一般註銷是跳到原項目的登錄頁面,所以我們需要對CAS做如下配置:
1. 修改服務端cas-servlet.xml配置(apache-tomcat-7.0.40\cas\ROOT\WEB-INF),找到
<bean id="logoutController" class="org.jasig.cas.web.LogoutController" />
增加屬性 p:followServiceRedirects="true"
2.修改客戶端,sso1,sso2 index.jsp文件將原來的單點登出的URL修改成:
Sso1:http://jeesz.cn:8080/logout?service=http://www.sso1.com:8080
Sso2:http://jeesz.cn:8080/logout?service=http://www.sso2.com:8080
重啓Tomcat,測試正常。
第六節:多項目集成單點登錄配置
第一步:單點登錄系統與其他項目集成
在WEB 項目中的WEB-INF目錄下的web.xml文件,添加以下配置.
<!--SSO客戶端配置 用於單點退出,該過濾器用於實現單點登出功能,可選配置 -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- 該過濾器用於實現單點登出功能,可選配置。 -->
<filter>
<filter-name>SingleSignOutFilter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SingleSignOutFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 該過濾器負責對Ticket的校驗工作,必須啓用它 -->
<filter>
<filter-name>CASValidationFilter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://jeesz.cn:8443/cas</param-value>;
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://www.sso3.com:6060</param-value> ; <!—客戶端URL地址-->
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>exceptionOnValidationFailure</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 該過濾器負責用戶的認證工作,必須啓用它 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://jeesz.cn:8443/cas/login</param-value>;
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http:// www.sso3.com:6060</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 允許通過HttpServletRequest的getRemoteUser()方法獲得SSO登錄用戶的登錄名,可選配置。 -->
<filter>
<filter-name>CASHttpServletRequestWrapperFilter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CASHttpServletRequestWrapperFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 該過濾器可以通過org.jasig.cas.client.util.AssertionHolder來獲取用戶的登錄名。 比如AssertionHolder.getAssertion().getPrincipal().getName()。 -->
<filter>
<filter-name>CASAssertionThreadLocalFilter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CASAssertionThreadLocalFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 攔截成功登錄SSO系統之後返回的數據並做相關處理. -->
<filter>
<filter-name>SSO4InvokeContextFilter</filter-name>
<filter-class>com.common.web.filter.SSO4InvokeContextFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SSO4InvokeContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
當sso驗證完成之後,客戶端系統需要接收sso系統返回的結果時,需要定義一個過濾器獲取返回結果,然後針對返回結果做相關處理.
注意:如果不需要做處理時,此處Filter也可以不用定義.
package com.common.web.filter;
import java.io.IOException;
import java.util.Date;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jasig.cas.client.util.AssertionHolder;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import com.common.base.pbi.CommonConstants;
import com.common.base.util.DateUtil;
import com.common.base.util.IDUtil;
import com.common.base.util.IPUtil;
import com.common.base.util.UserUtil;
import com.common.core.busi.historylogin.manager.HistoryLoginManager;
import com.common.core.busi.login.manager.LoginManager;
import com.common.entity.common.AbstractEntity;
import com.common.entity.historylogin.HistoryLoginEntity;
import com.common.entity.user.UserEntity;
/**
* 當成功登錄SSO系統時將會返回登錄的userid根據此userid建立session會話;
* @ClassName: SessionFilter
* @Description: TODO(這裏用一句話描述這個類的作用)
* @author jeesz
* @date 2015-10-01
*
*/
public class SSO4InvokeContextFilter implements Filter{
private final static Log log = LogFactory.getLog(SSO4InvokeContextFilter.class);
private WebApplicationContext applicationContext;
public SSO4InvokeContextFilter() {
super();
}
/**
* 過濾器註銷時,觸發此方法;
*/
public void destroy() {
//暫時不做任何處理;
}
/**
* 根據用戶id獲取用戶信息並且把用戶信息放入session會話中;
* @Title : doFilter
* @Description: TODO(這裏用一句話描述這個方法的作用)
* @Params
* @throws
*/
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)res;
HttpSession session = request.getSession();
//從session中獲取登陸用戶;
Object userObject = session.getAttribute(CommonConstants.USER_INFO_SESSION);
if(userObject == null){
//獲取用戶名;
String userName = AssertionHolder.getAssertion().getPrincipal().getName();
LoginManager loginManager = applicationContext.getBean(LoginManager.class);
UserEntity userEntity = loginManager.loginByUserName(userName);
session.setAttribute(CommonConstants.USER_INFO_SESSION,userEntity);
session.setAttribute(CommonConstants.IS_SYSTEM_ADMIN,userEntity.getUserType()==1?true:false);
UserUtil.setLoginUserInfo(userEntity);
//根據用戶名查詢出用戶信息,並放入session中;
log.info("UserName:["+userName +"]登陸成功,客戶端IP地址爲["+IPUtil.getIpAddr(request)+"],登陸時間爲["+DateUtil.dateToString(new Date())+"]");
//添加登錄記錄;
HistoryLoginEntity historyLoginEntity = new HistoryLoginEntity();
historyLoginEntity.setUserId(userName);
historyLoginEntity.setHid(IDUtil.generateId());
historyLoginEntity.setLoginCount("1");
setCommonValue(request,historyLoginEntity);
boolean hlBol = applicationContext.getBean(HistoryLoginManager.class).addLoginRecord(historyLoginEntity);
log.debug("登錄歷史記錄["+(hlBol?"成功":"失敗")+"].");
}
chain.doFilter(request, response);
}
/**
* 設置公共屬性;
* @Title: setCommonValue
* @Description: TODO(這裏用一句話描述這個方法的作用)
* @throws
*/
private void setCommonValue(HttpServletRequest request,AbstractEntity entity){
if(request != null){
//獲取當前對象;
UserEntity userEntity = (UserEntity) request.getSession().getAttribute(CommonConstants.USER_INFO_SESSION);
if(entity !=null){
String currUser = userEntity.getUserId();
//設置創建人、創建日期、修改人、修改時間
entity.setCreatedBy(currUser);
entity.setModifiedBy(currUser);
entity.setCreationDate(DateUtil.getNowDate());
entity.setModifiedDate(DateUtil.getNowDate());
}
}
}
/**
* 初始化Spring上下文;
*/
@Override
public void init(FilterConfig filterConfig) throws ServletException {
WebApplicationContext applicationContext = WebApplicationContextUtils.getWebApplicationContext(filterConfig.getServletContext());
this.applicationContext = applicationContext;
}
}
喜歡學習的朋友可以收藏,歡迎大家一起分享交流,本文更多源碼來源:http://minglisoft.cn/technology