SSO CAS篇-CFANZ编程社区

SSO实现方式有多种，主流的OAUTH2.0、SAML2.0、OPENID

一些SSO实现的组件也应运而生，目前接触的有CAS、KEYCLOAK

点击进入CAS官网

笔者对CAS接触不多，可能是先使用了KEYCLOAK的缘故

CAS首先要部署一个极简版CAS-server

CAS默认要求开启https

首次使用建议 WEB-INF\classes\services\HTTPSandIMAPS-10000001.json

1.设置 "serviceId" : "^(https|imaps)://.*"改为"serviceId" : "^(https|http|imaps)://.*"

\WEB-INF\classes\application.properties

2.设置 cas.authn.accept.users=admin::admin //设置用户信息

cas.tgc.secure=false

cas.serviceRegistry.initFromJson=true

部署后效果如图

应用APP集成方式：
pom引入
<dependency>
		<groupId>org.jasig.cas.client</groupId>
		<artifactId>cas-client-core</artifactId>
		<version>3.5.0</version>
</dependency>

web.xml做如下配置：
	<listener>
		<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
	</listener>
     <!-- 该过滤器用于实现单点登出功能，可选配置。 -->
    <filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>http://hostname/cas</param-value><!--这里的 server 是 CAS 服务端的 IP -->
        </init-param>
    </filter>
    <!-- 该过滤器负责用户的认证工作，必须启用它 -->
    <filter>
        <filter-name>CASFilter</filter-name>
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <param-value>http://hostname/cas/login</param-value><!--这里的 server 是 CAS 服务端的 IP -->
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://apphostname</param-value> <!--这里的 server 是 DMS 系统的 IP -->
        </init-param>
    </filter>
    <!-- 该过滤器负责对 Ticket 的校验工作，必须启用它 -->
    <filter>
        <filter-name>CASValidationFilter</filter-name>
        <filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>http://hostname/cas</param-value> <!--这里的 server 是 CAS 服务端 -->
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://apphostname</param-value> <!--这里的 server 是 DMS 系统地址 -->
        </init-param>
    </filter>
    <filter>
        <filter-name>CAS Assertion Thread Local Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
    </filter>
    
    <filter-mapping>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <url-pattern>/WmsLogoutAction</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CASFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CASValidationFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CAS Assertion Thread Local Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>