注:訪問和web.xml的配置中不要使用localhost或127.0.0.1,因爲cas服務器有時需要回調,如果寫的是localhost或127.0.0.1,將無法回調回來。
我的ip是10.10.10.12
PS: java客戶端下載地址:http://developer.jasig.org/cas-clients/
前置條件:
導入證書到jdk的證書庫。注意jdk證書庫的路徑和sso證書路徑:
證書相關生成過程請看文章:TODO
keytool -import -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -file D:/security/xxx-sso.crt -alias sso.xxx.com -storepass changeit1、創建好相應的maven web項目,我的是SsoClientDemo
2、添加cas-client的jar包
由於是用maven,直接在pom.xml中加入下面內容即可:
依賴cas 3.3.3
<dependencies>
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.3.3</version>
</dependency>
</dependencies>3、修改web.xml,加入下面的配置內容:
注:我的cas服務的url爲:https://sso.xxx.com:8443/xxx-cas-server
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://sso.xxx.com:8443/xxx-cas-server/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://10.10.10.12:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://sso.xxx.com:8443/xxx-cas-server</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://10.10.10.12:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> 4、新建一個Servlet,並在web.xml中進行配置
package com.xxx.sso.client.demo.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class HelloServlet extends HttpServlet {
private static final long serialVersionUID = 1634321560241660991L;
@Override
protected void service(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
resp.getWriter().append("This is Hello Servlet...");
}
}在web.xml配置servlet
<servlet>
<servlet-name>helloServlet</servlet-name>
<servlet-class>com.xxx.sso.client.demo.servlet.HelloServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>helloServlet</servlet-name>
<url-pattern>/helloServlet</url-pattern>
</servlet-mapping>5、部署項目並啓動tomcat,訪問helloServlet
在瀏覽器輸入:10.10.10.12:8080/SsoClientDemo/helloServlet
會自動跳轉到單點登陸服務器:
使用相應的賬號密碼登陸就好了。具體cas服務器配置請參考 TODO
6、接入的子系統獲取登陸的用戶名
從cas登陸回調回來之後,我們需要知道到底是誰登陸的,可以通過AttributePrincipal來獲取登陸的用戶名。
Assertion assertion = (Assertion) req.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
AttributePrincipal principal = assertion.getPrincipal();
String username = principal.getName();
System.out.println(username);
