As I have just changed my job recently, I found the following configuration in the Web.xml of the new company's system:
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
Because I have not contacted the CAS single sign-on and single point logout, so on Google on the "Baidu" a bit, found to be a single sign-on configuration of CAs. Then read some articles about CAs and share them now.
Implementing CAS requires the use of Cas-server-core-3.3.3.jar (CAS server 3.3.3) and Cas-client-core-3.1.3.jar (CAS client 3.1.3)
Project combining CAs Springsecurity SSH
Common items (no spring security) can be added to the web.xml with the following code:
1 <filter>
2 <filter-name>cas single Sign out filter</filter-name>
3 <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
4 </filter>
5
6 <filter-mapping>
7 <filter-name>cas single Sign out filter</filter-name>
8 <url-pattern>/*</url-pattern>
9 </filter-mapping>
10
<listener>
<listener-class>
Org.jasig.cas.client.session.SingleSignOutHttpSessionListener
</listener-class>
</listener>
In our project, we can add filter to the Spring security filter chain because of the combination of springsecurity, or we can add it directly to the web.xml.
First, add the listener to the Web.xml.
[Xhtml]view plaincopyprint?
<!--Single Sign out-->
<listener>
<listener-class>
Org.jasig.cas.client.session.SingleSignOutHttpSessionListener
</listener-class>
</listener>
<!--Single Sign out-->
Then add the filter to the Spring security filter chain
<!--Single Sign out-->
<b:bean id= "Cassinglesignoutfilter" class= check. Singlesignoutfilter ">
<custom-filter before= "Cas_processing_filter"/>
Num </b:bean>
<!--Single Sign out-->
Note The above class= "check." Singlesignoutfilter "Is my custom filter (because the CAS3.1.3 definition of singlesignoutfilter does not work in some sense) please see http://www.javaeye.com/topic/546785
Define a class yourself?
Package check;
29
Import java.io.IOException;
Import java.util.Enumeration;
32
Import Javax.servlet.FilterChain;
Import Javax.servlet.FilterConfig;
Import javax.servlet.ServletException;
Import Javax.servlet.ServletRequest;
Panax Notoginseng import Javax.servlet.ServletResponse;
Import Javax.servlet.http.HttpServletRequest;
Import javax.servlet.http.HttpSession;
40
The import Org.apache.commons.logging.Log;
Import Org.apache.commons.logging.LogFactory;
Org.jasig.cas.client.session.HashMapBackedSessionMappingStorage import;
Import Org.jasig.cas.client.session.SessionMappingStorage;
Import Org.jasig.cas.client.util.AbstractConfigurationFilter;
Org.jasig.cas.client.util.CommonUtils import;
Import Org.jasig.cas.client.util.XmlUtils;
48
Public final class Singlesignoutfilter extends Abstractconfigurationfilter
50 {
Wuyi Private String Artifactparametername;
The private static sessionmappingstorage session_mapping_storage = new Hashmapbackedsessionmappingstorage ();
The private static log = Logfactory.getlog (Singlesignoutfilter.class);
54
Singlesignoutfilter Public ()
56 {
This.artifactparametername = "Ticket";
58}
59
public void init (Filterconfig filterconfig)
Servletexception throws
62 {
Setartifactparametername (Getpropertyfrominitparams (Filterconfig, "Artifactparametername", "Ticket"));
The Init ();
65}
66
public void init () {
Commonutils.assertnotnull (This.artifactparametername, "artifactparametername cannot be null.");
Commonutils.assertnotnull (Session_mapping_storage, "sessionmappingstorage cannote be null.");
70}
71
Setartifactparametername public void (String artifactparametername) {
This.artifactparametername = Artifactparametername;
74}
75
ServletRequest public void Dofilter (ServletRequest, Servletresponse servletresponse, Filterchain FilterChain) throws IOException, Servletexception {
The final httpservletrequest request = (httpservletrequest) servletrequest;
The final String logoutrequest = commonutils.safegetparameter (Request, "logoutrequest");
Enumeration ff = Request.getparameternames ();
A = Request.getquerystring ();
Bayi if (Commonutils.isnotblank (logoutrequest)) {
The final String sessionidentifier = xmlutils.gettextforelement (logoutrequest, "Sessionindex");
83
if (Commonutils.isnotblank (Sessionidentifier)) {
Final HttpSession session = Session_mapping_storage.removesessionbymappingid (Sessionidentifier);
86
if (session!= null) {
The String SessionID = Session.getid ();
The # try {
Session.invalidate ();
IllegalStateException catch (final E) {
92
93}
94}
95}