cas 分为服务端,与客户端,那么客户端如何与服务端进行交互呢,或者说服务端发送的response报文客户端如何接收呢?这就要用到配置。cas client通过filter拦截与cas服务器进行交互。它的主要配置主要有以下几个filter:
1.AuthenticationFilter
作用,判断用户是否登录,如果登录则进入第二步,否则重定向到cas服务器
2.TicketValidationFilter
对于client接收到的ticket进行验证
3.HttpServletRequestWrapperFilter
4.AssertionThreadLocalFilter
它们均须配置在web.xml中。根据 cas所应用的协议不同,则应用上面filter的不同实现。现假定cas server地址:http://server.cas.com:8080/cas (关于如何将cas以http形式发送,请参见前面博文).
应用访问地址:http://client.app.com:8070/clienttest 即clienttest应用发布到client.app.com应用服务器上。则我们以cas 2.0协议的方式去配置,详细配置如下:
<!-- 1 --> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://server.cas.com:8080/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://client.app.com:8070</param-value> </init-param> </filter> <!--注意casServerLoginUrl指服务器的地址;而serverName指的是应用的地址 --> <!-- 2--> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://server.cas.com:8080/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://client.app.com:8070</param-value> </init-param> </filter> <!-- 3 --> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <!-- 4 --> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <!-- filter mapping的顺序不能乱--> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest WrapperFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
对于应用sam1.1协议的,我们则需要应用如下filter:
1.org.jasig.cas.client.authentication.Saml11AuthenticationFilter
2.org.jasig.cas.client.validation.Saml11TicketValidationFilter
3.4不变
对于应用cas1.0协议,则我们只需要更改2为org.jasig.cas.client.validation.Cas10TicketValidationFilter 1.3,4其他不变.
只有cas2.0协议才支持代理,关于cas的代理配置与功能介绍我会专门写一章,在此不描述。这样我们会尽快的了解cas client的基本原理与server的交互方式,方便我们后面的深入讨论。
发表评论(对文章涉及的知识点还有疑问,可以在这里留言,老高看到后会及时回复的。)