一直不喜欢说太多东西,直接上代码。
主要是以下几个步骤:
1、项目加入cas-client-core-3.2.1.jar到lib中
2、导入证书(此步骤根据项目判断是否需要操作)
3、配置web.xml
4、编写客户端代码(filter,servlet,....)
5、进行验证
1、项目加入cas-client-core-3.2.1.jar到lib中
http://download.csdn.net/download/qq741437836/9740128 (不用积分)
2、导入证书(此步骤根据项目判断是否需要操作)
将cacerts文件导入JDK目录(C:\ProgramFiles\Java\jdk1.7.0_67\jre\lib\security)建议直接替换即可。
3、配置web.xml
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>服务端地址(https://login.xxxx.cn/cas)</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://你的项目地址(http://ip:port)</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>服务端地址(https://login.xxxx.cn/cas)</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://你的项目地址(http://ip:port)</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
特别要注意的地方就是写 你项目地址的地方 是你web工程的Ip加端口,不需要前后文。
下面的filter-mapping根据你项目实际情况进行配置。
4、编写客户端代码
@Override
public boolean service(Request request, Response response, RequestHandler handler)
throws IOException {
//http://ip:port/web/cas
if (request.getPath().equals("/cas")){
try {
Cookie[] cookies = httpServletRequest.getCookies();
String loginCookie = null;
if (null != cookies) {
for (Cookie cookie : cookies) {
if ("k".equals(cookie.getName())) {
loginCookie = cookie.getValue();
break;
}
}
}
if(loginCookie == null){
Assertion assertion = AssertionHolder.getAssertion();
String userNo = assertion.getPrincipal().getName();//cas认证登录用户(邮箱前缀)
if(!StringUtil.isEmpty(userNo)){
doLogin(userNo);//根据cas返回值进行授权操作
return true;
}else{
response.sendRedirect(request.getContextPath() + "/logout");
return true;
}
}else{
enter();
return true;
}
} catch (Exception e) {
e.printStackTrace();
response.sendRedirect(request.getContextPath() + "/logout");
return true;
}
}else{
if(request.getPath().equals("/")){
response.sendRedirect(request.getContextPath() + "/logout");
return true;
}else{
return handler.service(request, response);
}
}
}
private void doLogin(String userNo) throws IOException {
String remoteAddr = httpServletRequest.getHeader("X-Real-IP") == null ? httpServletRequest.getRemoteAddr()
: httpServletRequest.getHeader("X-Real-IP");
LoginResult rm = xxxx.loginByCasSrv(userNo, remoteAddr, "ZHS");
if (rm != null && "success".equals(rm.getResultMsg())) {
Cookie cookie = new Cookie("k", rm.getPermitCode());
cookie.setHttpOnly(true);
cookie.setPath(httpServletRequest.getContextPath() + "/");
cookie.setMaxAge(-1);
cookie.setSecure(httpServletRequest.isSecure());
httpServletResponse.addCookie(cookie);
enter();
} else {
String toast = null;
if ("user_invalidate".equals(rm.getResultMsg())) {
toast = "用户冻结";
} else if ("tenant_invalidate".equals(rm.getResultMsg())) {
toast = "用户不存在";
} else if ("uid_duplicate".equals(rm.getResultMsg())) {
toast = "用户不存在";
}
else {
toast = "密码错误";
}
httpServletResponse.getWriter().append(toast);
}
}
/**
* 进入系统页面,根据url参数判断是进入什么页面
*
* @throws IOException
*/
private void enter() throws IOException {
String target = httpServletRequest.getParameter("target");
String id = httpServletRequest.getParameter("id");
if (target != null && !target.isEmpty()) {
String url = null;
if (target.equals("xxxx")) {
url = httpServletRequest.getContextPath() + "/home/xxxx/" + id;
} else if (target.equals("yyyy")) {
url = httpServletRequest.getContextPath() + "/home/yyyy/" + id;
}
httpServletResponse.sendRedirect(url);
} else {
httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/home");
}
}
人比较懒,直接复制已经完成好的代码,前后cookie是我项目需要的东西,你可以根据你实际项目来进行编写。
比较完整,稍作修改就可使用。
5、进行验证
去百度。