单点登录 - CAS【八】CAS Java Objects

一、实际场景                                                                                          

    前面的文章都是基于filter，即在web.xml文件中配置CAS的filter来完成单点登录的。现在实际场景基于SAP的NetWeaver开发的项目，是无法像上面的方式与CAS集成在一块的。强大的CAS已提供这种解决方法。参看下官方网站deep资料：https://wiki.jasig.org/display/CASC/Using+CAS+with+Java

我们看到有两种方式：

    1. CAS Tag Library

    2. CAS Java Objects

 

二、环境准备

    Yale Java Client下载：https://legacy-java-cas-client.googlecode.com/files/cas-client-java-2.1.1.zip

 

三、CAS Java Objects

    我们可以在LoginModel中实现如下代码，就可以满足我们的需求

String user = null;
String errorCode = null;
String errorMessage = null;
String xmlResponse = null;
 
/* instantiate a new ServiceTicketValidator */
ServiceTicketValidator sv = new ServiceTicketValidator();
 
/* set its parameters */
sv.setCasValidateUrl("https://secure.its.yale.edu/cas/serviceValidate");
sv.setService(urlOfThisService);
sv.setServiceTicket(request.getParameter("ticket"));
 
/*
 * If we want to be able to acquire proxy tickets (requires callback servlet to be set up 
 * in web.xml - see below)
 */
 
String urlOfProxyCallbackServlet = "https://portal.yale.edu/CasProxyServlet";
 
sv.setProxyCallbackUrl(urlOfProxyCallbackServlet);
 
/* contact CAS and validate */
sv.validate();
 
/* if we want to look at the raw response, we can use getResponse() */
xmlResponse = sv.getResponse();
 
/* read the response */
 
// Yes, this method is misspelled in this way 
// in the ServiceTicketValidator implementation. 
// Sorry.
if(sv.isAuthenticationSuccesful()) {
    user = sv.getUser();
} else {
    errorCode = sv.getErrorCode();
    errorMessage = sv.getErrorMessage();
    /* handle the error */
}
 
/* The user is now authenticated. */
 
/* If we did set the proxy callback url, we can get proxy tickets with: */
 
 
String urlOfTargetService = "http://hkg2.its.yale.edu/someApp/portalFeed";
 
String proxyTicket =
    edu.yale.its.tp.cas.proxy.ProxyTicketReceptor.getProxyTicket(
        sv.getPgtIou(),urlOfTargetService);

 

You may also authenticate users "manually" using the CAS Java objects. In this case, you would instantiate a new ServiceTicketValidator or ProxyTicketValidator. Notice that in the example below, the page already expects to receive a ticket parameter (this is the servlet that CAS returned to after the user logged in). If this servlet was accessed directly by a user, it would need to check that the request parameter, ticket, was not null. If it was null, the servlet would need to redirect to the CAS login page manually.

 

至此ticket和用户信息都已生成，单点登录成功。

 

此种方式是使用ServiceTicketValidator完成单点登录，其实我们也可以使用ProxyTicketValidator。

 

附录DEMO示例

package com.wy.cas.client;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.ParserConfigurationException;

import org.xml.sax.SAXException;

public class LoginModule extends HttpServlet{
	 
	private static final long serialVersionUID = 1L;

	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		this.doPost(request, response);
	}
	
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String user = null;
		String errorCode = null;
		String errorMessage = null;
		String xmlResponse = null;
		
		if(null == request.getParameter("ticket") || "".equals(request.getParameter("ticket"))){
			response.sendRedirect("http://127.0.0.1:8082/cas-server/login?service=http://127.0.0.1:8080/cas-test/login");
			return;
		}
		 
		/* instantiate a new ServiceTicketValidator */
		ServiceTicketValidator sv = new ServiceTicketValidator();
		 
		/* set its parameters */
		sv.setCasValidateUrl("http://127.0.0.1:8082/cas-server/serviceValidate");
		sv.setService("http://127.0.0.1:8080/cas-test/login");
		sv.setServiceTicket(request.getParameter("ticket"));
		 
		/* contact CAS and validate */
		try {
			sv.validate();
		} catch (SAXException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (ParserConfigurationException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		 
		/* if we want to look at the raw response, we can use getResponse() */
		xmlResponse = sv.getResponse();
		 
		/* read the response */
		 
		// Yes, this method is misspelled in this way 
		// in the ServiceTicketValidator implementation. 
		// Sorry.
		if(sv.isAuthenticationSuccesful()) {
		    user = sv.getUser();
		} else {
		    errorCode = sv.getErrorCode();
		    errorMessage = sv.getErrorMessage();
		    /* handle the error */
		    System.out.println("errorInfo -----------> "+errorCode +"\r\n"+errorMessage);
		}
		System.out.println("userInfo >>>>>>>>>>>> "+user);
		
		request.getSession().setAttribute("userInfo", user);
		request.getRequestDispatcher("index.jsp").forward(request, response);
		 
		/* The user is now authenticated. */
		 

	}
	
	public static void main(String[] args){
		
	}
}