web项目接入cas单点登陆

注：访问和web.xml的配置中不要使用localhost或127.0.0.1，因为cas服务器有时需要回调，如果写的是localhost或127.0.0.1，将无法回调回来。

我的ip是10.10.10.12

PS: java客户端下载地址：http://developer.jasig.org/cas-clients/

前置条件：

导入证书到jdk的证书库。注意jdk证书库的路径和sso证书路径：

证书相关生成过程请看文章：TODO

keytool -import -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -file D:/security/xxx-sso.crt -alias sso.xxx.com -storepass changeit

1、创建好相应的maven web项目，我的是SsoClientDemo

2、添加cas-client的jar包

由于是用maven，直接在pom.xml中加入下面内容即可：

依赖cas 3.3.3

<dependencies>
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.3.3</version>
</dependency>
</dependencies>

3、修改web.xml，加入下面的配置内容：

注：我的cas服务的url为：https://sso.xxx.com:8443/xxx-cas-server

<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>

<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://sso.xxx.com:8443/xxx-cas-server/login</param-value>

</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://10.10.10.12:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://sso.xxx.com:8443/xxx-cas-server</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://10.10.10.12:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

4、新建一个Servlet，并在web.xml中进行配置

package com.xxx.sso.client.demo.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class HelloServlet extends HttpServlet {
private static final long serialVersionUID = 1634321560241660991L;
@Override
protected void service(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
resp.getWriter().append("This is Hello Servlet...");
}

}

在web.xml配置servlet

<servlet>
<servlet-name>helloServlet</servlet-name>
<servlet-class>com.xxx.sso.client.demo.servlet.HelloServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>helloServlet</servlet-name>
<url-pattern>/helloServlet</url-pattern>
</servlet-mapping>

5、部署项目并启动tomcat，访问helloServlet

在浏览器输入：10.10.10.12:8080/SsoClientDemo/helloServlet

会自动跳转到单点登陆服务器：



使用相应的账号密码登陆就好了。具体cas服务器配置请参考 TODO

6、接入的子系统获取登陆的用户名

从cas登陆回调回来之后，我们需要知道到底是谁登陆的，可以通过AttributePrincipal来获取登陆的用户名。

Assertion assertion = (Assertion) req.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
AttributePrincipal principal = assertion.getPrincipal();
String username = principal.getName();
System.out.println(username);