使用cas单点登录,基本配置都已经完成了。但是最后还有个小瑕疵,就是,不能实现无缝登录。现在的状况是,登录A网站,登录成功,再打开B网站不能实现同步登录,必须,再点击B网站的登录链接才能同步登录。众所周知,第二次登录其实就是一个再次验证的拦截器的过程。我设置的拦截器,是在登录时才拦截。因为,如果设置拦截器在根目录下拦截的话就会有个问题:就是不能再未登录的情况下访问网站,打开网站首页,就会被拦截器拦截到,并跳转到登录页面,这肯定是不行的。所以,这个怎么设置呢?如何实现,既能在不登录的情况下也可以浏览网站,也可以在登录后,打开另个网站实现同步登录呢?且看我的客户端web.xml文件的配置
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置 -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener> <!-- 该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <!-- 该过滤器负责用户的认证工作,必须启用它 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://localhost:9443/cas/login</param-value>
</init-param>
<init-param>
<!--这里的server是服务端的IP -->
<param-name>serverName</param-name>
<param-value>http://localhost:8080/</param-value>
</init-param>
</filter> <filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/login</url-pattern><!-- 拦截器,拦截被登录的页面,与登录链接相呼应 -->
</filter-mapping> <!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:9443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080/</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <!-- 该过滤器负责实现HttpServletRequest请求的包裹, 比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。 -->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 比如AssertionHolder.getAssertion().getPrincipal().getName()。 -->
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <!-- 自动根据单点登录的结果设置本系统的用户信息 -->
<filter>
<display-name>AutoSetUserAdapterFilter</display-name>
<filter-name>AutoSetUserAdapterFilter</filter-name>
<filter-class>cn.jsprun.filter.AutoSetUserAdapterFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AutoSetUserAdapterFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- ======================== 单点登录结束 ======================== -->
红色字体,既是我现在设置的一个拦截器位置。各位大牛,这个怎么破。求指教。谢谢
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置 -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener> <!-- 该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <!-- 该过滤器负责用户的认证工作,必须启用它 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://localhost:9443/cas/login</param-value>
</init-param>
<init-param>
<!--这里的server是服务端的IP -->
<param-name>serverName</param-name>
<param-value>http://localhost:8080/</param-value>
</init-param>
</filter> <filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/login</url-pattern><!-- 拦截器,拦截被登录的页面,与登录链接相呼应 -->
</filter-mapping> <!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:9443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080/</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <!-- 该过滤器负责实现HttpServletRequest请求的包裹, 比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。 -->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 比如AssertionHolder.getAssertion().getPrincipal().getName()。 -->
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <!-- 自动根据单点登录的结果设置本系统的用户信息 -->
<filter>
<display-name>AutoSetUserAdapterFilter</display-name>
<filter-name>AutoSetUserAdapterFilter</filter-name>
<filter-class>cn.jsprun.filter.AutoSetUserAdapterFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AutoSetUserAdapterFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- ======================== 单点登录结束 ======================== -->
红色字体,既是我现在设置的一个拦截器位置。各位大牛,这个怎么破。求指教。谢谢
<filter-name>CASFilter</filter-name>
<url-pattern>/login</url-pattern><!-- 拦截器,拦截被登录的页面,与登录链接相呼应 --></span>
</filter-mapping>拦截器位置。在这。
有个办法是直接继承org.jasig.cas.client.util.AbstractCasFilter(这个抽象类的顶级超类是Filter),实现自己的doFilter方法,然后使用黑名单方式配置拦截路径。最后在web.xml里使用改造后的Filter方法,而不是cas的AuthenticationFilter。
package cn.jsprun.filter;import java.io.IOException;import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;import org.jasig.cas.client.authentication.DefaultGatewayResolverImpl;
import org.jasig.cas.client.authentication.GatewayResolver;
import org.jasig.cas.client.util.AbstractCasFilter;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.validation.Assertion;public class AutoAdapterFilter extends AbstractCasFilter {
/**
* The URL to the CAS Server login.
*/
private String casServerLoginUrl; /**
* Whether to send the renew request or not.
*/
private boolean renew = false; /**
* Whether to send the gateway request or not.
*/
private boolean gateway = false; private GatewayResolver gatewayStorage = new DefaultGatewayResolverImpl(); protected void initInternal(final FilterConfig filterConfig)
throws ServletException {
if (!isIgnoreInitConfiguration()) {
super.initInternal(filterConfig);
setCasServerLoginUrl(getPropertyFromInitParams(filterConfig,
"casServerLoginUrl", null));
log.trace("Loaded CasServerLoginUrl parameter: "
+ this.casServerLoginUrl);
setRenew(parseBoolean(getPropertyFromInitParams(filterConfig,
"renew", "false")));
log.trace("Loaded renew parameter: " + this.renew);
setGateway(parseBoolean(getPropertyFromInitParams(filterConfig,
"gateway", "false")));
log.trace("Loaded gateway parameter: " + this.gateway); final String gatewayStorageClass = getPropertyFromInitParams(
filterConfig, "gatewayStorageClass", null); if (gatewayStorageClass != null) {
try {
this.gatewayStorage = (GatewayResolver) Class.forName(
gatewayStorageClass).newInstance();
} catch (final Exception e) {
log.error(e, e);
throw new ServletException(e);
}
}
}
} public void init() {
super.init();
CommonUtils.assertNotNull(this.casServerLoginUrl,
"casServerLoginUrl cannot be null.");
} public final void doFilter(final ServletRequest servletRequest,
final ServletResponse servletResponse, final FilterChain filterChain)
throws IOException, ServletException {
System.out.println("开始拦截验证的拦截器了");
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
final HttpSession session = request.getSession(false);
final Assertion assertion = session != null ? (Assertion) session
.getAttribute(CONST_CAS_ASSERTION) : null;
// Object object = request.getSession().getAttribute(
// "_const_cas_assertion_");
if (assertion != null) {
filterChain.doFilter(request, response);
return;
} final String serviceUrl = constructServiceUrl(request, response);
System.out.println("serviceUrl:"+serviceUrl);
final String ticket = CommonUtils.safeGetParameter(request,
getArtifactParameterName());
final boolean wasGatewayed = this.gatewayStorage.hasGatewayedAlready(
request, serviceUrl); if (CommonUtils.isNotBlank(ticket) || wasGatewayed) {
filterChain.doFilter(request, response);
return;
} final String modifiedServiceUrl; log.debug("no ticket and no assertion found");
if (this.gateway) {
log.debug("setting gateway attribute in session");
modifiedServiceUrl = this.gatewayStorage.storeGatewayInformation(
request, serviceUrl);
} else {
modifiedServiceUrl = serviceUrl;
} if (log.isDebugEnabled()) {
log.debug("Constructed service url: " + modifiedServiceUrl);
} final String urlToRedirectTo = CommonUtils.constructRedirectUrl(
this.casServerLoginUrl, getServiceParameterName(),
modifiedServiceUrl, this.renew, this.gateway); if (log.isDebugEnabled()) {
log.debug("redirecting to \"" + urlToRedirectTo + "\"");
}
// System.out.println("assertion:" + assertion);
// System.out.println("object:"+object);
// if (ticket == null && wasGatewayed == false && object != null) {
// System.out.println("登录情况下,未显示名字!!BBS");
// // 未登录情况下,跳转到首页显示
// filterChain.doFilter(request, response);
// return;
// }
// // 直接登录,显示首页!
response.sendRedirect(urlToRedirectTo);
} public final void setRenew(final boolean renew) {
this.renew = renew;
} public final void setGateway(final boolean gateway) {
this.gateway = gateway;
} public final void setCasServerLoginUrl(final String casServerLoginUrl) {
this.casServerLoginUrl = casServerLoginUrl;
} public final void setGatewayStorage(final GatewayResolver gatewayStorage) {
this.gatewayStorage = gatewayStorage;
}
}