首页 > 代码库 > cas_client之代理配置

cas_client之代理配置

本环境基于cas3.4.2进行配置,3个tomcat环境:单点登录tomcat、代理tomcat和被代理tomcat。目的是通过代理app1访问被代理app2,此配置完全根据源代码分析而来(因此基础好的直接读源代码研究更好)。

1、单点登录tomcat发布配置,网上有很多资料,不在赘述。

2、代理app配置:网上有说

AuthenticationFilter和Cas20ProxyReceivingTicketValidationFilter2个过滤器顺序需要调换,其实是错误的,把握好以下红色字体足以。

proxyCallback网上介绍的很草率,这里只需要在代理端新建一个servlet作为代理url即可,内部逻辑什么都不用做。
<!-- SSO配置 -->
<filter>
    <filter-name>CAS Authentication Filter</filter-name>
    <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
    <init-param>
        <param-name>casServerLoginUrl</param-name>
        <param-value>http://127.0.0.1:8081/tjsso/login</param-value>
    </init-param>
    <init-param>
        <param-name>serverName</param-name>
        <param-value>http://127.0.0.1:8080</param-value>
    </init-param>
</filter>

<filter>
    <filter-name>CAS Validation Filter</filter-name>
    <filter-class>
        org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
    </filter-class>
    <init-param>
        <param-name>casServerUrlPrefix</param-name>
        <param-value>http://127.0.0.1:8081/tjsso</param-value>
    </init-param>
    <init-param>
        <param-name>serverName</param-name>
        <param-value>http://127.0.0.1:8080</param-value>
    </init-param>
    <init-param>
        <param-name>useSession</param-name>
        <param-value>true</param-value>
    </init-param>
    <init-param>
        <param-name>redirectAfterValidation</param-name>
        <param-value>true</param-value>
    </init-param>
    
</filter>

<filter>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <filter-class>
        org.jasig.cas.client.util.HttpServletRequestWrapperFilter
    </filter-class>
</filter>
<filter>
    <filter-name>CAS Assertion Thread Local Filter</filter-name>
    <filter-class>
        org.jasig.cas.client.util.AssertionThreadLocalFilter
    </filter-class>
</filter>
<filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>/proxyCallback</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CAS Assertion Thread Local Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<!--web定义的代理回调-->

3、被代理app配置:

  <!-- SSO配置 -->
<filter>
  <filter-name>CAS Authentication Filter</filter-name>
  <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
  <init-param>
    <param-name>casServerLoginUrl</param-name>
    <param-value>http://127.0.0.1:8081/tjsso/login</param-value>
  </init-param>
  <init-param>
    <param-name>serverName</param-name>
    <param-value>http://127.0.0.1:8080</param-value>
  </init-param>
</filter>
<filter>
  <filter-name>CAS Validation Filter</filter-name>
  <filter-class>
    org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
  </filter-class>
  <init-param>
    <param-name>casServerUrlPrefix</param-name>
    <param-value>http://127.0.0.1:8081/tjsso</param-value>
  </init-param>
  <init-param>
    <param-name>serverName</param-name>
    <param-value>http://127.0.0.1:8080</param-value>
  </init-param>
  <init-param>
    <param-name>useSession</param-name>
    <param-value>true</param-value>
  </init-param>
  <init-param>
    <param-name>redirectAfterValidation</param-name>
    <param-value>true</param-value>
  </init-param>
  
</filter>
<filter>
  <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
  <filter-class>
    org.jasig.cas.client.util.HttpServletRequestWrapperFilter
  </filter-class>
</filter>
<filter>
  <filter-name>CAS Assertion Thread Local Filter</filter-name>
  <filter-class>
    org.jasig.cas.client.util.AssertionThreadLocalFilter
  </filter-class>
</filter>
<filter-mapping>
  <filter-name>CAS Authentication Filter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
  <filter-name>CAS Validation Filter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
  <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
  <filter-name>CAS Assertion Thread Local Filter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

4、实例验证,在代理端新建一个servlet,我这里就是上述配置的

casProxyTest

源码如下:

com.supermap.proxy;

org.jasig.cas.client.authentication.AttributePrincipal;
org.jasig.cas.client.util.AssertionHolder;

javax.servlet.ServletException;
javax.servlet.http.HttpServlet;
javax.servlet.http.HttpServletRequest;
javax.servlet.http.HttpServletResponse;
java.io.BufferedReader;
java.io.IOException;
java.io.InputStreamReader;
java.io.OutputStream;
java.net.HttpURLConnection;
java.net.URL;
java.net.URLEncoder;

CasProxyTestServlet HttpServlet {
    doGet(HttpServletRequest req, HttpServletResponse resp)
            ServletException, IOException {
        (req, resp);
    }

    (HttpServletRequest req, HttpServletResponse resp)
            ServletException, IOException {
        AttributePrincipal principal = AssertionHolder.().getPrincipal();
        String proxyTicket = principal.getProxyTicketFor();
        URL url = URL(+ URLEncoder.(proxyTicket, ));
        HttpURLConnection conn = (HttpURLConnection)url.openConnection();
        conn.setDoOutput();
        conn.setDoInput();
        OutputStream out = conn.getOutputStream();
        out.write((+URLEncoder.(proxyTicket, )).getBytes());
        out.flush();
        out.close();
        BufferedReader br = BufferedReader(InputStreamReader(conn.getInputStream(), ));
        StringBuffer content = StringBuffer();
        String line = ;
        ((line=br.readLine()) != ) {
            content.append(line).append();
        }
        resp.getWriter().write(content.toString());
    }
}

总结:其中的原理在网上有很多资料介绍,最主要还是需要个人去研读源代码,把握核心。

本文出自 “12664863” 博客,请务必保留此出处http://12674863.blog.51cto.com/12664863/1904901

cas_client之代理配置