sso研发记载
最近对SSO感兴趣,下载了CAS的最新的源码进行研究,不得不说代码写得真漂亮。
在原有的功能上,我也对其进行了部分扩展
1.用户在服务端登录成功后,返回多用户信息给客户端
2.解决cas传输中的乱码问题
3.增加远程登录口
4.增加验证码,记住我等等小功能
5.增加webservice接口
6.集成(JSP\php\asp)等客户端
嗯,有空还是得记载下开发过程,免得以后遗忘
?
一、java写的web客户端集成到cas中:
1)、web.xml中加过滤器
<!-- sso filter -->
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置-->?
<listener>?
???? <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>?
</listener>
?
<!-- 该过滤器用于实现单点登出功能,可选配置。 -->?
<filter>?
???? <filter-name>CAS Single Sign Out Filter</filter-name>?
???? <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>?
</filter>?
<filter-mapping>?
???? <filter-name>CAS Single Sign Out Filter</filter-name>?
???? <url-pattern>/*</url-pattern>?
</filter-mapping>
???
<filter>
?? <filter-name>CAS Authentication Filter</filter-name>
??? <!--由于功能扩展需求,我重写了过滤器-->
???? <filter-class>com.demo.filter.AuthenticationFilter</filter-class>
???? <init-param>
???????? <param-name>casServerLoginUrl</param-name>
???????? <param-value>https://localhost/cas/login</param-value>
???? </init-param>
???? <init-param>???
?????? <param-name>serverName</param-name>???
?????? <param-value>localhost:8080</param-value>?
???? </init-param>
???? <init-param>?
??????? <param-name>renew</param-name>?
??????? <param-value>false</param-value>?
???? </init-param>?
???? <!--扩展功能,远程登录页面不进行过滤-->
? <init-param>
??? <param-name>notchecklist</param-name>
??? <param-value>/login.jsp;</param-value>
? </init-param>???
</filter>
<!-- 过滤器保护的URL,如果能访问这个保护的URL,表示经过CAS验证,可以做获取权限的操作。-->?
<filter-mapping>?
??? <filter-name>CAS Authentication Filter</filter-name>?
??? <url-pattern>*.jsp</url-pattern>?
</filter-mapping>?
<filter-mapping>?
??? <filter-name>CAS Authentication Filter</filter-name>
??? <url-pattern>*.do</url-pattern>?
</filter-mapping>?
?
<filter>?
??? <filter-name>CasValidationFilter</filter-name>?
??? <filter-class>com.demo.filter.Cas20ProxyReceivingTicketValidationFilter</filter-class>?
??? <init-param>?
??????? <param-name>casServerUrlPrefix</param-name>?
??????? <param-value>https://localhost/cas</param-value>?
??? </init-param>?
??? <init-param>?
??????? <param-name>serverName</param-name>?
??????? <param-value>localhost:8080</param-value>?
??? </init-param>?
??? <init-param>?
??????? <param-name>redirectAfterValidation</param-name>?
??????? <param-value>true</param-value>?
??? </init-param>
??? <init-param>
?? <!--解决中文传输乱码问题-->
?? <param-name>encoding</param-name>
??????? <param-value>UTF-8</param-value>
? </init-param>
</filter>?
?
<filter-mapping>?
??? <filter-name>CasValidationFilter</filter-name>?
??? <url-pattern>/*</url-pattern>?
</filter-mapping>?
?
<!--该过滤器负责实现HttpServletRequest请求的包裹,??
??????????? 比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。-->?
<filter>?
??? <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>?
??? <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>?
</filter>?
<filter-mapping>?
??? <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>?
??? <url-pattern>/*</url-pattern>?
</filter-mapping>?
<filter>?
??? <filter-name>CAS Assertion Thread Local Filter</filter-name>?
??? <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>?
</filter>?
<filter-mapping>?
??? <filter-name>CAS Assertion Thread Local Filter</filter-name>?
??? <url-pattern>/*</url-pattern>?
</filter-mapping>?
?
?
解决登录cas后依旧显示登录口的问题
将配置文件夹下的warnCookieGenerator.xml打开 p:cookieSecure设置为true,还有注意p:cookiePath要改为你自己设置的项目根路径,否则sessionid在传输过程中很可能会丢失。
