LAMS 单点登陆 - CAS篇
一、前言
1. 本文所使用CAS 客户端jar版本cas-client-core-3.1.1.jar。
2. 基于 LAMS 自带的directAutoLoginPost方法。
二、部署简介
1. CAS证书导入
2. Web.xml文件配置
3. AutoSetUserAdapterFilter配置
4. casLogin.jsp配置
5. cas-client-core-3.1.1.jar
三、部署说明
1. CAS证书导入CAS客户端jdk的jre下:(证书由cas服务端提供)
Keytool-import -keystore C:\Java\jdk1.7.0_71\jre\lib\security\cacerts -file D:/cas+sso/keys/wsria3.crt -alias wsria3
输入keystore密码:changeit
信任这个认证? [否]:y
认证已添加至keystore中
2. Web.xml文件配置:(单点登录过滤器配置放其他配置之前)
<!--用于单点退出,该过滤器用于实现单点登出功能,可选配置-->
<listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <!-- 该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--该过滤器负责用户的认证工作,必须启用它 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>
https://sso.wsria.com:8443/cas/login</param-value>
<!--这里的server是服务端的IP-->
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>
http://127.0.0.1:9999</param-value>
<!--这里的server是client服务端的IP-->
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/casLogin</url-pattern>
<!—需要过滤的地址-->
</filter-mapping>
<!--该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>
https://sso.wsria.com:8443/cas </param-value>
<!--这里不用加/login-->
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>
http://127.0.0.1:9999</param-value>
<!--这里的server是client服务端的IP-->
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
该过滤器负责实现HttpServletRequest请求的包裹,
比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。
-->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
比如AssertionHolder.getAssertion().getPrincipal().getName()。
-->
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--自动根据单点登录的结果设置本系统的用户信息 -->
<filter>
<display-name>AutoSetUserAdapterFilter</display-name>
<filter-name>AutoSetUserAdapterFilter</filter-name>
<filter-class>com.lams.sso.AutoSetUserAdapterFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AutoSetUserAdapterFilter</filter-name>
<url-pattern>/casLogin</url-pattern>
</filter-mapping>
<!-- ======================== 单点登录结束 ======================== -->
3. AutoSetUserAdapterFilter配置(获取cas登录用户名)
final Assertion assertion = (Assertion) (session == null ? request
.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION) : session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION));
String username = assertion == null ?null :assertion.getPrincipal().getName();
String password = this.getPasswd(username);//获取档案系统用户密码
session.setAttribute("usercode", username);
session.setAttribute("password", password);
response.sendRedirect(contextPath + "casLogin.jsp");
4. casLogin.jsp配置(中间页面,获取用户信息实现登录跳转)
<body onload="login()">
<form id="loginform" action="${pageContext.request.contextPath}/directAutoLoginPost" method="post">
<input type="hidden" id="usercode" name="usercode" value="<%=(String)session.getAttribute("usercode")%>"/>
<input type="hidden" id="password" name="password" value="<%=(String)session.getAttribute("password")%>"/>
<input type="hidden" id="moduleOwner" name="moduleOwner" value="D340973F8D51FA81"/>
<input type="hidden" id="moduleName" name="moduleName" value="2DD10C610FC92EDA9F525BA729193331"/>
<!--<input type="submit" value="post" /> -->
</form>
</body>
5. 需要的jar包:cas-client-core-3.1.1.jar
备注:/casLogin只为触发AutoSetUserAdapterFilter过滤器。
CAS参考链接:
http://blog.csdn.net/frinder/article/details/7969925
