jfinal集成cas单点认证实践
Posted 向_日_葵
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了jfinal集成cas单点认证实践相关的知识,希望对你有一定的参考价值。
本示例jfinal集成cas单点认证,采用获取到登录用户session信息后,在本地站点备份一份session信息,主要做以下几个步骤:
1、站点引入响应jar包;
2、在web.xml中配置对应过滤器;
3、增加拦截handler,并在jfinal的config中配置。
4、注销操作
此次示例在handler中获取登录用户session,并设置本站点session。
详细介绍如下:
1、引入jar包
需要引入两个jar包:cas-client-core-3.2.2.jar和commons-logging-1.2.jar;
将两个jar包放入站点WEB-INFO/lib下即可;
2、在web.xml中配置对应过滤器
1 <?xml version="1.0" encoding="UTF-8"?> 2 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> 3 <context-param> 4 <param-name>getAuthMenuUrl</param-name> 5 <param-value>http://192.168.2.175:8082/hebswj_yw/api/modulePermis/</param-value> 6 </context-param> 7 <context-param> 8 <param-name>homePageUrl</param-name> 9 <param-value>http://192.168.2.175:8082/hebswj/index.jsp</param-value> 10 </context-param> 11 12 <!-- ========================集成CAS单点登录模块 开始=========================== --> 13 <!-- 1.CAS单点登出 --> 14 <listener> 15 <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> 16 </listener> 17 <filter> 18 <filter-name>CAS Single Sign Out Filter</filter-name> 19 <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> 20 </filter> 21 <filter-mapping> 22 <filter-name>CAS Single Sign Out Filter</filter-name> 23 <url-pattern>/*</url-pattern> 24 </filter-mapping> 25 26 <!-- 2.CAS单点登录 --> 27 <filter> 28 <filter-name>CASFilter</filter-name> 29 <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> 30 <init-param> 31 <param-name>casServerLoginUrl</param-name> 32 <param-value>http://192.168.2.175:8082/cas/login</param-value> 33 </init-param> 34 <init-param> 35 <param-name>serverName</param-name> 36 <param-value>http://127.0.0.1</param-value> 37 </init-param> 38 </filter> 39 <filter-mapping> 40 <filter-name>CASFilter</filter-name> 41 <url-pattern>/*</url-pattern> 42 </filter-mapping> 43 44 <!-- 3.CAS票据验证 --> 45 <filter> 46 <filter-name>CAS Validation Filter</filter-name> 47 <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> 48 <init-param> 49 <param-name>casServerUrlPrefix</param-name> 50 <param-value>http://192.168.2.175:8082/cas</param-value> 51 </init-param> 52 <init-param> 53 <param-name>serverName</param-name> 54 <param-value>http://127.0.0.1</param-value> 55 </init-param> 56 <init-param> 57 <param-name>encoding</param-name> 58 <param-value>UTF-8</param-value> 59 </init-param> 60 </filter> 61 <filter-mapping> 62 <filter-name>CAS Validation Filter</filter-name> 63 <url-pattern>/*</url-pattern> 64 </filter-mapping> 65 66 <!--4. CAS HttpServletRequest Wrapper Filter 这个是HttpServletRequet的包裹类,让他支持getUserPrincipal,getRemoteUser方法来取得用户信息--> 67 <filter> 68 <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> 69 <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> 70 </filter> 71 <filter-mapping> 72 <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> 73 <url-pattern>/*</url-pattern> 74 </filter-mapping> 75 76 <!--5. CAS Assertion Thread Local Filter 这个类把Assertion信息放在ThreadLocal变量中,这样应用程序不在web层也能够获取到当前登录信息--> 77 <filter> 78 <filter-name>CAS Assertion Thread Local Filter</filter-name> 79 <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> 80 </filter> 81 <filter-mapping> 82 <filter-name>CAS Assertion Thread Local Filter</filter-name> 83 <url-pattern>/*</url-pattern> 84 </filter-mapping> 85 <!-- ========================集成CAS单点登录模块 结束=========================== --> 86 87 <filter> 88 <filter-name>jfinal</filter-name> 89 <filter-class>com.jfinal.core.JFinalFilter</filter-class> 90 <init-param> 91 <param-name>configClass</param-name> 92 <param-value>com.config.Config</param-value> 93 </init-param> 94 </filter> 95 96 <filter-mapping> 97 <filter-name>jfinal</filter-name> 98 <url-pattern>/*</url-pattern> 99 </filter-mapping> 100 101 <welcome-file-list> 102 <welcome-file>web/index.jsp</welcome-file> 103 </welcome-file-list> 104 </web-app>
注:cas的过滤器需要配置在jfinal过滤器前面,否则在handler中获取不到传入的登录用户session信息;
web.xml中配置的serverName当前地址必须为ip地址,不可为127.0.0.1,具体原因还不清楚,待后续研究。
3、增加拦截handler,并在jfinal中配置
1 package com.handler; 2 3 import java.io.Console; 4 import java.util.Map; 5 import javax.servlet.http.HttpServletRequest; 6 import javax.servlet.http.HttpServletResponse; 7 import org.jasig.cas.client.authentication.AttributePrincipal; 8 import com.jfinal.handler.Handler; 9 import com.model.User; 10 11 /** 12 * 用于cas验证辅助使用,并存储用户信息到session 13 * @author sunflower 14 * 15 */ 16 public class CasHelpHandler extends Handler{ 17 18 @Override 19 public void handle(String target, HttpServletRequest request, 20 HttpServletResponse response, boolean[] isHandled) { 21 22 int index = target.lastIndexOf(";jsessionid"); 23 24 if(index>-1){ 25 target = index==-1?target:target.substring(0, index); 26 } 27 28 AttributePrincipal principal1 = (AttributePrincipal) request.getUserPrincipal(); 29 Map<String, Object> userMap = principal1.getAttributes(); 30 31 if(userMap!=null){ 32 User user=new User(); 33 user.setUserId(userMap.get("UserId").toString()); 34 user.setUserName(userMap.get("RealName").toString()); 35 user.setDeptId(userMap.get("DeptId").toString()); 36 user.setRoleId(userMap.get("RoleId").toString()); 37 request.getSession().setAttribute("user",user); 38 } 39 40 nextHandler.handle(target, request, response, isHandled); 41 } 42 43 }
1 package com.config; 2 3 import com.util.*; 4 import com.handler.CasHelpHandler; 5 import com.jfinal.config.Constants; 6 import com.jfinal.config.Handlers; 7 import com.jfinal.config.Interceptors; 8 import com.jfinal.config.JFinalConfig; 9 import com.jfinal.config.Plugins; 10 import com.jfinal.config.Routes; 11 import com.jfinal.ext.handler.UrlSkipHandler; 12 import com.jfinal.ext.route.AutoBindRoutes; 13 import com.jfinal.kit.PropKit; 14 import com.util.ConfigDBPluginHelper; 15 16 /** 17 * API引导式配�? 18 */ 19 public class Config extends JFinalConfig { 20 21 /** 22 * 配置常量 23 */ 24 public void configConstant(Constants me) { 25 // 加载少量必要配置,随后可用PropKit.get(...)获取�? 26 PropKit.use("config.txt"); 27 me.setDevMode(PropKit.getBoolean("devMode", false)); 28 } 29 30 /** 31 * 配置路由 32 */ 33 public void configRoute(Routes me) { 34 me.add(new AutoBindRoutes()); 35 36 // 根据xml文件配置,自动配置路由 37 ConfigRoutesHelper.configRouteInXml(getClass().getResource("/")+"deploy.xml", me); 38 } 39 40 /** 41 * 配置插件 42 */ 43 public void configPlugin(Plugins me) { 44 ConfigDBPluginHelper.configSqlServerPlugin(me); 45 } 46 47 /** 48 * 配置全局拦截�? 49 */ 50 public void configInterceptor(Interceptors me) { 51 52 } 53 54 /** 55 * 配置处理�? 56 */ 57 public void configHandler(Handlers me) { 58 // 增加例外 59 me.add(new CasHelpHandler()); 60 me.add(new UrlSkipHandler("/web/",true)); 61 me.add(new UrlSkipHandler("/$",true)); 62 } 63 }
如果找不到jfinal的配置文件,在web.xml中查看jfinal对应的configclass即可找到
1 <filter> 2 <filter-name>jfinal</filter-name> 3 <filter-class>com.jfinal.core.JFinalFilter</filter-class> 4 <init-param> 5 <param-name>configClass</param-name> 6 <param-value>com.config.Config</param-value> 7 </init-param> 8 </filter>
4、注销操作
在调用cas服务注销登录用户的时候,不能使用ajax的方式请求,故可以使用iframe来辅助注销登录。
在页面增加一个隐形的iframe,注销的时候,将iframe的url设置为cas服务注销登录的服务,然后再iframe加载完成后,重新设置当前页面的location.href,即可达到注销的目的。
1 <iframe onReadystatechange ={this.directToLogin} onLoad={this.directToLogin} style={{position:"absolute",left:"-110px",width:"100px"}} ref="iframe"/>
1 loginOut:function(){ 2 var _url=CONFIGS["logOutUrl"]; 3 this.refs["iframe"].src=_url; 4 }, 5 directToLogin:function(){ 6 location.href=CTX; 7 },
配置完成后,即对接成功~
以上是关于jfinal集成cas单点认证实践的主要内容,如果未能解决你的问题,请参考以下文章