMatcher matcher = new AntPathMatcher();
      if(arrExcludeFile != null){
          for(String excludePath : arrExcludeFile){
              boolean flag = matcher.match(excludePath, requestStr);
              if(!flag){
                  flag = requestStr.indexOf(excludePath) > 0;
              }
              if(flag){
                  this.log.debug("excludePath " + excludePath + " pass sso authentication");
                  filterChain.doFilter(request, response);
                  return;
              }
          }
      }[/color]
      

      String serviceUrl = constructServiceUrl(request, response);
      String ticket = CommonUtils.safeGetParameter(request, getArtifactParameterName());
      boolean wasGatewayed = this.gatewayStorage.hasGatewayedAlready(request, serviceUrl);

      if ((CommonUtils.isNotBlank(ticket)) || (wasGatewayed)) {
        filterChain.doFilter(request, response);
        return;
      }

      this.log.debug("no ticket and no assertion found");
      if (this.gateway) {
        this.log.debug("setting gateway attribute in session");
        modifiedServiceUrl = this.gatewayStorage.storeGatewayInformation(request, serviceUrl);
      } else {
        modifiedServiceUrl = serviceUrl;
      }

      if (this.log.isDebugEnabled()) {
        this.log.debug("Constructed service url: " + modifiedServiceUrl);
      }

      String urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), modifiedServiceUrl, this.renew, this.gateway);

      if (this.log.isDebugEnabled()) {
        this.log.debug("redirecting to \"" + urlToRedirectTo + "\"");
      }

      response.sendRedirect(urlToRedirectTo);
    }

    public final void setRenew(boolean renew) {
      this.renew = renew;
    }

    public final void setGateway(boolean gateway) {
      this.gateway = gateway;
    }

    public final void setCasServerLoginUrl(String casServerLoginUrl) {
      this.casServerLoginUrl = casServerLoginUrl;
    }

    public final void setGatewayStorage(GatewayResolver gatewayStorage) {
      this.gatewayStorage = gatewayStorage;
    }

    public void setStrExcludeFile(String strExcludeFile) {
        this.strExcludeFile = strExcludeFile;
    }
}]


2.实现CasTicketValidationFilter extends AbstractTicketValidationFilter
同样实现filter,过滤掉url
//exclude file 
      this.log.debug("requestStr-->"+requestUri);
      PathMatcher matcher = new AntPathMatcher();
      if(arrExcludeFile != null){
          for(String excludePath : arrExcludeFile){
              boolean flag = matcher.match(excludePath, requestUri);
              if(!flag){
                  flag = requestUri.indexOf(excludePath) > 0;
              }
              if(flag){
                  this.log.debug("excludePath " + excludePath + " pass sso authentication in validationFilter");
                  filterChain.doFilter(request, response);
                  return false;
              }
          }
      }


3.配置web.xml
<!-- cas begin -->
	<filter> 
		<filter-name>CAS Authentication Filter</filter-name> 
		<filter-class>CASAuthenticationFilter</filter-class> 
	
		<init-param> 
			<param-name>casServerLoginUrl</param-name> 
			<param-value>http://localhost:8088/cas-web/login</param-value> 
		</init-param> 
		<init-param> 
			<param-name>renew</param-name> 
			<param-value>false</param-value> 
		</init-param> 
		<init-param> 
			<param-name>gateway</param-name> 
			<param-value>false</param-value> 
		</init-param> 
		<init-param> 
			<param-name>serverName</param-name> 
			<param-value>http://localhost:8090</param-value> 
		</init-param> 
		<init-param>
			<param-name>ExcludeFile</param-name>
			<param-value>ShowOrderDetail.jsp,OrderDtl.jsp</param-value>
		</init-param>
	</filter> 
 
	<filter> 
		<filter-name>CAS Validation Filter</filter-name> 
		<filter-class>CasTicketValidationFilter</filter-class> 
		<init-param> 
			<param-name>casServerUrlPrefix</param-name> 
			<param-value>http://localhost:8088/cas-web</param-value> 
		</init-param> 
		<init-param>
			<param-name>serverName</param-name> 
			<param-value>http://localhost:8090</param-value> 
		</init-param> 
		<init-param> 
			<param-name>useSession</param-name> 
			<param-value>true</param-value> 
		</init-param> 
		<init-param> 
			<param-name>redirectAfterValidation</param-name> 
			<param-value>true</param-value> 
		</init-param> 
		<init-param>
			<param-name>ExcludeFile</param-name>
			<param-value>ShowOrderDetail.jsp,OrderDtl.jsp</param-value>
		</init-param>
	</filter> 

你可能感兴趣的:(CAS实现过滤掉某些URL不走单点登录)