cas_client之代理配置-创新互联
本环境基于cas3.4.2进行配置,3个tomcat环境:单点登录tomcat、代理tomcat和被代理tomcat。目的是通过代理app1访问被代理app2,此配置完全根据源代码分析而来(因此基础好的直接读源代码研究更好)。
1、单点登录tomcat发布配置,网上有很多资料,不在赘述。
2、代理app配置:网上有说
AuthenticationFilter和Cas20ProxyReceivingTicketValidationFilter2个过滤器顺序需要调换,其实是错误的,把握好以下红色字体足以。 proxyCallback网上介绍的很草率,这里只需要在代理端新建一个servlet作为代理url即可,内部逻辑什么都不用做。
CAS Authentication Filter org.jasig.cas.client.authentication.AuthenticationFilter casServerLoginUrl http://127.0.0.1:8081/tjsso/login serverName http://127.0.0.1:8080 CAS Validation Filter org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter casServerUrlPrefix http://127.0.0.1:8081/tjsso serverName http://127.0.0.1:8080 useSession true redirectAfterValidation true CAS HttpServletRequest Wrapper Filter org.jasig.cas.client.util.HttpServletRequestWrapperFilter CAS Assertion Thread Local Filter org.jasig.cas.client.util.AssertionThreadLocalFilter CAS Validation Filter /proxyCallback CAS Authentication Filter /* CAS Validation Filter /* CAS HttpServletRequest Wrapper Filter /* CAS Assertion Thread Local Filter /*
3、被代理app配置:
CAS Authentication Filter org.jasig.cas.client.authentication.AuthenticationFilter casServerLoginUrl http://127.0.0.1:8081/tjsso/login serverName http://127.0.0.1:8080 CAS Validation Filter org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter casServerUrlPrefix http://127.0.0.1:8081/tjsso serverName http://127.0.0.1:8080 useSession true redirectAfterValidation true CAS HttpServletRequest Wrapper Filter org.jasig.cas.client.util.HttpServletRequestWrapperFilter CAS Assertion Thread Local Filter org.jasig.cas.client.util.AssertionThreadLocalFilter CAS Authentication Filter /* CAS Validation Filter /* CAS HttpServletRequest Wrapper Filter /* CAS Assertion Thread Local Filter /*
4、实例验证,在代理端新建一个servlet,我这里就是上述配置的
casProxyTest
源码如下:
com.supermap.proxy;
org.jasig.cas.client.authentication.AttributePrincipal;
org.jasig.cas.client.util.AssertionHolder;
javax.servlet.ServletException;
javax.servlet.http.HttpServlet;
javax.servlet.http.HttpServletRequest;
javax.servlet.http.HttpServletResponse;
java.io.BufferedReader;
java.io.IOException;
java.io.InputStreamReader;
java.io.OutputStream;
java.net.HttpURLConnection;
java.net.URL;
java.net.URLEncoder;
CasProxyTestServlet HttpServlet {
doGet(HttpServletRequest req, HttpServletResponse resp)
ServletException, IOException {
(req, resp);
}
(HttpServletRequest req, HttpServletResponse resp)
ServletException, IOException {
AttributePrincipal principal = AssertionHolder.().getPrincipal();
String proxyTicket = principal.getProxyTicketFor();
URL url = URL(+ URLEncoder.(proxyTicket, ));
HttpURLConnection conn = (HttpURLConnection)url.openConnection();
conn.setDoOutput();
conn.setDoInput();
OutputStream out = conn.getOutputStream();
out.write((+URLEncoder.(proxyTicket, )).getBytes());
out.flush();
out.close();
BufferedReader br = BufferedReader(InputStreamReader(conn.getInputStream(), ));
StringBuffer content = StringBuffer();
String line = ;
((line=br.readLine()) != ) {
content.append(line).append();
}
resp.getWriter().write(content.toString());
}
}总结:其中的原理在网上有很多资料介绍,最主要还是需要个人去研读源代码,把握核心。
另外有需要云服务器可以了解下创新互联scvps.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。
本文题目:cas_client之代理配置-创新互联
链接地址:http://myzitong.com/article/ccesed.html