本環境基於cas3.4.2進行配置,3個tomcat環境:單點登錄tomcat、代理tomcat和被代理tomcat。目的是通過代理app1訪問被代理app2,此配置完全根據源代碼分析而來(因此基礎好的直接讀源代碼研究更好)。
1、單點登錄tomcat發佈配置,網上有很多資料,不在贅述。
2、代理app配置:網上有說
AuthenticationFilter和Cas20ProxyReceivingTicketValidationFilter2個過濾器順序需要調換,其實是錯誤的,把握好以下紅色字體足以。 proxyCallback網上介紹的很草率,這裏只需要在代理端新建一個servlet作爲代理url即可,內部邏輯什麼都不用做。
CAS Authentication Filter org.jasig.cas.client.authentication.AuthenticationFilter casServerLoginUrl http://127.0.0.1:8081/tjsso/login serverName http://127.0.0.1:8080 CAS Validation Filter org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter casServerUrlPrefix http://127.0.0.1:8081/tjsso serverName http://127.0.0.1:8080 useSession true redirectAfterValidation true CAS HttpServletRequest Wrapper Filter org.jasig.cas.client.util.HttpServletRequestWrapperFilter CAS Assertion Thread Local Filter org.jasig.cas.client.util.AssertionThreadLocalFilter CAS Authentication Filter /* CAS Validation Filter /* CAS HttpServletRequest Wrapper Filter /* CAS Assertion Thread Local Filter /* casProxyTest com.supermap.proxy.CasProxyTestServlet casProxyTest /casProxyTest
3、被代理app配置:
CAS Authentication Filter org.jasig.cas.client.authentication.AuthenticationFilter casServerLoginUrl http://127.0.0.1:8081/tjsso/login serverName http://127.0.0.1:8080 CAS Validation Filter org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter casServerUrlPrefix http://127.0.0.1:8081/tjsso serverName http://127.0.0.1:8080 useSession true redirectAfterValidation true CAS HttpServletRequest Wrapper Filter org.jasig.cas.client.util.HttpServletRequestWrapperFilter CAS Assertion Thread Local Filter org.jasig.cas.client.util.AssertionThreadLocalFilter CAS Authentication Filter /* CAS Validation Filter /* CAS HttpServletRequest Wrapper Filter /* CAS Assertion Thread Local Filter /*
4、實例驗證,在代理端新建一個servlet,我這裏就是上述配置的
casProxyTest
源碼如下:
com.supermap.proxy; org.jasig.cas.client.authentication.AttributePrincipal; org.jasig.cas.client.util.AssertionHolder; javax.servlet.ServletException; javax.servlet.http.HttpServlet; javax.servlet.http.HttpServletRequest; javax.servlet.http.HttpServletResponse; java.io.BufferedReader; java.io.IOException; java.io.InputStreamReader; java.io.OutputStream; java.net.HttpURLConnection; java.net.URL; java.net.URLEncoder; CasProxyTestServlet HttpServlet { doGet(HttpServletRequest req, HttpServletResponse resp) ServletException, IOException { (req, resp); } (HttpServletRequest req, HttpServletResponse resp) ServletException, IOException { AttributePrincipal principal = AssertionHolder.().getPrincipal(); String proxyTicket = principal.getProxyTicketFor(); URL url = URL(+ URLEncoder.(proxyTicket, )); HttpURLConnection conn = (HttpURLConnection)url.openConnection(); conn.setDoOutput(); conn.setDoInput(); OutputStream out = conn.getOutputStream(); out.write((+URLEncoder.(proxyTicket, )).getBytes()); out.flush(); out.close(); BufferedReader br = BufferedReader(InputStreamReader(conn.getInputStream(), )); StringBuffer content = StringBuffer(); String line = ; ((line=br.readLine()) != ) { content.append(line).append(); } resp.getWriter().write(content.toString()); } }
總結:其中的原理在網上有很多資料介紹,最主要還是需要個人去研讀源代碼,把握核心。