シングルサインオン-CAS【八】CAS Java Objects
6151 ワード
一、実際のシーン
前の文章はfilterに基づいています.つまりwebです.xmlファイルでCASのfilterを構成して、単一のログインを完了します.現在、実際のシーンがSAPのNetWeaverに基づいて開発されているプロジェクトは、上記のようにCASと統合することはできません.強力なCASはこの解決策を提供しています.公式サイトdeep資料を参照:https://wiki.jasig.org/display/CASC/Using+CAS+with+Java
2つの方法があります
1. CAS Tag Library
2. CAS Java Objects
二、環境準備
Yale Java Clientダウンロード:https://legacy-java-cas-client.googlecode.com/files/cas-client-java-2.1.1.zip
三、CAS Java Objects
私たちはLoginModelで次のコードを実現することができ、私たちのニーズを満たすことができます.
You may also authenticate users "manually"using the CAS Java objects. In this case, you would instantiate a new ServiceTicketValidator or ProxyTicketValidator. Notice that in the example below, the page already expects to receive a ticket parameter (this is the servlet that CAS returned to after the user logged in). If this servlet was accessed directly by a user, it would need to check that the request parameter, ticket, was not null. If it was null, the servlet would need to redirect to the CAS login page manually.
これでticketとユーザー情報が生成され、単一のログインに成功しました.
この方法では、ServiceTicketValidatorを使用して単一のログインを完了しますが、ProxyTicketValidatorも使用できます.
付録DEMO例
前の文章はfilterに基づいています.つまりwebです.xmlファイルでCASのfilterを構成して、単一のログインを完了します.現在、実際のシーンがSAPのNetWeaverに基づいて開発されているプロジェクトは、上記のようにCASと統合することはできません.強力なCASはこの解決策を提供しています.公式サイトdeep資料を参照:https://wiki.jasig.org/display/CASC/Using+CAS+with+Java
2つの方法があります
1. CAS Tag Library
2. CAS Java Objects
二、環境準備
Yale Java Clientダウンロード:https://legacy-java-cas-client.googlecode.com/files/cas-client-java-2.1.1.zip
三、CAS Java Objects
私たちはLoginModelで次のコードを実現することができ、私たちのニーズを満たすことができます.
String user = null;
String errorCode = null;
String errorMessage = null;
String xmlResponse = null;
/* instantiate a new ServiceTicketValidator */
ServiceTicketValidator sv = new ServiceTicketValidator();
/* set its parameters */
sv.setCasValidateUrl("https://secure.its.yale.edu/cas/serviceValidate");
sv.setService(urlOfThisService);
sv.setServiceTicket(request.getParameter("ticket"));
/*
* If we want to be able to acquire proxy tickets (requires callback servlet to be set up
* in web.xml - see below)
*/
String urlOfProxyCallbackServlet = "https://portal.yale.edu/CasProxyServlet";
sv.setProxyCallbackUrl(urlOfProxyCallbackServlet);
/* contact CAS and validate */
sv.validate();
/* if we want to look at the raw response, we can use getResponse() */
xmlResponse = sv.getResponse();
/* read the response */
// Yes, this method is misspelled in this way
// in the ServiceTicketValidator implementation.
// Sorry.
if(sv.isAuthenticationSuccesful()) {
user = sv.getUser();
} else {
errorCode = sv.getErrorCode();
errorMessage = sv.getErrorMessage();
/* handle the error */
}
/* The user is now authenticated. */
/* If we did set the proxy callback url, we can get proxy tickets with: */
String urlOfTargetService = "http://hkg2.its.yale.edu/someApp/portalFeed";
String proxyTicket =
edu.yale.its.tp.cas.proxy.ProxyTicketReceptor.getProxyTicket(
sv.getPgtIou(),urlOfTargetService);You may also authenticate users "manually"using the CAS Java objects. In this case, you would instantiate a new ServiceTicketValidator or ProxyTicketValidator. Notice that in the example below, the page already expects to receive a ticket parameter (this is the servlet that CAS returned to after the user logged in). If this servlet was accessed directly by a user, it would need to check that the request parameter, ticket, was not null. If it was null, the servlet would need to redirect to the CAS login page manually.
これでticketとユーザー情報が生成され、単一のログインに成功しました.
この方法では、ServiceTicketValidatorを使用して単一のログインを完了しますが、ProxyTicketValidatorも使用できます.
付録DEMO例
package com.wy.cas.client;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.ParserConfigurationException;
import org.xml.sax.SAXException;
public class LoginModule extends HttpServlet{
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doPost(request, response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String user = null;
String errorCode = null;
String errorMessage = null;
String xmlResponse = null;
if(null == request.getParameter("ticket") || "".equals(request.getParameter("ticket"))){
response.sendRedirect("http://127.0.0.1:8082/cas-server/login?service=http://127.0.0.1:8080/cas-test/login");
return;
}
/* instantiate a new ServiceTicketValidator */
ServiceTicketValidator sv = new ServiceTicketValidator();
/* set its parameters */
sv.setCasValidateUrl("http://127.0.0.1:8082/cas-server/serviceValidate");
sv.setService("http://127.0.0.1:8080/cas-test/login");
sv.setServiceTicket(request.getParameter("ticket"));
/* contact CAS and validate */
try {
sv.validate();
} catch (SAXException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ParserConfigurationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
/* if we want to look at the raw response, we can use getResponse() */
xmlResponse = sv.getResponse();
/* read the response */
// Yes, this method is misspelled in this way
// in the ServiceTicketValidator implementation.
// Sorry.
if(sv.isAuthenticationSuccesful()) {
user = sv.getUser();
} else {
errorCode = sv.getErrorCode();
errorMessage = sv.getErrorMessage();
/* handle the error */
System.out.println("errorInfo -----------> "+errorCode +"\r
"+errorMessage);
}
System.out.println("userInfo >>>>>>>>>>>> "+user);
request.getSession().setAttribute("userInfo", user);
request.getRequestDispatcher("index.jsp").forward(request, response);
/* The user is now authenticated. */
}
public static void main(String[] args){
}
}