As I recently changed my job, I found the following configuration in the new company's system Web. XML:
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
Because I have not contacted the CAS single sign-on and single-point logout, so on Google on the "Baidu" a bit, found to be CAS single sign-on configuration. Next read some articles about CAs and share them now.
Implementing CAS requires the use of Cas-server-core-3.3.3.jar (CAS server 3.3.3) and Cas-client-core-3.1.3.jar (CAS client 3.1.3)
Project combined with CAS springsecurity SSH
Normal projects (without spring Security) can include the following code in Web. XML:
1 <filter>
2 <filter-name>cas filter</filter-name>
3 <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
4 </filter>
5
6 <filter-mapping>
7 <filter-name>cas filter</filter-name>
8 <url-pattern>/*</url-pattern>
9 </filter-mapping>
10
<listener>
<listener-class>
Org.jasig.cas.client.session.SingleSignOutHttpSessionListener
</listener-class>
</listener>
In our project, thanks to the combination of springsecurity, you can add the filter to the spring security filter chain, or you can add it directly to the Web. xml
First, add the listener to Web. Xml.
[Xhtml]view plaincopyprint?
<!--
<listener>
<listener-class>
Org.jasig.cas.client.session.SingleSignOutHttpSessionListener
</listener-class>
</listener>
<!--
Then add the filter to the Spring security filter chain
<!--
<b:bean id= "Cassinglesignoutfilter" class= "check. Singlesignoutfilter ">
<custom-filter before= "Cas_processing_filter"/>
</b:bean>
<!--
Note The above class= "check. Singlesignoutfilter "Is my custom filter (because the Singlesignoutfilter defined by CAS3.1.3 does not work in some sense) see http://www.javaeye.com/topic/546785
Define yourself a class?
Package check;
29
Import java.io.IOException;
Import java.util.Enumeration;
32
Javax.servlet.FilterChain import;
Javax.servlet.FilterConfig import;
Javax.servlet.ServletException import;
Javax.servlet.ServletRequest import;
Panax Notoginseng import Javax.servlet.ServletResponse;
Javax.servlet.http.HttpServletRequest import;
Javax.servlet.http.HttpSession import;
40
Org.apache.commons.logging.Log import;
Org.apache.commons.logging.LogFactory import;
Org.jasig.cas.client.session.HashMapBackedSessionMappingStorage import;
Org.jasig.cas.client.session.SessionMappingStorage import;
Org.jasig.cas.client.util.AbstractConfigurationFilter import;
Org.jasig.cas.client.util.CommonUtils import;
Org.jasig.cas.client.util.XmlUtils import;
48
$ public final class Singlesignoutfilter extends Abstractconfigurationfilter
50 {
Wuyi Private String Artifactparametername;
The private static sessionmappingstorage session_mapping_storage = new Hashmapbackedsessionmappingstorage ();
$ private static Log log = Logfactory.getlog (Singlesignoutfilter.class);
54
Public Singlesignoutfilter ()
56 {
This.artifactparametername = "Ticket";
58}
59
public void init (Filterconfig filterconfig)
Throws Servletexception
62 {
Setartifactparametername (Getpropertyfrominitparams (Filterconfig, "Artifactparametername", "Ticket"));
+ init ();
65}
66
$ public void init () {
Commonutils.assertnotnull (This.artifactparametername, "artifactparametername cannot be null.");
Commonutils.assertnotnull (Session_mapping_storage, "sessionmappingstorage cannote be null.");
70}
71
Setartifactparametername public void (String artifactparametername) {
This.artifactparametername = Artifactparametername;
74}
75
public void DoFilter (ServletRequest servletrequest, Servletresponse servletresponse, Filterchain Filterchain) throws IOException, Servletexception {
Final HttpServletRequest request = (httpservletrequest) servletrequest;
The final String logoutrequest = commonutils.safegetparameter (Request, "logoutrequest");
Enumeration ff = Request.getparameternames ();
String a = request.getquerystring ();
Bayi if (Commonutils.isnotblank (logoutrequest)) {
Sessionidentifier Final String = Xmlutils.gettextforelement (logoutrequest, "Sessionindex");
83
if (Commonutils.isnotblank (Sessionidentifier)) {
Final HttpSession session = Session_mapping_storage.removesessionbymappingid (Sessionidentifier);
86
if (session! = NULL) {
SessionID String = Session.getid ();
try {
Session.invalidate ();
IllegalStateException} catch (Final E) {
92
93}
94}
95}