需要登录验证的所有应用都通过在web.xml里面配置filter:
有需要jar包cas-client-core-3.3.3.jar及log相关的jar包
以下filter的配置顺序是固定的不能改变
- AuthenticationFilter
- TicketValidationFilter
- HttpServletRequestWrapperFilter
- AssertionThreadLocalFilter
用户验证
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://localhost:8443/casweb/login</param-value>(这个local必须与前面证书配置的CN的名字一样)
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://yourAppurl:port/</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
ticket验证
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:8443/casweb</param-value>(同上)
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://yourAPPurl:port/</param-value>(如http:www.baidu.com:8080)
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Wraps an HttpServletRequest so that the getRemoteUser and getPrincipal return the CAS related entries. -->
<filter>
下面两个filter包装后用以通过request来获取用户信息比如获取用户名可以通过request.getUserPrincipal().getName();
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>