howto:cas配置

CasServer配置：

1.用keytool 生成 CasServer 所在主机的证书（keystore），并导出(crt文件)。

2.配置Tomcat server.xml 指明证书位置

 

CasClient配置：

将CasServer所在主机证书导入CasClient主机jre的受信目录

Casclient应用导入依赖文件。配置web.xml，添加过滤器

 

 

注意：

web.xml  请求地址的配置。

 

web.xml 配置：

<!-- ======================== 单点登录开始 ======================== -->

<listener>

    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>

</listener>

 

<!-- 该过滤器用于实现单点登出功能，可选配置。 -->

<filter>

    <filter-name>CAS Single Sign Out Filter</filter-name>

    <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>

</filter>

<filter-mapping>

    <filter-name>CAS Single Sign Out Filter</filter-name>

    <url-pattern>/*</url-pattern>

</filter-mapping>

 

<!-- 该过滤器负责用户的认证工作，必须启用它 -->

<filter>

    <filter-name>CASFilter</filter-name>

    <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>

    <init-param>

        <param-name>casServerLoginUrl</param-name>

        <param-value>https://cas.misquest.com:8443/login</param-value>

        <!--这里的server是服务端的IP-->

    </init-param>

    <init-param>

        <param-name>serverName</param-name>

        <param-value>http://cas.misquest.com:8080</param-value>

    </init-param>

</filter>

<filter-mapping>

    <filter-name>CASFilter</filter-name>

    <url-pattern>/*</url-pattern>

</filter-mapping>

 

<!-- 该过滤器负责对Ticket的校验工作，必须启用它 -->

<filter>

    <filter-name>CAS Validation Filter</filter-name>

    <filter-class>

        org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>

    <init-param>

        <param-name>casServerUrlPrefix</param-name>

        <param-value>https://cas.misquest.com:8443</param-value>

    </init-param>

    <init-param>

        <param-name>serverName</param-name>

        <param-value>http://cas.misquest.com:8080</param-value>

    </init-param>

</filter>

<filter-mapping>

    <filter-name>CAS Validation Filter</filter-name>

    <url-pattern>/*</url-pattern>

</filter-mapping>

<!--<br>

    该过滤器负责实现HttpServletRequest请求的包裹，<br>

    比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名，可选配置。<br>

-->

<filter>

    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>

    <filter-class>

        org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>

</filter>

<filter-mapping>

    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>

    <url-pattern>/*</url-pattern>

</filter-mapping>

 

<!--<br>

    该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。<br>

    比如AssertionHolder.getAssertion().getPrincipal().getName()。<br>

-->

<filter>

    <filter-name>CAS Assertion Thread Local Filter</filter-name>

    <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>

</filter>

<filter-mapping>

    <filter-name>CAS Assertion Thread Local Filter</filter-name>

    <url-pattern>/*</url-pattern>

</filter-mapping>

 

 

<!-- ======================== 单点登录结束 ======================== -->

 

pom文件修改：

 

添加dependency：

 

  <dependency>

       <groupId>org.jasig.cas</groupId>

       <artifactId>cas-client-core</artifactId>

        <version>3.1.10</version>

    </dependency>

 

获取登录用户名：

AssertionHolder.getAssertion().getPrincipal().getName();

 

脚本中包含导入证书关键代码。