"Test water CAS-4.0.3" section No. 07 _cas Client Configuration Single Sign-on

This article source code download: http://download.csdn.net/detail/jadyer/8934207

/** * @see CAS Client configuration * @see----------------------------------------------------------------------------------------- -------------------------------* @see Here is Cas-client-core-3.4.0.jar (this was released in 2015-07-21) * @see/HTTP// mvnrepository.com/artifact/org.jasig.cas.client/cas-client-core/3.4.0 * @see Additionally in order for the client to succeed under the HTTP protocol single point, You can modify the following two configurations so that they do not turn on HTTPS authentication * @see 1.\web-inf\deployerconfigcontext.xml * @see <bean class= "Org.jasig...support. Httpbasedservicecredentialsauthenticationhandler "> Add p:requiresecure=" false "* @see 2.\web-inf\ Spring-configuration\ticketgrantingticketcookiegenerator.xml and \web-inf\spring-configuration\ Warncookiegenerator.xml * @see p:cookiesecure= "true" to P:cookiesecure= "false" * @see two configuration methods are described below, one is the pure Web. XML configuration, One is configured with spring, and the relevant official documents are as follows * @see https://wiki.jasig.org/display/CASC/Configuring+the+Jasig+CAS+Client+for+Java+ In+the+web.xml * @see https://wiki.jasig.org/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+using+Spring * @see------------------------------------------------------------------------------------------------------------------------* @see Pure Web. XML * @see There are four sequential filter configurations required in Web. XML, and for certification purposes, it is best to configure them before other filter in the following order * @see Authenticationfilter * @see Ticketvalidationfilter (or other abstractticketvalidationfilter implementations, such as Cas20proxyreceivingticketvalidationfilter) * @see Httpservletrequestwrapperfilter * @see Assertionthreadlocalfilter * @see different filter <init-param> priority than < Context-param> to high, usually <context-param> used to configure common parameters * @see 1.AuthenticationFilter * @see used to intercept requests and determine if Casserver authentication is required, Need to jump to the Casserver login page, or release request * @see have two required parameters, one is to specify the Casserver login address Casserverloginurl, and the other is to specify the successful authentication after the address of the ServerName or service * @see Service and ServerName set one, both are set when the service priority is higher, the service will prevail * @see service refers to an exact URL, and servername is used to specify the host name of the client,   When the format is {protocol}:{hostname}:{port} * @see specify ServerName, the filter attaches it to the URI of the current request and the corresponding query parameter to construct an exact URL as the jump address after successful authentication * @see For example, servername is "http://gg.cn", the URI of the current request is "/oa", the query parameter is "AA=BB", then the authentication succeeds after the jump address is HTTP://GG.CN/OA?AA=BB * @see Casserverloginurl--where to log in, servername--who I am * @see 2.TicketValidationFilter * @see request through Authenticationfilter authentication, if the request carries the ticket parameter, The ticket to be carried by this class filter * @see verify ticket, to access the/servicevalidate interface of the CAS service, the URL used is ${casserverurlprefix}/ Servicevalidate * @see So it also has two parameters that must be specified, Casserverurlprefix (casserver corresponds to the prefix of the URL address) and servername or service * @see actually, Ticketvalidationfilter is only a generic term for the validation ticket of this class of filter, which does not correspond to the specific type in the casclient * @see Casclient has a variety of validation ticket filter, are inherited from Abstractticketvalidationfilter * @see common with cas10ticketvalidationfilter/ Cas20proxyreceivingticketvalidationfilter/saml11ticketvalidationfilter * @see Their validation logic is consistent,   All have abstractticketvalidationfilter implementation, just use Ticketvalidator not the same * @see 3.HttpServletRequestWrapperFilter * @see   Used to encapsulate each request's httpservletrequest for its internally defined Cashttpservletrequestwrapper * @see   It overwrites the assertion object saved in session or request with the Getuserprincipal (), Getremoteuser (), IsUserInRole () * of HttpServletRequest () * @see This makes it easy to get information about the user from the HttpServletRequest in our application * @see 4.AssertionThreadLocalFilter * @see for convenienceThe user obtains the assertion object elsewhere in the application, which stores the current assertion object in the current thread variable * @see Later, users can get the current assertion from the thread variable anywhere in the program. Instead of parsing from the session or request * @see the thread variable is held by Assertionholder, we only need to assertion assertion when we get the current assertion. Assertionholder.getassertion () * @see--------------------------------------------------------------------------- ---------------------------------------------* @see with spring * @see the above Web. XML Configuration Four filter method is different, You can use spring's four delegatingfilterproxy to proxy the four filter * that you need to configure @see at this point the four filter should be configured as a spring bean object, and the < in Web. xml Filter-name> should correspond to Springbean name * @see but singlesignoutfilter/httpservletrequestwrapperfilter/ Assertionthreadlocalfilter filter does not include configuration parameters * @see So actually only need to configure Authenticationfilter and Cas20proxyreceivingticketvalidationfilter two filter by the Spring agent can be * @see----------- ------------------------------------------------------------------------------------------------------------- * @ See note * @see 1.cas1.0 provides an interface with/validate,cas2.0 provided interface has/servicevalidate,/proxyvalidate,/proxy * @see 2. Four filter too much, Consider a reference org if you have time. Springframework.web.filter.CompositeFilter write a filter to implement * @see 3.web.xml benefit is that you can configure resources for anonymous access.   Configuration parameters Reference Authenticationfilter in the Ignoreurlpatternmatcherstrategyclass * @see At least the spring configuration in Cas-client-core-3.4.0.jar does not support Ignorepattern (this parameter is verified by default, and contains and equals are verified) * @see 4. Javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:No name Matching casserver found * @see this is due to an error in the domain name where the certificate was created and the CAS service domain name that is configured in the application (it is plain that the CRT certificate imported by the client differs from the domain name on the CAS server) * @see------------------------------------------- -----------------------------------------------------------------------------* @create 2015-7-26 1:00:14 * @ Author Xuan Jade 
The following is the configuration of Web. xml
<?xml version= "1.0" encoding= "UTF-8"? ><web-app version= "2.5" xmlns= "Http://java.sun.com/xml/ns/javaee" Xmlns:xsi= "Http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation= "Http://java.sun.com/xml/ns/javaee http ://java.sun.com/xml/ns/javaee/web-app_2_5.xsd "><context-param><param-name>contextconfiglocation </param-name><param-value>classpath:applicationcontext.xml</param-value></context-param ><listener><listener-class>org.springframework.web.context.contextloaderlistener</ listener-class></listener><servlet><servlet-name>springmvc</servlet-name>< servlet-class>org.springframework.web.servlet.dispatcherservlet</servlet-class><init-param>< param-name>contextconfiglocation</param-name><param-value>classpath:applicationcontext.xml</ param-value></init-param></servlet><servlet-mapping><servlet-name>springmvc</ Servlet-name><url-patTern>/</url-pattern></servlet-mapping><filter><filter-name>characterencodingfilter </filter-name><filter-class>org.springframework.web.filter.characterencodingfilter</ filter-class><init-param><param-name>encoding</param-name><param-value>utf-8</ param-value></init-param><init-param><param-name>forceencoding</param-name>< Param-value>true</param-value></init-param></filter><filter-mapping><filter-name >characterencodingfilter</filter-name><url-pattern>/*</url-pattern></filter-mapping ><!--SSO--><filter><filter-name>casauthenticationfilter</filter-name>< filter-class>org.springframework.web.filter.delegatingfilterproxy</filter-class></filter>< filter-mapping><filter-name>casauthenticationfilter</filter-name><url-pattern>/*</ Url-pattern></filter-mapping><filTer><filter-name>casticketvalidationfilter</filter-name><filter-class> Org.springframework.web.filter.delegatingfilterproxy</filter-class></filter><filter-mapping> <filter-name>casticketvalidationfilter</filter-name><url-pattern>/*</url-pattern></ filter-mapping><!--<context-param><param-name>servername</param-name><param-value >http://boss.jadyer.com:8080</param-value></context-param><filter><filter-name> Casauthenticationfilter</filter-name><filter-class> Org.jasig.cas.client.authentication.authenticationfilter</filter-class><init-param><param-name >casServerLoginUrl</param-name><param-value>http://sso.jadyer.com:8080/cas-server-web/login< /param-value></init-param></filter><filter-mapping><filter-name> Casauthenticationfilter</filter-name><url-pattern>/*</url-pattern></filter-mappiNg><filter><filter-name>casticketvalidationfilter</filter-name><filter-class> Org.jasig.cas.client.validation.cas20proxyreceivingticketvalidationfilter</filter-class><init-param ><param-name>casserverurlprefix</param-name><param-value>http://sso.jadyer.com:8080/ Cas-server-web</param-value></init-param></filter><filter-mapping><filter-name> Casticketvalidationfilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>- -><filter><filter-name>cashttpservletrequestwrapperfilter</filter-name><filter-class >org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class></filter>< Filter-mapping><filter-name>cashttpservletrequestwrapperfilter</filter-name><url-pattern> /*</url-pattern></filter-mapping><filter><filter-name>casassertionthreadlocalfilter </filter-name><filter-class&Gt;org.jasig.cas.client.util.assertionthreadlocalfilter</filter-class></filter><filter-mapping ><filter-name>casassertionthreadlocalfilter</filter-name><url-pattern>/*</url-pattern ></filter-mapping></web-app>
here's//src//applicationcontext.xml .
<?xml version= "1.0" encoding= "UTF-8"? ><beans xmlns= "Http://www.springframework.org/schema/beans" xmlns: Xsi= "Http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc= "Http://www.springframework.org/schema/mvc" xsi: schemalocation= "Http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/ Spring-beans-3.2.xsd http://www.springframework.org/schema/mvchttp://www.springframework.org/schema/mvc/ Spring-mvc-3.2.xsd "><bean class=" Org.springframework.beans.factory.config.PropertyPlaceholderConfigurer " ><property name= "Systempropertiesmodename" value= "system_properties_mode_override"/><property name= " Ignoreresourcenotfound "value=" false "/><property Name=" Locations "><list><value>classpath: Config.properties</value></list></property></bean><mvc:resources mapping= "/index.jsp "Location="/index.jsp "/><!--cas--><bean name=" Casauthenticationfilter "class=" Org.jasig.cas.client.authentication.AutheNticationfilter "><property name=" ServerName "value=" ${casclientservername} "/><property name=" Casserverloginurl "value=" ${casserverloginurl} "/></bean><bean name=" Casticketvalidationfilter "class= "Org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter" ><property name= "ServerName" Value= "${casclientservername}"/><property name= "Ticketvalidator" ><bean class= " Org.jasig.cas.client.validation.Cas20ServiceTicketValidator "><constructor-arg index=" 0 "value=" ${ Casserverurlprefix} "/></bean></property></bean></beans>
here's//src//config.properties .
#<<central authentication service>> #where to logincasserverloginurl=http://sso.jadyer.com:8080/ Cas-server-web/login#login Server rootcasserverurlprefix=http://sso.jadyer.com:8080/cas-server-web#who am icasclientservername=http://boss.jadyer.com:8080
and finally the//webroot//index.jsp .
<%@ page pageencoding= "UTF-8"%><%@ page import= "java.util.Map"%><%@ page import= "Java.net.URLDecoder" %><%@ page import= "org.jasig.cas.client.util.AssertionHolder"%><%@ page import= " Org.jasig.cas.client.authentication.AttributePrincipal "%><body style=" Background-color: #CBE0C9; " ><span style= "color:red; font-size:32px; Font-weight:bold; " > Client Login succeeded </span></body>Next you can test, modify several configurations before testing, simulate a single point environment
/** * @see------------------------------------------------------------------------------------------------------- -----------------* Add the following three configurations in C:\Windows\System32\drivers\etc\hosts @see Test * @see 127.0.0.1 sso.jadyer.com * @see 127.0.0.1 boss.jadyer.com * @see 127.0.0.1 risk.jadyer.com * @see---------------------------------------------------- --------------------------------------------------------------------* @see then copy three Tomcat, respectively, as SSO server and two SSO client * @see Modify the following three ports on the \tomcat\conf\server.xml of the two SSO clients to ensure that the boot listener port is not duplicated * @see <server port= "8105" shutdown= "Shutdown" > * @see <connector port= "8180" protocol= "http/1.1" ......> * @see <connector port= "8109" protocol= "AJP/1.3" redirectport= "8443"/> * @see <server port= "8205" shutdown= "Shutdown" > * @see <connector port= "8280" protocol = "http/1.1" ......> * @see <connector port= "8209" protocol= "ajp/1.3" redirectport= "8443"/> * @see------------- -----------------------------------------------------------------------------------------------------------* @see Last modified the \tomcat\webapps\cas-client\web-inf\classes\ of two SSO clients Casclientservername value of Config.properties * @see casclientservername=http://boss.jadyer.com:8180 * @see casclientservername=http://risk.jadyer.com:8280 * @see---------------------------------------------------------- --------------------------------------------------------------* @create 2015-7-26 PM 1:08:35 * @author Xuan Yu 
Start testing now

First visit http://boss.jadyer.com:8180/cas-client, found that no login will automatically jump to the single sign-on page


Login successful after entering password


Re-visit Http://risk.jadyer.com:8280/cas-client, you will find the automatic login success, no longer login

 
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
 
"Test water CAS-4.0.3" section No. 07 _cas Client Configuration Single Sign-on