cas单点登录客户端说明文档

JavaWeb应用CASClient端的配置详解配置环境：CASServer4.0已部署，跑在tomcat7上。部署在/cas上（本地hosts文件配置域名）。CASClientweb应用也跑在tomcat7上，部署在/app（本地hosts文件配置域名）。以下是各种web应用集成CAS的处理信息：//=========没有使用特定安全框架如shiro的情况==========配置步骤：1）.添力口cas-client-core-3.1.10-sources.jar,如使用mvn，pom.xml中添力口vdependency>vgroupId>org.jasig.casv/groupId>vartifactId>cas-client-corev/artifactId>vversion>3.1.10v/version>vexclusions>vexclusion>vartifactId>servlet-apiv/artifactId>vgroupId>javax.servletv/groupId></exclusion></exclusions></dependency>2).web.xml中添加：<!--与CASSingleSignOutFilter配合，注销登录信息--><listener>vlistener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListenerv/listener-class></listener><!--CASServer通知CASClient，删除session,注销登录信息--><filter><filter-name>CASSingleSignOutFilterv/filter-name>vfilter-class>org.jasig.cas.client.session.SingleSignOutFilterv/filter-class></filter>vfilter-mapping>vfilter-name>CASSingleSignOutFilterv/filter-name>vurl-pattern>/*v/url-pattern></filter-mapping><!--登录认证，未登录用户导向CASServer进行认证--><filter>vfilter-name>CASFilterv/filter-name>vfilter-class>org.jasig.cas.client.authentication.AuthenticationFilterv/filter-class><init-param>vparam-name>casServerLoginUrlv/param-name>vparam-value>/cas/loginv/param-value></init-param><init-param>vparam-name>serverNamev/param-name>vparam-value>v/param-value></init-param></filter><filter-mapping>vfilter-name>CASFilterv/filter-name>vurl-pattern>/*v/url-pattern></filter-mapping><!--CASClient向CASServer进行ticket验证--><filter>vfilter-name>CASValidationFilterv/filter-name><filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class><init-param>vparam-name>casServerUrlPrefixv/param-name>vparam-value>/casv/param-value></init-param><init-param>vparam-name>serverNamev/param-name>vparam-value>v/param-value></init-param></filter><filter-mapping>vfilter-name>CASValidationFilterv/filter-name>vurl-pattern>/*v/url-pattern></filter-mapping><!--封装request,支持getUserPrincipal等方法-->vfilter>vfilter-name>CASHttpServletRequestWrapperFilterv/filter-name>vfilter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilterv/filter-class></filter><filter-mapping><filter-name>CASHttpServletRequestWrapperFilter</filter-name>vurl-pattern>/*v/url-pattern></filter-mapping><!--存放Assertion到ThreadLocal中--><filter><filter-name>CASAssertionThreadLocalFilterv/filter-name>vfilter-class>org.jasig.cas.client.util.AssertionThreadLocalFilterv/filter-class></filter><filter-mapping><filter-name>CASAssertionThreadLocalFilterv/filter-name><url-pattern>/*</url-pattern></filter-mapping>3).编写个简单的测试页面test.jsp进行测试。v%@pageimport="org.jasig.cas.client.authentication.AttributePrincipal"%><html><head><title>castest</title></head><body><%AttributePrincipalprincipal=(AttributePrincipal)request.getUserPrincipal();Stringusername=principal.getName();%><%if(null!=username){%><h2>Hello<%=username%>!</h2><ahref="/cas/logout">logoutv/a><%}%></body></html>//=========使用特定安全框架如shiro的情况==========1).添加jar包，如使用mvn,pom.xml中添加配置步骤:〈dependency〉<groupId>org.apache.shiro</groupId><artifactId>shiro-cas</artifactId><version>1.2.1</version>〈/dependency〉2)自定义realm：publicclassShiroDbRealmextendsCasRealm{privateLoggerlog=Logger.getLogger(ShiroDbRealm.class);@OverrideprotectedAuthorizationInfodoGetAuthorizationInfo(PrincipalCollectionprincipals){try{System.out.println(”授权”)；Stringusername=(String)principals.getPrimaryPrincipal();("casrealmusername:"+username);SimpleAuthorizationInfoauthor=newSimpleAuthorizationInfo();author.addRole("cas_user");returnauthor;}catch(Exceptione){e.printStackTrace();}returnnull;publicstaticclassShiroUserimplementsSerializable{privatestaticfinallongserialVersionUID=-3041131129273959698L;publiclongid;publicStringname;publiclongtype;publicStringaccount;}protectedTicketValidatorcreateTicketValidator(){StringurlPrefix=getCasServerUrlPrefix();if("saml".equalsIgnoreCase(getValidationProtocol())){returnnewSaml11TicketValidator(urlPrefix);}Cas20ServiceTicketValidatorvalidator=newCas20ServiceTicketValidator(urlPrefix);validator.setEncoding("utf-8");returnvalidator;}}3)applicationContext-shiro.xml内容<beanid="shiroFilter"class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"><propertyname="securityManager"ref="securityManager"/><!--设定角色的登录链接，这里为cas登录页面的链接可配置回调地址-->vpropertyname="loginUrl"value="/cas/login?service=/app/login"/>vpropertyname="filters"><map>Ventrykey="casFilter"value-ref="casFilter"/>Ventrykey="authc"value-ref="formAuthenticationFilter"x/entry></map></property>Vpropertyname="filterChainDefinitions"><value>/login=casFilter/logout=logout/register=anon/error=anon/resources/**=anon/api/**=anon/**=authc</value></property></bean>vbeanid="casFilter"class="org.apache.shiro.cas.CasFilter">Vpropertyname="successUrl"value="/index"/>Vpropertyname="failureUrl"value="/error"/></bean>Vbeanid="formAuthenticationFilter"class="org.apache.shiro.web.filter.authc.FormAuthenticationFilter"/>vbeanid="logout"class="org.apache.shiro.web.filter.authc.LogoutFilter">vpropertyname="redirectUrl"value="/cas/logout?service=/app/login"/></bean><beanid="shiroDbRealm"class="com.alphabeta.service.cas.ShiroDbRealm"><!--一定是ip+port+contextpath-->vpropertyname="casServerUrlPrefix"value="/cas"/><!--没有这句，认证不会通过，casfilter失败-->vpropertyname="casService"value="/app/login"/>v/bean>vbeanid="securityManager"class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">vpropertyname="realm"ref="shiroDbRealm"/>vpropertyname="subjectFactory"ref="casSubjectFactory"/>v/bean>vbeanid="casSubjectFactory"class="org.apache.shiro.cas.CasSubjectFactory"/>vbeanid="