一、部署
1、添加客户端到你的项目中
·手动下载下载cas-client,地址:http://www.ja-sig.org/downloads/cas-clients/,然后解压cas-client-3.1.12.zip,在modules文件夹中有需要的jar包, 请根据自己的项目情况选择使用,把相应的jar包放到你项目WEB-INF/lib下。
我使用的是 cas-client-3.2.1-release ,需要拷贝如下的包到指定目录下:
cas-client-core-3.2.1
cas-client-integration-tomcat-v7-3.2.1
commons-logging-1.1
commons-codec-1.4
·使用maven
- <!-- cas -->
- <dependency>
- <groupId>org.jasig.cas.client</groupId>
- <artifactId>cas-client-core</artifactId>
- <version>3.1.12</version>
- </dependency>
二、配置
在客户端项目的web.xml配置过滤器
- <!-- ======================== 单点登录开始 ======================== -->
- <!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置 -->
- <listener>
- <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
- </listener>
- <!-- 该过滤器用于实现单点登出功能,可选配置。 -->
- <filter>
- <filter-name>CAS Single Sign Out Filter</filter-name>
- <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>CAS Single Sign Out Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!-- 该过滤器负责用户的认证工作,必须启用它 -->
- <filter>
- <filter-name>CASFilter</filter-name>
- <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
- <init-param>
- <param-name>casServerLoginUrl</param-name>
- <param-value>https://www.travel.com:8443/cas/login</param-value>
- <!--这里的server是服务端的IP -->
- </init-param>
- <init-param>
- <param-name>serverName</param-name>
- <param-value>http://www.travel.com:8080</param-value><span style="color:#FF0000;"> ①</span>
- </init-param>
- </filter>
- <filter-mapping>
- <filter-name>CASFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
- <filter>
- <filter-name>CAS Validation Filter</filter-name>
- <filter-class>
- org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
- <init-param>
- <param-name>casServerUrlPrefix</param-name>
- <param-value>https://www.travel.com:8443/cas</param-value>
- </init-param>
- <init-param>
- <param-name>serverName</param-name>
- <param-value>http://www.travel.com:8080</param-value> <span style="color:#FF0000;">②</span>
- </init-param>
- </filter>
- <filter-mapping>
- <filter-name>CAS Validation Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!-- 该过滤器负责实现HttpServletRequest请求的包裹, 比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。 -->
- <filter>
- <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
- <filter-class>
- org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 比如AssertionHolder.getAssertion().getPrincipal().getName()。 -->
- <filter>
- <filter-name>CAS Assertion Thread Local Filter</filter-name>
- <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>CAS Assertion Thread Local Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!-- ======================== 单点登录结束 ======================== -->
三、常见错误:
错误1、
若出现以上错原因是:你在客户端的web.xml中①,②的配置有误。
问题2、
- javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
- PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
- unable to find valid certification path to requested target
若出现次错误是有与你客户端的证书有问题。重新导入你证书。
相关链接: http://www.jyothis.co.in/2011/11/12/javax-net-ssl-sslhandshakeexception/
问题3:TOMCAT 严重: Error filterStart
缺少必要的 jar 包,要是 tomcat 支持 cas-client,需要如下jar 包:
cas-client-core-3.2.1
cas-client-integration-tomcat-v7-3.2.1
commons-logging-1.1
commons-codec-1.4
问题4:(windows xp已导入证书) 严重: java.security.cert.CertificateException: No name matching ctsso.zte.com.cn found
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ctsso.zte.com.cn found
This happens because, quoting from lots of places out there:
翻译过来就是: 制作证书时,输入的 CN 名称必须和 URL的主机域名 一样(java的默认验证规则),否则就会出现上述错误Java by default verifies that the certificate CN (Common Name) is the same as host name in the URL. If the CN in the certificate is not the same as the host name, your web service client fails.