CAS单点登录学习(二):客户端配置
- 下载jar包
因为cas的源码修改变动很大,所以客户端引入的jar包根据服务端的war包而定。之前搭建的cas服务端用的版本是3.5.2,经过测试,可以使用cas-client-core的3.2.1版本。使用maven添加依赖
1 <!-- https://mvnrepository.com/artifact/org.jasig.cas.client/cas-client-core --> 2 <dependency> 3 <groupId>org.jasig.cas.client</groupId> 4 <artifactId>cas-client-core</artifactId> 5 <version>3.2.1</version> 6 </dependency>
不用maven的话可以用上面的地址去手动下载jar包。
- web.xml配置
引入jar包后,只要在客户端的web.xml里配置相应的过滤器即可。根据添加的过滤器的位置顺序一一介绍:
2.1 Cas20ProxyReceivingTicketValidationFilter(必需)
该过滤器负责对ticket的校验工作,这个过滤器要放在第一个位置。casServerUrlPrefix:cas服务器访问地址,serverName:客户端域名和端口。这里也可以配置成ip,但是最好还是配置成域名。
还有就是cas服务端我取消了https,这里路径注意一下。
1 <!-- 该过滤器配置负责对Ticket的校验工作--> 2 <filter> 3 <filter-name>CAS Validation Filter</filter-name> 4 <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> 5 <init-param> 6 <param-name>casServerUrlPrefix</param-name> 7 <param-value>http://www.mycas.com:8088/cas-server-webapp-3.5.2</param-value> 8 </init-param> 9 <init-param> 10 <param-name>serverName</param-name> 11 <param-value>http://127.0.0.1:80/</param-value> 12 </init-param> 13 <init-param> 14 <param-name>renew</param-name> 15 <param-value>false</param-value> 16 </init-param> 17 <init-param> 18 <param-name>gateway</param-name> 19 <param-value>false</param-value> 20 </init-param> 21 <init-param> 22 <param-name>encoding</param-name> 23 <param-value>UTF-8</param-value> 24 </init-param> 25 </filter> 26 <filter-mapping> 27 <filter-name>CAS Validation Filter</filter-name> 28 <url-pattern>/*</url-pattern> 29 </filter-mapping>
2.2 AuthenticationFilter(必需)
该过滤器负责用户的认证工作,casServerLoginUrl:cas服务端登录地址(注意这里比上面的多了'/login'),serverName:同上1 <!--该过滤器负责用户的认证工作--> 2 <filter> 3 <filter-name>CASFilter</filter-name> 4 <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> 5 <init-param> 6 <param-name>casServerLoginUrl</param-name> 7 <param-value>http://www.mycas.com:8088/cas-server-webapp-3.5.2/login</param-value> 8 </init-param> 9 <init-param> 10 <param-name>serverName</param-name> 11 <param-value>http://127.0.0.1:80/</param-value> 12 </init-param> 13 </filter> 14 <filter-mapping> 15 <filter-name>CASFilter</filter-name> 16 <url-pattern>/*</url-pattern> 17 </filter-mapping>
2.3 HttpServletRequestWrapperFilter (可选)与 AssertionThreadLocalFilter(可选)
1 <!--HttpServletRequestWrapperFilter--> 2 <filter> 3 <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> 4 <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> 5 </filter> 6 <filter-mapping> 7 <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> 8 <url-pattern>/*</url-pattern> 9 </filter-mapping> 10 11 <!--AssertionThreadLocalFilter--> 12 <filter> 13 <filter-name>CAS Assertion Thread Local Filter</filter-name> 14 <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> 15 </filter> 16 <filter-mapping> 17 <filter-name>CAS Assertion Thread Local Filter</filter-name> 18 <url-pattern>/*</url-pattern> 19 </filter-mapping>
这2个过滤器的功能是一样的,所以放到一起来讲,当我们登录成功后,需要获取登录的用户信息(只能获取到用户名),就需要配置上面2个过滤器的其中一个。获取方式如下:
HttpServletRequestWrapperFilter :1 HttpServletRequest request2 = (HttpServletRequest) request; 2 // 从Cas服务器获取登录账户的用户名(2种方式) 3 String username1 = request2.getUserPrincipal().toString(); 4 String username2 = request2.getRemoteUser();
AssertionThreadLocalFilter:
1 Assertion assertion = AssertionHolder.getAssertion(); 2 String username3 = assertion.getPrincipal().getName();
- 到这里客户端的配置就完成了~~