cas 分为服务端,与客户端,那么客户端如何与服务端进行交互呢,或者说服务端发送的response报文客户端如何接收呢?这就要用到配置。cas client通过filter拦截与cas服务器进行交互。它的主要配置主要有以下几个filter:
1.AuthenticationFilter
作用,判断用户是否登录,如果登录则进入第二步,否则重定向到cas服务器2.TicketValidationFilter
对于client接收到的ticket进行验证
3.HttpServletRequestWrapperFilter4.AssertionThreadLocalFilter它们均须配置在web.xml中。根据 cas所应用的协议不同,则应用上面filter的不同实现。现假定cas server地址::8080/cas (关于如何将cas以http形式发送,,请参见前面博文).
应用访问地址::8070/clienttest 即clienttest应用发布到client.app.com应用服务器上。则我们以cas 2.0协议的方式去配置,详细配置如下:
<!– 1 –>
<filter><filter-name>CAS Authentication Filter</filter-name><filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class><init-param><param-name>casServerLoginUrl</param-name><param-value>:8080/cas/login</param-value></init-param><init-param><param-name>serverName</param-name><param-value>:8070</param-value></init-param></filter> <!–注意casServerLoginUrl指服务器的地址;而serverName指的是应用的地址 –><!– 2– ><filter><filter-name>CAS Validation Filter</filter-name><filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class><init-param><param-name>casServerUrlPrefix</param-name><param-value>:8080/cas/login</param-value></init-param><init-param><param-name>serverName</param-name><param-value>:8070</param-value></init-param></filter><!– 3 –><filter><filter-name>CAS HttpServletRequest Wrapper Filter</filter-name><filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class></filter><!– 4 –><filter><filter-name>CAS Assertion Thread Local Filter</filter-name><filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class></filter><!– filter mapping的顺序不能乱–><filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest WrapperFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern>
</filter-mapping>
对于应用sam1.1协议的,我们则需要应用如下filter:
1.org.jasig.cas.client.authentication.Saml11AuthenticationFilter
2.org.jasig.cas.client.validation.Saml11TicketValidationFilter
3.4不变
对于应用cas1.0协议,则我们只需要更改2为org.jasig.cas.client.validation.Cas10TicketValidationFilter 1.3,4其他不变.
只有cas2.0协议才支持代理,关于cas的代理配置与功能介绍我会专门写一章,在此不描述。这样我们会尽快的了解cas client的基本原理与server的交互方式,方便我们后面的深入讨论。
那段岁月,无论从何种角度读你,你都完美无缺,