0
点赞
收藏
分享

微信扫一扫

SSO CAS篇

Raow1 2022-04-22 阅读 83
java

SSO实现方式有多种,主流的OAUTH2.0、SAML2.0、OPENID

一些SSO实现的组件也应运而生,目前接触的有CAS、KEYCLOAK

点击进入CAS官网

笔者对CAS接触不多,可能是先使用了KEYCLOAK的缘故

CAS首先要部署一个极简版CAS-server

CAS默认要求开启https

首次使用建议 WEB-INF\classes\services\HTTPSandIMAPS-10000001.json

1.设置 "serviceId" : "^(https|imaps)://.*"改为"serviceId" : "^(https|http|imaps)://.*"

\WEB-INF\classes\application.properties

2.设置 cas.authn.accept.users=admin::admin //设置用户信息

cas.tgc.secure=false

cas.serviceRegistry.initFromJson=true

部署后效果如图

应用APP集成方式:
pom引入
<dependency>
		<groupId>org.jasig.cas.client</groupId>
		<artifactId>cas-client-core</artifactId>
		<version>3.5.0</version>
</dependency>

web.xml做如下配置:
	<listener>
		<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
	</listener>
     <!-- 该过滤器用于实现单点登出功能,可选配置。 -->
    <filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>http://hostname/cas</param-value><!--这里的 server 是 CAS 服务端的 IP -->
        </init-param>
    </filter>
    <!-- 该过滤器负责用户的认证工作,必须启用它 -->
    <filter>
        <filter-name>CASFilter</filter-name>
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <param-value>http://hostname/cas/login</param-value><!--这里的 server 是 CAS 服务端的 IP -->
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://apphostname</param-value> <!--这里的 server 是 DMS 系统的 IP -->
        </init-param>
    </filter>
    <!-- 该过滤器负责对 Ticket 的校验工作,必须启用它 -->
    <filter>
        <filter-name>CASValidationFilter</filter-name>
        <filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>http://hostname/cas</param-value> <!--这里的 server 是 CAS 服务端 -->
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://apphostname</param-value> <!--这里的 server 是 DMS 系统地址 -->
        </init-param>
    </filter>
    <filter>
        <filter-name>CAS Assertion Thread Local Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
    </filter>
    
    <filter-mapping>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <url-pattern>/WmsLogoutAction</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CASFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CASValidationFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CAS Assertion Thread Local Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
举报

相关推荐

0 条评论