NutzCN Logo
问答 cas集成写filter
发布于 2068天前 作者 qq_6b145f79 1868 次浏览 复制 上一个帖子 下一个帖子
标签:
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置-->
    <listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>
    <!-- 该过滤器用于实现单点登出功能,可选配置 -->
    <filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter>
        <filter-name>CAS Filter</filter-name>
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <param-value>https://server.zhoubang85.com:8443/cas/login</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://client1.zhoubang85.com:18080</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>CAS Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
    <filter>
        <filter-name>CAS Validation Filter</filter-name>
        <filter-class>
            org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>https://server.zhoubang85.com:8443/cas</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://client1.zhoubang85.com:18080</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>CAS Validation Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!--
        该过滤器负责实现HttpServletRequest请求的包裹,比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。
    -->
    <filter>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!--
        该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。比如AssertionHolder.getAssertion().getPrincipal().getName()。
    -->
    <filter>
        <filter-name>CAS Assertion Thread Local Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>CAS Assertion Thread Local Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

WebFilterFace的作用等同于web.xml里面声明个和
那这是不是要写多个filterStarter实现webFilterFace呀

13 回复
<filter>和<filter-mapping>

需要的, 注意getOrder返回的顺序

善用@IocBean注解(可标注在public方法),可以在一个类完成的,看你方便了

<listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>
@IocBean
public class CasEvnStarter implements WebEventListenerFace {
    @Inject("refer:$ioc")
    protected Ioc ioc;

    @Override
    public EventListener getEventListener() {
        return ioc.get(SingleSignOutHttpSessionListener.class, "singleSignOutHttpSessionListener");
    }
}
Caused by: org.nutz.ioc.ObjectLoadException: Object 'singleSignOutHttpSessionListener' without define!
	at org.nutz.ioc.loader.combo.ComboIocLoader.load(ComboIocLoader.java:157)
	at org.nutz.ioc.impl.NutIoc.get(NutIoc.java:195)
	... 27 more

这哪里有问题

return new SingleSignOutHttpSessionListener();

根据cas集成的文档,把filter都配好了,cas-server也跑起来了可以单独访问,可是 访问项目还是自己的登录页呢
哪里的问题啊,求助一下

@qq_6b145f79 拦截器顺序对吗?

我按上面xml里的顺序 从上到下,数字依次+1的,哈哈

debug看看那些Filter的doFilter方法是否有执行吧

我刚跟了一下,日志里打印的加载顺序理论应该是跟 定义的顺序从优先级高往低一致的吧?

项目启动后跳转到cas登录,报错了

java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
	at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:328)
	at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:291)
	at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:32)
	at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)
	at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:164)

https签名有问题吧

添加回复
请先登陆
回到顶部