CAS SSO对手机应用支持的一种思路

原文地址： http://architecture3.riaos.com/?p=3095368

手机和桌面应用访问CAS，我们不能直接使用CAS提供的web api。不过CAS提供了一个插件，叫CAS Restlet Integration，该插件提供了CAS API的Restful接口，这个接口可以被程序级调用，这样就给我们手机应用认证带来一种思路。首先，手机应用可以程序方式CAS认证服务器，获得TGT和ST，然后访问配置好CAS Client的应用Server，Server与CAS进行通信验证ST的有效性，如果有效即登录成功。登出处理比较简单，直接访问CAS
API删除TGT即可，CAS会通知删除所有登录过应用的登录信息。

对 CAS Server，我们要安装Restlet Integration插件，

以CAS Server 3.4.5为例（CAS Server的基本配置参见 CAS Server 部署基本步骤），首先下载CAS Restlet Integration插件包及其依赖包（http://mvnrepository.com/artifact/org.jasig.cas/cas-server-integration-restlet/3.4.5），所需包名列表如下：

cas-server-integration-restlet-3.4.5.jar
cglib-nodep-2.1_3.jar
com.noelios.restlet.ext.servlet-1.1.1.jar
com.noelios.restlet.ext.spring-1.1.1.jar
com.noelios.restlet-1.1.1.jar
org.restlet.ext.spring-1.1.1.jar
org.restlet-1.1.1.jar

然后在web.xml中加入:

<!--   for restful api -->

<servlet>
<servlet-name>restlet</servlet-name>
<servlet-class>com.noelios.restlet.ext.spring.RestletFrameworkServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
<servlet-name>restlet</servlet-name>
<url-pattern>/v1/*</url-pattern>
</servlet-mapping>

程序获取TGT,ST和Logout，我们可以参考官方的例子：

/*   获取tgt和st的API接口是 /v1/tickets */
private String getTicketGrantingTicket(final String server,final String username, final String password) {
final HttpClient client = new HttpClient();
final PostMethod post = new PostMethod(server);
post.setRequestBody(new NameValuePair[] {
new NameValuePair("username", username),
new NameValuePair("password", password) });
try {
client.executeMethod(post);
final String response = post.getResponseBodyAsString();
switch (post.getStatusCode()) {
case 200:
return response;
default:
break;
}
} catch (Exception e) {

} finally {
post.releaseConnection();
}
return null;
}

@SuppressWarnings("unchecked")
private String getServiceTicket(final String server,final String ticketGrantingTicket, final String service) {
if (ticketGrantingTicket == null) return null;
final HttpClient client = new HttpClient();
final PostMethod post = new PostMethod(server + "/"+ ticketGrantingTicket);
post.setRequestBody(new NameValuePair[] { new NameValuePair("service",service) });
try {
client.executeMethod(post);
final String response = post.getResponseBodyAsString();
switch (post.getStatusCode()) {
case 200:
return response;
default:
break;
}
} catch (Exception e) {

} finally {
post.releaseConnection();
}
return null;
}

/*   删除tgt的API接口是 /v1/tickets/<tgt> ,delete方法 */

public String logout(String tgt) {

String result = "success";
final HttpClient client = new HttpClient();
final DeleteMethod delete = new DeleteMethod(server + "/" + tgt);
try {
client.executeMethod(delete);
final String response = delete.getResponseBodyAsString();
switch (delete.getStatusCode()) {
case 200:
break;
default:
result = "error";
break;
}
} catch (IOException e) {
result = "error";

}finally{
delete.releaseConnection();
}
return result;
}