web.config
<listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <!-- 用于单点登录 --> <filter> <filter-name>CAS Filter</filter-name> <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class> <init-param> <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name> <param-value>http://server:8080/cas/login</param-value> </init-param> <init-param> <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name> <param-value>http://server:8080/cas/serviceValidate</param-value> </init-param> <init-param> <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name> <param-value>client:8200</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Filter</filter-name> <url-pattern>/admin/*</url-pattern> </filter-mapping>
核心代码:
private boolean isValidSession(ServletRequest request) { HttpServletRequest objHttpRequest = (HttpServletRequest)request; String strIsLogin = (String)objHttpRequest.getSession(). getAttribute(ComtopGlobalConstants.SECURITY_LOGIN_KEY); boolean bIsValid = ComtopGlobalConstants.SECURITY_IS_LOGIN.equals(strIsLogin); if(!bIsValid && logger.isDebugEnabled()) { logger.debug(" AAAAAValid " + System.currentTimeMillis()); logger.debug("Session无效,请求:" + objHttpRequest.getRequestURI()); }