Java Web应用CAS Client端的配置详解
CAS是SSO常用的开源解决方案,可以适用多种语言实现的Web应用。下面结合本人的实际操作,详细说明下Java应用CAS Client配置。首先,说明下配置环境:
1. CAS Server 3.4.5,跑在tomcat 7上。
2. CAS Client Java SSH应用(Struts 2.3.4.1、Spring 3.0.5、Hibernate 3.3.2,如应用使用了特定安全框架如Spring Security,且集成了CAS Client,可直接使用其提供的配置方法), web应用也跑在tomcat 7上,
配置步骤:
1.添加cas-client-core-3.1.10-sources.jar,如使用mvn,pom.xml中添加
[html]
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.1.10</version>
<exclusions>
<exclusion>
<artifactId>servlet-api</artifactId>
<groupId>javax.servlet</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.1.10</version>
<exclusions>
<exclusion>
<artifactId>servlet-api</artifactId>
<groupId>javax.servlet</groupId>
</exclusion>
</exclusions>
</dependency>
2. web.xml中添加:
[html]
<!-- 与CAS Single Sign Out Filter配合,注销登录信息 -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- CAS Server 通知 CAS Client,删除session,注销登录信息 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 登录认证,未登录用户导向CAS Server进行认证 -->
<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://www.cas.com/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://api.zfwx.com:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- CAS Client向CAS Server进行ticket验证 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://www.cas.com/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://api.zfwx.com:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 封装request, 支持getUserPrincipal等方法-->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 存放Assertion到ThreadLocal中 -->
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.
补充:Web开发 , 其他 ,
