Implement CAS single-point logout

Source: Internet
Author: User

Because the project needs to achieve single-point logout, you need to find it online for a long time and finally achieve single-point logout.

Using cas-server-core-3.3.3.jar (CAS server 3.3.3)

Using cas-client-core-3.1.3.jar (CAS client 3.1.3)


Project combined with CAS springsecurity SSH


For common projects (without spring Security), you can add the following code to Web. xml:

<Filter> <br/> <filter-Name> CAS Single Sign Out filter </filter-Name> <br/> <filter-class> Org. JASIG. CAS. client. session. singlesignoutfilter </filter-class> <br/> </filter> </P> <p> <filter-mapping> <br/> <filter-Name> CAS Single Sign Out filter </filter-Name> <br/> <URL-pattern>/* </url-pattern> <br/> </filter-mapping> </P> <p> <listener> <br/> <listener-class> <br/> Org. JASIG. CAS. client. session. singlesignouthttpsessionlistener <br/> </listener-class> <br/> </listener>



In our project, springsecurity can be used to add the filter to the spring security filter chain, or directly add the filter to the Web. xml file.

First, add the listener to Web. xml.

<! -- Single Sign Out --> <br/> <listener-class> <br/> Org. JASIG. CAS. client. session. singlesignouthttpsessionlistener <br/> </listener-class> <br/> </listener> <br/> <! -- Single Sign Out -->


Add the filter to the spring security filter chain.


<! -- Single Sign Out --> <br/> <B: bean id = "cassinglesignoutfilter" class = "check. singlesignoutfilter "> <br/> <custom-filter before =" cas_processing_filter "/> <br/> </B: bean> <br/> <! -- Single Sign Out -->


Note that the above class = "check. singlesignoutfilter" is my custom filter (because the singlesignoutfilter defined in cas3.1.3 does not play a role in some way) See the for details

Define a class

Package check; </P> <p> Import Java. io. ioexception; <br/> Import Java. util. enumeration; </P> <p> Import javax. servlet. filterchain; <br/> Import javax. servlet. filterconfig; <br/> Import javax. servlet. servletexception; <br/> Import javax. servlet. servletrequest; <br/> Import javax. servlet. servletresponse; <br/> Import javax. servlet. HTTP. httpservletrequest; <br/> Import javax. servlet. HTTP. httpsession; </P> <p> Import Org. apache. commons. logging. log; <br/> Import Org. apache. commons. logging. logfactory; <br/> Import Org. JASIG. CAS. client. session. hashmapbackedsessionmappingstorage; <br/> Import Org. JASIG. CAS. client. session. sessionmappingstorage; <br/> Import Org. JASIG. CAS. client. util. abstractconfigurationfilter; <br/> Import Org. JASIG. CAS. client. util. commonutils; <br/> Import Org. JASIG. CAS. client. util. xmlutils; </P> <p> Publ IC final class singlesignoutfilter extends abstractconfigurationfilter <br/>{< br/> private string artifactparametername; <br/> Private Static sessionmappingstorage session_mapping_storage = new hashmapbackedsessionmappingstorage (); <br/> Private Static log = logfactory. getlog (singlesignoutfilter. class); </P> <p> Public singlesignoutfilter () <br/>{< br/> This. artifactparametername = "ticket"; <B R/>}</P> <p> Public void Init (filterconfig) <br/> throws servletexception <br/>{< br/> setartifactparametername (getpropertyfrominitparams (filterconfig, "artifactparametername", "ticket"); <br/> Init (); <br/>}</P> <p> Public void Init () {<br/> commonutils. assertnotnull (this. artifactparametername, "artifactparametername cannot be null. "); <br/> commonutils. assertnotnull (session_mapp Ing_storage, "sessionmappingstorage cannote be null. "); <br/>}</P> <p> Public void setartifactparametername (string artifactparametername) {<br/> This. artifactparametername = artifactparametername; <br/>}</P> <p> Public void dofilter (servletrequest, servletresponse, filterchain) throws ioexception, servletexception {<br/> final httpservletrequest request = (Httpservletrequest) servletrequest; <br/> final string logoutrequest = commonutils. safegetparameter (request, "logoutrequest"); <br/> enumeration FF = request. getparameternames (); <br/> string a = request. getquerystring (); <br/> If (commonutils. isnotblank (logoutrequest) {<br/> final string sessionidentifier = xmlutils. gettextforelement (logoutrequest, "sessionindex"); </P> <p> If (commonutils. I Snotblank (sessionidentifier) {<br/> final httpsession session = session_mapping_storage.removesessionbymappingid (sessionidentifier); </P> <p> If (session! = NULL) {<br/> string sessionid = session. GETID (); <br/> try {<br/> session. invalidate (); <br/>} catch (final illegalstateexception E) {</P> <p >}< br/>}</P> <p> else {<br/> final string artifact = commonutils. safegetparameter (request, this. artifactparametername); <br/> final httpsession session = request. getsession (false); </P> <p> If (commonutils. isnotblank (artifact) & session! = NULL) {<br/> try {<br/> session_mapping_storage.removebysessionbyid (Session. GETID (); <br/>} catch (final exception e) {</P> <p >}< br/> session_mapping_storage.addsessionbyid (artifact, session ); <br/>}</P> <p> filterchain. dofilter (servletrequest, servletresponse); <br/>}</P> <p> Public void setsessionmappingstorage (sessionmappingstorage storage) {<br/> session_mapping_storage = storage; <br/>}</P> <p> Public static sessionmappingstorage getsessionmappingstorage () {<br/> return session_mapping_storage; <br/>}</P> <p> Public void destroy () <br/>{< br/>}< br/>}


This enables single-point logout. (Single-point exit for all Java applications)

1) The result of this implementation is that when logging out, the CAS server distributes the request to each client so that all clients can log out. This must be obtained by the filter. For example: an index page has two links, one pointing to the Java application, and the other pointing to the PHP application. After the Java application adds a filter, the corresponding action can be taken to exit. If php does not add any filter, it does not exit. Therefore, you have to write a filter.



2) When we click to exit, we request the CAS server and then the server distributes the message for each application to exit. the Java program uses filter to exit. PHP provides a phpcas: handlelogoutrequests () to check the information sent from the server,

For details, we can put this code in the click event of phpbb3/include/function. php. The Code is as follows:

If (! $ Admin & cas_enable) {<br/> // initialize phpcas <br/> phpcas: client (response, cas_server_hostname, cas_server_port, cas_server_app_name); <br/> phpcas :: setnocasservervalidation (); <br/> // force CAS authentication <br/> phpcas: handlelogoutrequests (); // you can check whether the server sends a logout message. <Br/> phpcas: forceauthentication ();

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.