接上文,SSO的理论讲解,接下来实践实践!1、使用Cookie解决单点登录
技术点:
1、设置Cookie的路径为setPath("/").即Tomcat的目录下都有效
2、设置Cookie的域setDomain(".itcast.com");即bbs.itcast.com,或是mail.itcast.com有效。即跨域。
3、设置Cookie的时间。即使用户不选择在几天内自动登录,也应该保存Cookie以保存在当前浏览器没有关闭的情况下有效。
4、使用Filter自动登录。
实现步骤
1:首先要准备出几个虚拟主机并配置hosts文件,即本机DNS修改本机的C:\Windows\System32\drivers\etc下的hosts文件。
<span style="font-size:18px;"><span style="font-size:18px;"># localhost name resolution is handled within DNS itself.#127.0.0.1localhost#::1localhost127.0.0.1localhost127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1</span></span>
增加几个Host节点,通过Cookie实现自动登录,必须配置的虚拟主页满足xxx.itcast.cn,即主域名必须保持一致。
一般web应用中一般部署在web.xml文件中,单点退出相关配置如下:
<span style="font-size:18px;"><span style="font-size:18px;"><filter><filter-name>CAS Authentication Filter</filter-name><filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class><init-param><!–到哪去登录–><param-name>casServerLoginUrl</param-name><param-value>:8080/login</param-value></init-param><init-param><!–我是谁–><param-name>serverName</param-name><param-value>:8080</param-value></init-param><init-param><param-name>renew</param-name><param-value>false</param-value></init-param><init-param><param-name>gateway</param-name><param-value>false</param-value></init-param></filter><filter><filter-name>CAS Validation Filter</filter-name><filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class><init-param><param-name>casServerUrlPrefix</param-name><param-value>:8080</param-value></init-param><init-param><param-name>serverName</param-name><param-value>:8080</param-value></init-param><!–<init-param><param-name>proxyCallbackUrl</param-name><param-value>https://localhost:8443/mywebapp/proxyCallback</param-value></init-param><init-param><param-name>proxyReceptorUrl</param-name><param-value>/mywebapp/proxyCallback</param-value></init-param>–></filter><filter><filter-name>CAS HttpServletRequest Wrapper Filter</filter-name><filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class></filter><filter><filter-name>CAS Assertion Thread Local Filter</filter-name><filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class></filter><!– ************************* –><!– Sign out not yet implemented –><!– <filter-mapping><filter-name>CAS Single Sign Out Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping>–><filter-mapping><filter-name>CAS Authentication Filter</filter-name><url-pattern>/protected/*</url-pattern></filter-mapping><filter-mapping><filter-name>CAS Validation Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CAS HttpServletRequest Wrapper Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CAS Assertion Thread Local Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CAS Validation Filter</filter-name><url-pattern>/proxyCallback</url-pattern></filter-mapping><!– *********************** –><!– Sign out not yet implemented –><!– <listener><listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class></listener>–><!– *********************** –><welcome-file-list><welcome-file>index.jsp</welcome-file></welcome-file-list></span></span>
说明:我们看到单点退出的相关类结构,,web.xml配置了单点退出的相关类(1个监听器SingleSignOutHttpSessionListener,2个过滤器SingleSignOutFilter,SimpleServerLogoutHandler)。
坚韧是成功的一大要素,只要在门上敲得够久够大声,终会把人唤醒的。
