注:访问和web.xml的配置中不要使用localhost或127.0.0.1,因为cas服务器有时需要回调,如果写的是localhost或127.0.0.1,将无法回调回来。
我的ip是10.10.10.12
PS: java客户端下载地址:http://developer.jasig.org/cas-clients/
前置条件:
导入证书到jdk的证书库。注意jdk证书库的路径和sso证书路径:
证书相关生成过程请看文章:TODO
keytool -import -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -file D:/security/xxx-sso.crt -alias sso.xxx.com -storepass changeit
1、创建好相应的maven web项目,我的是SsoClientDemo
2、添加cas-client的jar包
由于是用maven,直接在pom.xml中加入下面内容即可:
依赖cas 3.3.3
<dependencies>
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.3.3</version>
</dependency>
</dependencies>
3、修改web.xml,加入下面的配置内容:
注:我的cas服务的url为:https://sso.xxx.com:8443/xxx-cas-server
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://sso.xxx.com:8443/xxx-cas-server/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://10.10.10.12:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://sso.xxx.com:8443/xxx-cas-server</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://10.10.10.12:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
4、新建一个Servlet,并在web.xml中进行配置
package com.xxx.sso.client.demo.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class HelloServlet extends HttpServlet {
private static final long serialVersionUID = 1634321560241660991L;
@Override
protected void service(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
resp.getWriter().append("This is Hello Servlet...");
}
}
在web.xml配置servlet
<servlet>
<servlet-name>helloServlet</servlet-name>
<servlet-class>com.xxx.sso.client.demo.servlet.HelloServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>helloServlet</servlet-name>
<url-pattern>/helloServlet</url-pattern>
</servlet-mapping>
5、部署项目并启动tomcat,访问helloServlet
在浏览器输入:10.10.10.12:8080/SsoClientDemo/helloServlet
会自动跳转到单点登陆服务器:
使用相应的账号密码登陆就好了。具体cas服务器配置请参考 TODO
6、接入的子系统获取登陆的用户名
从cas登陆回调回来之后,我们需要知道到底是谁登陆的,可以通过AttributePrincipal来获取登陆的用户名。
Assertion assertion = (Assertion) req.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
AttributePrincipal principal = assertion.getPrincipal();
String username = principal.getName();
System.out.println(username);