cas_client之代理配置
本环境基于cas3.4.2进行配置,3个tomcat环境:单点登录tomcat、代理tomcat和被代理tomcat。目的是通过代理app1访问被代理app2,此配置完全根据源代码分析而来(因此基础好的直接读源代码研究更好)。
1、单点登录tomcat发布配置,网上有很多资料,不在赘述。
2、代理app配置:网上有说
AuthenticationFilter和Cas20ProxyReceivingTicketValidationFilter2个过滤器顺序需要调换,其实是错误的,把握好以下红色字体足以。proxyCallback网上介绍的很草率,这里只需要在代理端新建一个servlet作为代理url即可,内部逻辑什么都不用做。
<!--SSO配置--><filter><filter-name>CASAuthenticationFilter</filter-name><filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class><init-param><param-name>casServerLoginUrl</param-name><param-value>http://127.0.0.1:8081/tjsso/login</param-value></init-param><init-param><param-name>serverName</param-name><param-value>http://127.0.0.1:8080</param-value></init-param></filter><filter><filter-name>CASValidationFilter</filter-name><filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class><init-param><param-name>casServerUrlPrefix</param-name><param-value>http://127.0.0.1:8081/tjsso</param-value></init-param><init-param><param-name>serverName</param-name><param-value>http://127.0.0.1:8080</param-value></init-param><init-param><param-name>useSession</param-name><param-value>true</param-value></init-param><init-param><param-name>redirectAfterValidation</param-name><param-value>true</param-value></init-param></filter><filter><filter-name>CASHttpServletRequestWrapperFilter</filter-name><filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class></filter><filter><filter-name>CASAssertionThreadLocalFilter</filter-name><filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class></filter><filter-mapping><filter-name>CASValidationFilter</filter-name><url-pattern>/proxyCallback</url-pattern></filter-mapping><filter-mapping><filter-name>CASAuthenticationFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CASValidationFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CASHttpServletRequestWrapperFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CASAssertionThreadLocalFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><!--web定义的代理回调-->
3、被代理app配置:
<!--SSO配置--><filter><filter-name>CASAuthenticationFilter</filter-name><filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class><init-param><param-name>casServerLoginUrl</param-name><param-value>http://127.0.0.1:8081/tjsso/login</param-value></init-param><init-param><param-name>serverName</param-name><param-value>http://127.0.0.1:8080</param-value></init-param></filter><filter><filter-name>CASValidationFilter</filter-name><filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class><init-param><param-name>casServerUrlPrefix</param-name><param-value>http://127.0.0.1:8081/tjsso</param-value></init-param><init-param><param-name>serverName</param-name><param-value>http://127.0.0.1:8080</param-value></init-param><init-param><param-name>useSession</param-name><param-value>true</param-value></init-param><init-param><param-name>redirectAfterValidation</param-name><param-value>true</param-value></init-param></filter><filter><filter-name>CASHttpServletRequestWrapperFilter</filter-name><filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class></filter><filter><filter-name>CASAssertionThreadLocalFilter</filter-name><filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class></filter><filter-mapping><filter-name>CASAuthenticationFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CASValidationFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CASHttpServletRequestWrapperFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CASAssertionThreadLocalFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
4、实例验证,在代理端新建一个servlet,我这里就是上述配置的
casProxyTest
源码如下:
com.supermap.proxy;org.jasig.cas.client.authentication.AttributePrincipal;org.jasig.cas.client.util.AssertionHolder;javax.servlet.ServletException;javax.servlet.http.HttpServlet;javax.servlet.http.HttpServletRequest;javax.servlet.http.HttpServletResponse;java.io.BufferedReader;java.io.IOException;java.io.InputStreamReader;java.io.OutputStream;java.net.HttpURLConnection;java.net.URL;java.net.URLEncoder;CasProxyTestServletHttpServlet{doGet(HttpServletRequestreq,HttpServletResponseresp)ServletException,IOException{(req,resp);}(HttpServletRequestreq,HttpServletResponseresp)ServletException,IOException{AttributePrincipalprincipal=AssertionHolder.().getPrincipal();StringproxyTicket=principal.getProxyTicketFor();URLurl=URL(+URLEncoder.(proxyTicket,));HttpURLConnectionconn=(HttpURLConnection)url.openConnection();conn.setDoOutput();conn.setDoInput();OutputStreamout=conn.getOutputStream();out.write((+URLEncoder.(proxyTicket,)).getBytes());out.flush();out.close();BufferedReaderbr=BufferedReader(InputStreamReader(conn.getInputStream(),));StringBuffercontent=StringBuffer();Stringline=;((line=br.readLine())!=){content.append(line).append();}resp.getWriter().write(content.toString());}}
总结:其中的原理在网上有很多资料介绍,最主要还是需要个人去研读源代码,把握核心。
声明:本站所有文章资源内容,如无特殊说明或标注,均为采集网络资源。如若本站内容侵犯了原著者的合法权益,可联系本站删除。
