改造CAS单点登录---⾃定义登陆页⾯(客户端)修改版本cas-client-3.2.1和cas-server-3.5.2,功能使⽤maven构建
引⼊cas的相关⼯程:cas-client-core、cas-server-core、cas-server-webapp
通过⾃定义认证过滤器,添加登录页⾯路径处理。废话不多说了,直接上代码。
⼀、修改cas-client-core⼯程
1.⾃定义认证过滤器RemoteAuthenticationFilter
package org.jasig.cas.client.authentication;
import org.jasig.cas.client.util.AbstractCasFilter;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.validation.Assertion;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.URL;
import java.URLEncoder;
/
**
* 远程认证过滤器.
* 由于AuthenticationFilter的doFilter⽅法被声明为final,
* 只好重新实现⼀个认证过滤器,⽀持localLoginUrl设置.
*
*/
public class RemoteAuthenticationFilter extends AbstractCasFilter {
public static final String CONST_CAS_GATEWAY = "_const_cas_gateway_";
/**
* The URL to the CAS Server login.
*/
private String casServerLoginUrl;
/**
* 本地登陆页⾯URL.
*/
private String localLoginUrl;
/**
* Whether to send the renew request or not.
*/
private boolean renew = false;
/**
* Whether to send the gateway request or not.
*/
private boolean gateway = false;
private boolean gateway = false;
protected void initInternal(final FilterConfig filterConfig) throws ServletException {
super.initInternal(filterConfig);
setCasServerLoginUrl(getPropertyFromInitParams(filterConfig, "casServerLoginUrl", null));
setLocalLoginUrl(getPropertyFromInitParams(filterConfig, "localLoginUrl", null));
setRenew(Boolean.parseBoolean(getPropertyFromInitParams(filterConfig, "renew", "false")));
setGateway(Boolean.parseBoolean(getPropertyFromInitParams(filterConfig, "gateway", "false")));
}
public void init() {
super.init();
CommonUtils.assertNotNull(this.localLoginUrl, "localLoginUrl cannot be null.");
CommonUtils.assertNotNull(this.casServerLoginUrl, "casServerLoginUrl cannot be null.");
}
public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletE final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
final HttpSession session = Session(false);
final String ticket = Parameter(getArtifactParameterName());
final Assertion assertion = session != null ? (Assertion) session
.getAttribute(CONST_CAS_ASSERTION) : null;
final boolean wasGatewayed = session != null
&& Attribute(CONST_CAS_GATEWAY) != null;
// 如果访问路径为localLoginUrl且带有validated参数则跳过
URL url = new URL(localLoginUrl);
final boolean isValidatedLocalLoginUrl = RequestURI().Path()) &&
CommonUtils.Parameter("validated"));
if (!isValidatedLocalLoginUrl && CommonUtils.isBlank(ticket) && assertion == null && !wasGatewayed) {
log.debug("no ticket and no assertion found");
if (this.gateway) {
log.debug("setting gateway attribute in session");
}
final String serviceUrl = constructServiceUrl(request, response);
if (log.isDebugEnabled()) {
log.debug("Constructed service url: " + serviceUrl);
}
String urlToRedirectTo = structRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), serviceUrl, w, this.gateway);
// 加⼊localLoginUrl
urlToRedirectTo += (ains("?") ? "&" : "?") + "loginUrl=" + de(localLoginUrl, "utf-8");
if (log.isDebugEnabled()) {
log.debug("redirecting to \"" + urlToRedirectTo + "\"");
}
response.sendRedirect(urlToRedirectTo);
return;
}
if (session != null) {
log.debug("removing gateway attribute from session");
session.setAttribute(CONST_CAS_GATEWAY, null);
}
}
try {
filterChain.doFilter(request, response);
} catch (Exception e) {
e.printStackTrace();
}
}
public final void setRenew(final boolean renew) {
}
public final void setGateway(final boolean gateway) {
this.gateway = gateway;
}
public final void setCasServerLoginUrl(final String casServerLoginUrl) {
this.casServerLoginUrl = casServerLoginUrl;
}
public final void setLocalLoginUrl(String localLoginUrl) {
this.localLoginUrl = localLoginUrl;
}
}
2.退出不能使⽤,修改SingleSignOutHandler去掉POST限制
public boolean isLogoutRequest(final HttpServletRequest request) {
return !isMultipartRequest(request) &&
CommonUtils.isNotBlank(CommonUtils.safeGetParameter(request, this.logoutParameterName)); }
3.登录成功后,ST超时失效抛出异常解决,跳转到⾸页重新获取ST
org.jasig.cas.client.validation.TicketValidationException:
票根'ST-1-U6pC9f9319mNNP0XqWjX-slimsmart'不符合⽬标服务
at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:85) at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:217)
at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169)
at org.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.jasig.cas.client.authentication.RemoteAuthenticationFilter.doFilter(RemoteAuthenticationFilter.java:114)
at org.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:76)
at org.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
at org.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.tor.CoyoteAdapter.service(CoyoteAdapter.java:407)
at http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
at AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at at.util.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at urrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at urrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:
修改AbstractTicketValidationFilter类doFilter⽅法
} catch (final TicketValidationException e) {
Message().equalsIgnoreCase("TicketValidation-slimsmart")){
response.RequestURL().toString());
return;
}
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
log.warn(e, e);
onFailedValidation(request, response);
if (ptionOnValidationFailure) {
throw new ServletException(e);
}
return;
}
修改Cas20ServiceTicketValidator类parseResponseFromServer⽅法
final String error = TextForElement(response,
"authenticationFailure");
if (CommonUtils.isNotBlank(error)) {
throw new TicketValidationException("TicketValidation-slimsmart");
}
⼆、客户端demo⼯程
1.创建cas-client-demo⼯程
<project xmlns="/POM/4.0.0" xmlns:xsi="/2001/XMLSchema-instance" xsi:schemaLocation="/POM/4.0.0 /xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>cn.slimsmart.sso.demo</groupId>
<artifactId>sso-demo</artifactId>
<version>0.0.1</version>
<packaging>war</packaging>
<dependencies>
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.2.1</version>
</dependency>
</dependencies>validation框架
</project>
2.登录页⾯login.jsp
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论