CAS客户端配置及定制

一、   配置CAS客户端及个性化定制

目前实现了由cas统一认证登陆，但用户在每个系统的权限由各个系统自己进行验证，相当于各个系统根据返回的用户信息后台登陆了一次。

因为我们的系统需要支持内外网址都能访问，因此我对cas客户端做了一些修改，主要是访问地址的修改。

Web.xml中的配置信息如下：

<!--单点登出 -->

<filter>

<filter-name>CASSingle Sign Out Filter</filter-name>

<filter-class>cas.session.SingleSignOutFilter</filter-class>

</filter>

<filter-mapping>

<filter-name>CASSingle Sign Out Filter</filter-name>

<url-pattern>/*</url-pattern>

扫描二维码关注公众号，回复： 10246525 查看本文章

</filter-mapping>

<listener>

<listener-class>cas.session.SingleSignOutHttpSessionListener</listener-class>

</listener>

<!--单点登录 -->

<filter>

<filter-name>CASAuthentication Filter</filter-name>

<filter-class>cas.authentication.AuthenticationFilter</filter-class>

<!--CAS login 服务地址-->

<init-param>

<param-name>casServerLoginUrl</param-name>

<param-value>https://cas.server:8443/cas/login</param-value>

</init-param>

<init-param>

<param-name>renew</param-name>

<param-value>false</param-value>

</init-param>

<init-param>

<param-name>gateway</param-name>

<param-value>false</param-value>

</init-param>

<!--客户端应用服务地址-->

<init-param>

<param-name>serverName</param-name>

<param-value>http://localhost:9999/</param-value>

</init-param>

<init-param>

<param-name>service</param-name>

<param-value>http://localhost:9999/ewp/login/doLogin</param-value>

</init-param>

</filter>

<!--负责Ticket校验-->

<filter>

<filter-name>CASValidation Filter</filter-name>

<filter-class>cas.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>

<init-param>

<param-name>casServerUrlPrefix</param-name>

<param-value>https://cas.server:8443/cas</param-value>

</init-param>

<init-param>

<param-name>serverName</param-name>

<param-value>http://localhost:9999</param-value><!--这里写客户端的端口号-->

</init-param>

<init-param>

<param-name>service</param-name>

<param-value>http://localhost:9999/ewp/login/doLogin</param-value>

</init-param>

<init-param>

<param-name>useSession</param-name>

<param-value>true</param-value>

</init-param>

<init-param>

<param-name>redirectAfterValidation</param-name>

<param-value>true</param-value>

</init-param>

</filter>

<filter>

<filter-name>CASHttpServletRequestWrapperFilter</filter-name>

<filter-class>cas.util.HttpServletRequestWrapperFilter</filter-class>

</filter>

<filter>

<filter-name>CASAssertion Thread Local Filter</filter-name>

<filter-class>cas.util.AssertionThreadLocalFilter</filter-class>

</filter>

<filter-mapping>

<filter-name>CASAuthentication Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>CASValidation Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>CASHttpServletRequestWrapperFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>CASAssertion Thread Local Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

主要修改了以下几点：

1、修改AuthenticationFilter文件中的doFilter

publicfinal void doFilter(final ServletRequestservletRequest, final ServletResponseservletResponse,final FilterChainfilterChain) throws IOException, ServletException {

finalHttpServletRequestrequest = (HttpServletRequest) servletRequest;

finalHttpServletResponseresponse = (HttpServletResponse) servletResponse;

finalHttpSessionsession = request.getSession(false);

finalString ticket = request.getParameter(getArtifactParameterName());

finalAssertion assertion = session != null ? (Assertion) session

               .getAttribute(CONST_CAS_ASSERTION) : null;

finalbooleanwasGatewayed= session != null

&&session.getAttribute(CONST_CAS_GATEWAY)!= null;

        //判断是否为注销的url参数中带有isToLogout=1参数的url均认为是系统注销的url

 StringisToLogout=request.getParameter("isToLogout");

if(CommonUtils.isBlank(ticket) && assertion == null && !wasGatewayed&& !("1".equals(isToLogout))) {

log.debug("noticket and no assertion found");

if(this.gateway) {

log.debug("settinggateway attribute in session");

request.getSession(true).setAttribute(CONST_CAS_GATEWAY,"yes");

            }

finalString serviceUrl = constructServiceUrl(request, response,"auth");

 //从配置文件中取出cas服务器的登陆地址

           Map<String,String>config=CustomConfigUtil.getCustomConfig(request.getServletContext(), request);

this.casServerLoginUrl=config.get("authServerUrl").toString();

 

finalString urlToRedirectTo =CommonUtils.constructRedirectUrl(this.casServerLoginUrl,getServiceParameterName(), serviceUrl, this.renew, this.gateway);

if(log.isDebugEnabled()) {

log.debug("redirectingto \"" + urlToRedirectTo + "\"");

            }

response.sendRedirect(urlToRedirectTo);

return;

        }

if(session != null) {

log.debug("removinggateway attribute from session");

session.setAttribute(CONST_CAS_GATEWAY,null);

        }

filterChain.doFilter(request,response);

}

2、修改文件AbstractCasFilter中的constructServiceUrl

protectedfinal String constructServiceUrl(final HttpServletRequest request, finalHttpServletResponseresponse,final String type) {

 //从配置文件中取出cas服务器的登陆地址

       Map<String,String>config= CustomConfigUtil.getCustomConfig(request.getServletContext(),request);

if("auth".equals(type)){

this.serverName=config.get("localAuthServerName").toString();

this.service=config.get("localAuthServiceUrl").toString();

}else if("validation".equals(type)){

           this.serverName=config.get("localValidationServerName").toString();

this.service=config.get("localValidationServiceUrl").toString();

        }

returnCommonUtils.constructServiceUrl(request,response, this.service, this.serverName, this.artifactParameterName,this.encodeServiceUrl);

附上customConfig源码：

package cn.com.wz


/**
 * @Description 系统配置公共方法类
 * @Author: huxx
 * @createTime: 2013-5-28 上午11:25
 */
class CustomConfigUtil {
    /**
     * @Description 获取属性文件中的属性信息
     * @param servletContext ，request 可以为null，如果为null就取工作流内部地址
     * @return
     * @create huxx 2013-05-28
     */
    static Map<String,String> getCustomConfig(def servletContext,def request){
        def result=[:]
        def realPath=servletContext.getRealPath('/data/config.xml')
        def xml=FileUtil.readXML(realPath)


        result.appCode="${xml.app.appCode}"    //应用系统编码
        result.defaultCategoryId="${xml.home.defaultCategoryId}" //页面默认栏目ids
        result.defaultChecked="${xml.home.defaultChecked}" //页面默认选中栏目ids
        result.inWFRootUrl="${xml.home.inWFRootUrl}"   //工作流内部根地址
        result.outWFRootUrl="${xml.home.outWFRootUrl}" //工作流外部根地址
        result.inEWPRootUrl="${xml.home.inRootUrl}" //EWP内部跟地址
        result.outEWPRootUrl="${xml.home.outRootUrl}"//EWP外部根地址
        result.isSSO="${xml.isSSO}"


        //判断ewp请求是从外网访问还是从内网访问，判断使用工作流的外网地址还是内网地址
        String rootUrl=""
        String authServerUrl=""
        String localAuthServiceUrl=""
        String localAuthServerName=""


        String validationServerUrl=""
        String localValidationServiceUrl=""
        String localValidationServerName=""
        String logoutUrl=""
        if (request){
            def url=request.getRequestURL()
            def outRootUrl="${xml.home.outRootUrl}"


            if (url.toString().toUpperCase().indexOf(outRootUrl.toString().toUpperCase())>=0){
                rootUrl="${xml.home.outWFRootUrl}"


                authServerUrl="${xml.cas.authserver.outurl}"
                localAuthServiceUrl="${xml.cas.localauthserviceurl.outurl}"
                localAuthServerName= "${xml.cas.localauthservername.outurl}"


                validationServerUrl="${xml.cas.validationserver.outurl}"
                localValidationServiceUrl="${xml.cas.localvalidationserviceurl.outurl}"
                localValidationServerName= "${xml.cas.localvalidationservername.outurl}"


                logoutUrl="${xml.cas.logout.outurl}"
            }else{
                rootUrl="${xml.home.inWFRootUrl}"


                authServerUrl="${xml.cas.authserver.inurl}"
                localAuthServiceUrl="${xml.cas.localauthserviceurl.inurl}"
                localAuthServerName= "${xml.cas.localauthservername.inurl}"


                validationServerUrl="${xml.cas.validationserver.inurl}"
                localValidationServiceUrl="${xml.cas.localvalidationserviceurl.inurl}"
                localValidationServerName= "${xml.cas.localvalidationservername.inurl}"


                logoutUrl="${xml.cas.logout.inurl}"
            }
        }else{
            rootUrl="${xml.home.inWFRootUrl}"


            authServerUrl="${xml.cas.authserver.inurl}"
            localAuthServiceUrl="${xml.cas.localauthserviceurl.inurl}"
            localAuthServerName= "${xml.cas.localauthservername.inurl}"


            validationServerUrl="${xml.cas.validationserver.inurl}"
            localValidationServiceUrl="${xml.cas.localvalidationserviceurl.inurl}"
            localValidationServerName= "${xml.cas.localvalidationservername.inurl}"


            logoutUrl="${xml.cas.logout.inurl}"
        }
        result.logoutUrl=logoutUrl
        result.authServerUrl=authServerUrl
        result.localAuthServiceUrl=localAuthServiceUrl
        result.localAuthServerName= localAuthServerName


        result.validationServerUrl=validationServerUrl
        result.localValidationServiceUrl=localValidationServiceUrl
        result.localValidationServerName= localValidationServerName


        result.rootUrl=rootUrl
        result.getBackLogUrl="${xml.home.getBackLogUrl}"
        result.getmessages="${xml.home.getmessages}"
        result.uploadRootDir="${xml.upload.rootDir}"
        result.noNeedLoginUrl="${xml.security.noNeedLoginUrl}".toString()
        return result
    }
}

配置文件信息：

<?xml version="1.0" encoding="UTF-8"?>
<wz>
    <app>
        <appCode>app_ewp</appCode>
    </app>
<home>
<defaultCategoryId>div_userInfo,div_linkTools,div_links;div_workFlow,div_schedule,div_message,div_address;div_bookTicket,div_itAndPro,div_activity,div_ygwy,div_gszd,div_qywh</defaultCategoryId>
<defaultChecked>div_userInfo,div_linkTools,div_workFlow,div_schedule,div_message,div_address,div_bookTicket,div_itAndPro,div_activity,div_links,div_gszd,div_ygwy,div_qywh</defaultChecked>
<inWFRootUrl>http://192.168.1.162/</inWFRootUrl>
            <outWFRootUrl>http://wf.wuzheng.com.cn/</outWFRootUrl>


            <inRootUrl>http://192.168.1.8/</inRootUrl>
            <outRootUrl>http://192.168.107.24:9999/ewp/</outRootUrl>


<getBackLogUrl>interfaces/getBackLog</getBackLogUrl>
<getmessages>message/processMessages</getmessages>
</home>
    <cas>
        <authserver>
            <inurl>https://cas.server:8443/cas</inurl>
            <outurl>https://192.168.107.8:8443/cas</outurl>
        </authserver>
        <localauthservername>
            <inurl></inurl>
            <outurl></outurl>
        </localauthservername>
        <localauthserviceurl>
            <inurl>http://localhost:9999/ewp/login/doLogin</inurl>
            <outurl>http://192.168.107.24:9999/ewp/login/doLogin</outurl>
        </localauthserviceurl>


        <validationserver>
            <inurl>https://cas.server:8443/cas</inurl>
            <outurl>https://192.168.107.8:8443/cas</outurl>
        </validationserver>
        <localvalidationservername>
            <inurl>http://localhost:9999</inurl>
            <outurl>http://192.168.107.24:9999</outurl>
        </localvalidationservername>


        <localvalidationserviceurl>
            <inurl></inurl>
            <outurl></outurl>
        </localvalidationserviceurl>


        <logout>
            <inurl>https://cas.server:8443/cas/logout</inurl>
            <outurl>https://192.168.107.8:8443/cas/logout</outurl>
        </logout>
    </cas>
    <upload>
        <rootDir>D:</rootDir>
    </upload>
    <!--安全相关的配置-->
    <security>
        <!--不需进行登录验证的url，每个不需登录验证的url后要加上下划线“_”-->
        <noNeedLoginUrl>/_</noNeedLoginUrl>
        <noNeedLoginUrl>/login/doLogin_</noNeedLoginUrl>
        <noNeedLoginUrl>/login/doLoginForCas_</noNeedLoginUrl>
        <noNeedLoginUrl>/login/login_</noNeedLoginUrl>
        <noNeedLoginUrl>/common/ajax_</noNeedLoginUrl>
        <noNeedLoginUrl>/ShortMessage/sendForWF_</noNeedLoginUrl>
    </security>


   <isSSO>1</isSSO>
</wz>