这一段时间有同事在问CAS -Client的问题这里就基本问分析一下
1)由于CAS-Server 登录后客户端会记入自动session中(部署WebApp-Server)?
? ? 所以我们只需要获取对应的Principal 在获取其中的信息
?
2)根据Principal 注册登录
HttpServletResponse resp = (HttpServletResponse)response;
HttpSession session = req.getSession();
if (session != null) {
Object obj = session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
if (obj != null) {
Assertion assertion = (Assertion)obj;
AttributePrincipal p= assertion.getPrincipal();
session.setAttribute("user", true);
}
}
?
3)定义权限过虑器
package com.zk.xx.login.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.util.AbstractCasFilter;
import org.jasig.cas.client.validation.Assertion;
/**
* Servlet Filter implementation class LoginFilter
* @author LiuQing
* 2010-10-05 11:45:56
*/
@WebFilter("/*")
public class LoginFilter implements Filter {
/**
* Default constructor.
*/
public LoginFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
//String uri = req.getServletContext().getContextPath();
String actionName = req.getServletPath();
//System.out.println(uri + " " + m);
HttpServletResponse resp = (HttpServletResponse)response;
HttpSession session = req.getSession();
if (session != null) {
Object obj = session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
if (obj != null) {
Assertion assertion = (Assertion)obj;
AttributePrincipal p= assertion.getPrincipal();
session.setAttribute("user", true);
}
}
if ("/login".equals(actionName)) {
req.getSession(true).setAttribute("user",true);
}
else if ("/logout".equals(actionName)) {
if (req.getSession() != null) {
req.getSession().removeAttribute("user");
}
}
if (req.getSession() == null || req.getSession().getAttribute("user") == null) {
RequestDispatcher disp = req.getRequestDispatcher("/login.jsp");
disp.forward(req, resp);
}
else {
chain.doFilter(req, resp);
}
}
}
?
4)web.xml 文件
?
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>demo1</display-name> <context-param> <param-name>serverName</param-name> <param-value>http://localhost:1010</param-value> </context-param> <filter> <filter-name>SsoSession</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://localhost/cas/login</param-value> </init-param> <init-param> <param-name>ignorePattern</param-name> <param-value>http://localhost:1010/demoSSn01/login.jsp|/static/css/|/static/js/|http://localhost:1010/demoSSn01/$|http://localhost:1010/demoSSn01/login$|http://localhost:1010/demoSSn01/logout$</param-value> </init-param> </filter> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://localhost/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:1010</param-value> </init-param> </filter> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter-mapping> <filter-name>SsoSession</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> </welcome-file-list> </web-app>
?
?
?
?
?
?
?
原文:http://mianhuaman.iteye.com/blog/2224250