Central Authentication Service（CAS）之四（Client）

服务端的配置弄好了，客户端的添加就很简单了。假如有一个应用CasDemo要通过CAS服务端的统一认证，CasDemo要做的就仅仅是添加cas相应的客户端jar包，并在web.xml里面添加相应的filter就好了。最后给用户授权这一步需要根据应用的实际情况来实现。

 

 

1.       假设这个应用是在不同于CAS服务端的另一台电脑上，那么我们要把之前服务端生成的认证server.crt导入到这边来。将server.crt拷贝到%JAVA_HOME%/jre/lib/security/cacerts

然后再目录%JAVA_HOME%/bin下执行如下命令：

keytool -import -file server.crt -keypass changeit -keystore ../jre/lib/security/cacerts

接着用InstallCert.java验证直到导入成功。（http://blogs.sun.com/andreas/entry/no_more_unable_to_find）

2.       WEB-INF/lib下添加如下jar包cas-client-core-3.1.3.jar,commons-codec-1.3.jar, commons-collections-3.2.jar,commons-lang-2.2.jar,commons-logging-1.1.jar

3.       Modify WEB-INF/web.xml.添加如下的配置

 

<!--CAS Authentication FILTER -->
 <filter>
  <filter-name>CAS Authentication Filter</filter-name>
  <filter-class>
   org.jasig.cas.client.authentication.AuthenticationFilter
  </filter-class>
  <!-- cas server LOGIN URL -->
  <init-param>
   <param-name>casServerLoginUrl</param-name>
   <param-value>
    https://gbpccmm1.asiapacific.hpqcorp.net:8443/cas/login
   </param-value>
  </init-param>
  <!-- local web URL -->
  <init-param>
   <param-name>serverName</param-name>
   <param-value>http://JYE1.asiapacific.hpqcorp.net:8080</param-value>
  </init-param>
 </filter>
 <!-- CAS Validation FILTER -->
 <filter>
  <filter-name>CAS Validation Filter</filter-name>
  <filter-class>
   org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
  </filter-class>
  <!-- CAS SERVER URL -->
  <init-param>
   <param-name>casServerUrlPrefix</param-name>
   <param-value>https://gbpccmm1.asiapacific.hpqcorp.net:8443/cas</param-value>
  </init-param>
  <!-- LOCAL web URL -->
  <init-param>
   <param-name>serverName</param-name>
   <param-value>http://JYE1.asiapacific.hpqcorp.net:8080</param-value>
  </init-param>
  <!-- if validation false throw exception ; default true-->
  <init-param>
   <param-name>exceptionOnValidationFailure</param-name>
   <param-value>false</param-value>
  </init-param>
  <!-- the URL to watch for PGTIOU/PGT responses from the CAS server -->
  <init-param>
   <param-name>allowedProxyChains</param-name>
   <param-value>http://JYE1.asiapacific.hpqcorp.net:8080/jsp/cas/index.jsp</param-value>
  </init-param>
 </filter>
 <!-- cas security username on request.getRemoteUser() -->
 <filter>
  <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
  <filter-class>
   org.jasig.cas.client.util.HttpServletRequestWrapperFilter
  </filter-class>
 </filter>
 <!-- CAS SINGLE SIGN OUT FILTER -->
 <filter>
  <filter-name>CAS Single Sign Out Filter</filter-name>
  <filter-class>
   org.jasig.cas.client.session.SingleSignOutFilter
  </filter-class>
 </filter>
  <filter-mapping>
  <filter-name>CAS Single Sign Out Filter</filter-name>
  <url-pattern>/*</url-pattern>
 </filter-mapping>
 <filter-mapping>
  <filter-name>CAS Authentication Filter</filter-name>
  <url-pattern>/*</url-pattern>
 </filter-mapping>
 <filter-mapping>
  <filter-name>CAS Validation Filter</filter-name>
  <url-pattern>/*</url-pattern>
 </filter-mapping>
 <filter-mapping>
  <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
  <url-pattern>/jsp/cas/index.jsp</url-pattern>
 </filter-mapping>

 <!-- SingleSignOutHttpSessionListener LISTENER -->
 <listener>
  <listener-class>
   org.jasig.cas.client.session.SingleSignOutHttpSessionListener
  </listener-class>
 </listener>
 <welcome-file-list>
  <welcome-file>jsp/cas/index.jsp</welcome-file>
 </welcome-file-list>