正文
jfinal集成cas单点认证实践
小程序:扫一扫查出行
【扫一扫了解最新限行尾号】
复制小程序
【扫一扫了解最新限行尾号】
复制小程序
本示例jfinal集成cas单点认证,采用获取到登录用户session信息后,在本地站点备份一份session信息,主要做以下几个步骤:
1、站点引入响应jar包;
2、在web.xml中配置对应过滤器;
3、增加拦截handler,并在jfinal的config中配置。
4、注销操作
此次示例在handler中获取登录用户session,并设置本站点session。
详细介绍如下:
1、引入jar包
需要引入两个jar包:cas-client-core-3.2.2.jar和commons-logging-1.2.jar;
将两个jar包放入站点WEB-INFO/lib下即可;
2、在web.xml中配置对应过滤器
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<context-param>
<param-name>getAuthMenuUrl</param-name>
<param-value>http://192.168.2.175:8082/hebswj_yw/api/modulePermis/</param-value>
</context-param>
<context-param>
<param-name>homePageUrl</param-name>
<param-value>http://192.168.2.175:8082/hebswj/index.jsp</param-value>
</context-param> <!-- ========================集成CAS单点登录模块 开始=========================== -->
<!-- 1.CAS单点登出 -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <!-- 2.CAS单点登录 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://192.168.2.175:8082/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://127.0.0.1</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <!-- 3.CAS票据验证 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://192.168.2.175:8082/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://127.0.0.1</param-value>
</init-param>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <!--4. CAS HttpServletRequest Wrapper Filter 这个是HttpServletRequet的包裹类,让他支持getUserPrincipal,getRemoteUser方法来取得用户信息-->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <!--5. CAS Assertion Thread Local Filter 这个类把Assertion信息放在ThreadLocal变量中,这样应用程序不在web层也能够获取到当前登录信息-->
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- ========================集成CAS单点登录模块 结束=========================== --> <filter>
<filter-name>jfinal</filter-name>
<filter-class>com.jfinal.core.JFinalFilter</filter-class>
<init-param>
<param-name>configClass</param-name>
<param-value>com.config.Config</param-value>
</init-param>
</filter> <filter-mapping>
<filter-name>jfinal</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <welcome-file-list>
<welcome-file>web/index.jsp</welcome-file>
</welcome-file-list>
</web-app>
web.xml配置
注:cas的过滤器需要配置在jfinal过滤器前面,否则在handler中获取不到传入的登录用户session信息;
web.xml中配置的serverName当前地址必须为ip地址,不可为127.0.0.1,具体原因还不清楚,待后续研究。
3、增加拦截handler,并在jfinal中配置
package com.handler; import java.io.Console;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jasig.cas.client.authentication.AttributePrincipal;
import com.jfinal.handler.Handler;
import com.model.User; /**
* 用于cas验证辅助使用,并存储用户信息到session
* @author sunflower
*
*/
public class CasHelpHandler extends Handler{ @Override
public void handle(String target, HttpServletRequest request,
HttpServletResponse response, boolean[] isHandled) { int index = target.lastIndexOf(";jsessionid"); if(index>-1){
target = index==-1?target:target.substring(0, index);
} AttributePrincipal principal1 = (AttributePrincipal) request.getUserPrincipal();
Map<String, Object> userMap = principal1.getAttributes(); if(userMap!=null){
User user=new User();
user.setUserId(userMap.get("UserId").toString());
user.setUserName(userMap.get("RealName").toString());
user.setDeptId(userMap.get("DeptId").toString());
user.setRoleId(userMap.get("RoleId").toString());
request.getSession().setAttribute("user",user);
} nextHandler.handle(target, request, response, isHandled);
} }
handler
package com.config; import com.util.*;
import com.handler.CasHelpHandler;
import com.jfinal.config.Constants;
import com.jfinal.config.Handlers;
import com.jfinal.config.Interceptors;
import com.jfinal.config.JFinalConfig;
import com.jfinal.config.Plugins;
import com.jfinal.config.Routes;
import com.jfinal.ext.handler.UrlSkipHandler;
import com.jfinal.ext.route.AutoBindRoutes;
import com.jfinal.kit.PropKit;
import com.util.ConfigDBPluginHelper; /**
* API引导式配�?
*/
public class Config extends JFinalConfig { /**
* 配置常量
*/
public void configConstant(Constants me) {
// 加载少量必要配置,随后可用PropKit.get(...)获取�?
PropKit.use("config.txt");
me.setDevMode(PropKit.getBoolean("devMode", false));
} /**
* 配置路由
*/
public void configRoute(Routes me) {
me.add(new AutoBindRoutes()); // 根据xml文件配置,自动配置路由
ConfigRoutesHelper.configRouteInXml(getClass().getResource("/")+"deploy.xml", me);
} /**
* 配置插件
*/
public void configPlugin(Plugins me) {
ConfigDBPluginHelper.configSqlServerPlugin(me);
} /**
* 配置全局拦截�?
*/
public void configInterceptor(Interceptors me) { } /**
* 配置处理�?
*/
public void configHandler(Handlers me) {
// 增加例外
me.add(new CasHelpHandler());
me.add(new UrlSkipHandler("/web/",true));
me.add(new UrlSkipHandler("/$",true));
}
}
config中配置handler
如果找不到jfinal的配置文件,在web.xml中查看jfinal对应的configclass即可找到
<filter>
<filter-name>jfinal</filter-name>
<filter-class>com.jfinal.core.JFinalFilter</filter-class>
<init-param>
<param-name>configClass</param-name>
<param-value>com.config.Config</param-value>
</init-param>
</filter>
jfinal配置中configClass配置格式
4、注销操作
在调用cas服务注销登录用户的时候,不能使用ajax的方式请求,故可以使用iframe来辅助注销登录。
在页面增加一个隐形的iframe,注销的时候,将iframe的url设置为cas服务注销登录的服务,然后再iframe加载完成后,重新设置当前页面的location.href,即可达到注销的目的。
<iframe onReadystatechange ={this.directToLogin} onLoad={this.directToLogin} style={{position:"absolute",left:"-110px",width:"100px"}} ref="iframe"/>
iframe设置
loginOut:function(){
var _url=CONFIGS["logOutUrl"];
this.refs["iframe"].src=_url;
},
directToLogin:function(){
location.href=CTX;
},
调用方法
配置完成后,即对接成功~