cas single sign on

1, cas server

1. Download cas.war. Baidu cloud disk 

2. Under the tomcat directory, start tomcat.

The address where cas started successfully is http://localhost:8080/cas/login

Default user name: casuser

Password: Mellon

3. Remove https authentication

cas uses https by default. This is modified to http.

Modify deployerConfigContext.xml

<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient"/>

Add the parameter p:requireSecure="false", the requireSecure property is whether security verification is required, i.e. HTTPS, and the false property is not used

(2) Modify / WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml of cas

<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
      p:cookieSecure="true"
      p:cookieMaxAge="-1"
      p:cookieName="CASTGC"
      p:cookiePath="/cas" />

Parameter p:cookieSecure="true", whether security verification is required, i.e. HTTPS, false is not used.

Parameter p: cookiemaxage = - 1 ", is the maximum life cycle of COOKIE, - 1 is no life cycle, that is, it is only valid in the currently opened window, closing or reopening other windows will still require validation. It can be changed to a number greater than 0 as needed, such as 3600, which means that no verification is needed to open any window within 3600 seconds.

Here, change cookieSecure to false and cookieMaxAge to 3600

(3) Modify the WEB-INF/spring-configuration/warnCookieGenerator.xml of cas

<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="true"
p:cookieMaxAge="-1"
p:cookieName="CASPRIVACY"
p:cookiePath="/cas" />

Change cookieSecure to false and cookieMaxAge to 3600

2, client side

Build two projects and configure the following information

1. Add jar package[ cas-client-core-3.2.1.jar ]Extraction code: ges2

2. Add the following configuration to web.xml

<!--Single sign on-->
    <filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <filter-class>
            org.jasig.cas.client.session.SingleSignOutFilter
        </filter-class>
    </filter>
    <filter>
        <filter-name>CAS Authentication Filter</filter-name>
        <filter-class>
            org.jasig.cas.client.authentication.AuthenticationFilter
        </filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <param-value>http://localhost:8080/cas/login</param-value>
            <!--cas The address of the server, only the port number is changed-->
        </init-param>
        <init-param>
            <param-name>renew</param-name>
            <param-value>false</param-value>
        </init-param>
        <init-param>
            <param-name>gateway</param-name>
            <param-value>false</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://localhost:8081</param-value>
            <!--Address of this app-->
        </init-param>
    </filter>
    <filter>
        <filter-name>CAS Validation Filter</filter-name>
        <filter-class>
            org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
        </filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>http://localhost:8080/cas</param-value>
            <!--cas The address of the server, only the port number-->
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://localhost:8081</param-value>
            <!--Address of this app-->
        </init-param>
        <init-param>
            <param-name>useSession</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>redirectAfterValidation</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter>
        <filter-name>CAS HttpServletRequestWrapperFilter</filter-name>
        <filter-class>
            org.jasig.cas.client.util.HttpServletRequestWrapperFilter
        </filter-class>
    </filter>
    <filter>
        <filter-name>GeneralCasFilter</filter-name>
        <filter-class>
            cn.com.xxx.CasFilter
        </filter-class>
        <!-- Full class name of custom filter-->
    </filter>
    <filter-mapping>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CAS Authentication Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CAS Validation Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CAS HttpServletRequestWrapperFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>GeneralCasFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

3. Define your own filter cn.com.xxx.CasFilter

Create cn.com.xxx.CasFilter class

import org.jasig.cas.client.authentication.AttributePrincipal;
import org.springframework.context.ApplicationContext;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.context.event.EventListener;

import javax.servlet.*;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.IOException;

public class CasFilter extends HttpServlet implements Filter {
    
    private static Manager manager;

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        AttributePrincipal attributePrincipal = (AttributePrincipal) httpRequest.getUserPrincipal();
        if (attributePrincipal != null) {
            //The obtained user name is the user name logged in on the cas page: for example, "casuser"
            String loginName = attributePrincipal.getName();
            String fromIpAddress = request.getLocalAddr();
            HttpSession session = httpRequest.getSession();
            //Adjust according to the actual situation
            Human human = manager.getSsoHuman(loginName);
            if (human != null) {
                //Set up automatic login system
            }
        }
        chain.doFilter(request, response);
    }

    //Because the filter is loaded in front of the service class, the class to obtain the service layer here needs to obtain initialization by itself
    public static void initBeans(ApplicationContext context) {
        if (manager == null) {
            manager = context.getBean(Manager.class);
        }
    }


    @Override
    public void destroy() {

    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

}

Create another class (the bean used to initialize the service layer)

The main purpose of changing classes is to listen to the application events, and then get the manager object.

import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationListener;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.stereotype.Component;

@Component
public class xxxApplicationListener implements ApplicationListener<ContextRefreshedEvent> {

    private static ApplicationContext context;

    @Override
    public void onApplicationEvent(ContextRefreshedEvent event) {
        context = event.getApplicationContext();
        //Call the method initialization bean of the previous class
        CasFilter.initBeans(context);
    }
}

4. If you don't need a custom filter, just remove the custom filter from web.xml.

Another: there are other methods that can get the service layer bean in the filter. However, I have tested them many times and failed to get them. The error NoSuchBeanDefinitionException is reported. So the application listener method was adopted later.

Other methods:

@Override
    public void init(FilterConfig filterConfig) throws ServletException {
        ServletContext servletContext = filterConfig.getServletContext();
        WebApplicationContext context = WebApplicationContextUtils.getWebApplicationContext(servletContext);
        if (context != null && context.getBean(Manager.class) != null && manager == null) {
            manager = context.getBean(AdminManager.class);
        }
    }

Reference resources

https://blog.csdn.net/weixin_41465541/article/details/80647246

Published 4 original articles, praised 0, visited 84
Private letter follow

Tags: xml Tomcat Spring Session

Posted on Tue, 10 Mar 2020 01:45:55 -0400 by gevo12321