CAS学习之RESTFUL API使用(1)
2013-09-27 22:51
85 查看
CAS环境搭建完成之后,由于项目中需要模拟CAS登陆并获取相应的TICKET,专门学习了一下RESTFUL API的使用。
以下例子代码实现的功能是模拟登陆CAS,生成ST为各个集成了CAS的应用使用。
将RESTFUL API的调用封装到了一个类中:
注意要模拟该场景至少需要2个web应用和一个cas服务端。这2个web应用中模拟生成ticket的应用不需要被CAS保护。另外,这个2个web应用需要在同一域中。
本文出自 “图图学习吧” 博客,请务必保留此出处http://feiquan16.blog.51cto.com/336861/1302938
以下例子代码实现的功能是模拟登陆CAS,生成ST为各个集成了CAS的应用使用。
将RESTFUL API的调用封装到了一个类中:
package com.feiquan16.cas.util;
import java.io.IOException;
import java.util.StringTokenizer;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.methods.PostMethod;
/**
* An example Java client to authenticate against CAS using REST services.
* Please ensure you have followed the necessary setup found on the <a
* href="http://www.ja-sig.org/wiki/display/CASUM/RESTful+API">wiki</a>.
*
* @author <a href="mailto:jieryn@gmail.com">jesse lauren farinacci</a>
* @since 3.4.2
*/
public final class CASUtility {
private static final Logger LOG = Logger.getLogger(CASUtility.class.getName());
public static PropertiesReader pr = null;
private CASUtility() {
// static-only access
}
public static String getTicket(final HttpServletRequest request,
final HttpServletResponse response, final String server,
final String username, final String password, final String service) {
notNull(server, "server must not be null");
notNull(username, "username must not be null");
notNull(password, "password must not be null");
notNull(service, "service must not be null");
return getServiceTicket(request, response, server, getTicketGrantingTicket(response, server, username, password), service);
}
private static String getServiceTicket(final HttpServletRequest request,
final HttpServletResponse res, final String server,
final String ticketGrantingTicket, final String service) {
if (ticketGrantingTicket == null)
return null;
res.setHeader("P3P","CP=CAO PSA OUR");
String broswer = "";
try {
String agent = request.getHeader("User-Agent");
StringTokenizer st = new StringTokenizer(agent,";");
st.nextToken();
broswer = st.nextToken();
LOG.info("User's Browser is "+broswer);
}catch(Exception e) {
LOG.info("Fail to get User's Browser Type.");
}
LOG.info("ticketGrantingTicket : " + ticketGrantingTicket);
Cookie c1 = new Cookie("CASTGC", ticketGrantingTicket);
pr = PropertiesReader.getInstance("");
String domain = pr.getPropertiy("cas.server.domain");
if (broswer != null && broswer.trim().startsWith("MSIE")){
c1.setDomain(domain);
c1.setPath("/");
} else {
c1.setDomain(domain);
c1.setPath("/cas/");
}
res.addCookie(c1);
final HttpClient client = new HttpClient();
final PostMethod post = new PostMethod(server + "/" + ticketGrantingTicket);
post.setRequestBody(new NameValuePair[] { new NameValuePair("service", service) });
try {
client.executeMethod(post);
final String response = post.getResponseBodyAsString();
switch (post.getStatusCode()) {
case 200:
return response;
default:
LOG.warning("Invalid response code (" + post.getStatusCode() + ") from CAS server!");
LOG.info("Response (1k): " + response.substring(0, Math.min(1024, response.length())));
break;
}
} catch (final IOException e) {
LOG.warning(e.getMessage());
} finally {
post.releaseConnection();
}
return null;
}
public static String getTicketGrantingTicket(final HttpServletResponse res,
final String server, final String username, final String password) {
final HttpClient client = new HttpClient();
final PostMethod post = new PostMethod(server);
post.setRequestBody(new NameValuePair[] {
new NameValuePair("username", username),
new NameValuePair("password", password) });
try {
client.executeMethod(post);
final String response = post.getResponseBodyAsString();
switch (post.getStatusCode()) {
case 201: {
final Matcher matcher = Pattern.compile(".*action=\".*/(.*?)\".*").matcher(response);
if (matcher.matches())
return matcher.group(1);
LOG.warning("Successful ticket granting request, but no ticket found!");
LOG.info("Response (1k): " + response.substring(0, Math.min(1024, response.length())));
break;
}
default:
LOG.warning("Invalid response code (" + post.getStatusCode() + ") from CAS server!");
LOG.info("Response (1k): " + response.substring(0, Math.min(1024, response.length())));
break;
}
}
catch (final IOException e) {
LOG.warning(e.getMessage());
}
finally {
post.releaseConnection();
}
return null;
}
private static void notNull(final Object object, final String message) {
if (object == null)
throw new IllegalArgumentException(message);
}
}然后新建了一个servlet去调用上门这个类生成TICKET。package com.feiquan16.cas.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.feiquan16.cas.util.CASUtility;
import com.feiquan16.cas.util.PropertiesReader;
public class CASTicketServlet extends HttpServlet {
/**
*
*/
private static final long serialVersionUID = 1L;
public static PropertiesReader pr = null;
public void doGet(HttpServletRequest request,HttpServletResponse response)throws ServletException, IOException{
PrintWriter writer = response.getWriter();
response.setContentType("text/html");
pr = PropertiesReader.getInstance("");
System.out.println("----------");
String server = pr.getPropertiy("cas.service.url");
String username = "b";request.getParameter("username");
String password = "b";request.getParameter("ObSSOCookie");
String service = "http://andrew.biz.com:9080/HRDemo";request.getParameter("service");
response.setHeader("P3P","CP=CAO PSA OUR");
System.out.println("----------");
String ticket = CASUtility.getTicket(request,response, server, username, password, service);
System.out.println(ticket);
response.sendRedirect(service);
writer.print(ticket);
}
public void doPost(HttpServletRequest request,HttpServletResponse response)throws ServletException, IOException{
this.doGet(request, response);
}
}上面代码39行,将会跳转到应用HRDemo,这个HRDemo是被CAS保护的。注意要模拟该场景至少需要2个web应用和一个cas服务端。这2个web应用中模拟生成ticket的应用不需要被CAS保护。另外,这个2个web应用需要在同一域中。
本文出自 “图图学习吧” 博客,请务必保留此出处http://feiquan16.blog.51cto.com/336861/1302938
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 学习使用MEAN开发RESTful WEB api,实现数据的CRUD
- 学习使用MEAN开发RESTful WEB api,实现数据的CRUD
- Docker学习笔记八 使用Docker API
- Activiti工作流框架学习(二)——使用Activiti提供的API完成流程操作
- ZooKeeper学习笔记:zookeeperAPI的使用
- 学习api的使用方式
- Python RESTful API 学习(一)
- vue.js学习07之使用$.ajax和vue-resource实现OAuth的注册、登录、注销和API调用
- 使用C#开发HTTP服务器系列之构建RESTful API
- 使用python的Flask实现一个RESTful API服务器端[翻译]
- 大数据架构中使用JSON-RPC好,还是RESTful API好?
- SpringBoot中使用Swagger生成RESTful规范API文档
- Web编程学习四: 使用Jersey来创建RESTful WebService
- iOS开发中使用Bmob RESTful API
- guava 学习笔记(二) 瓜娃(guava)的API快速熟悉使用
- Web编程学习六:使用Apache olingo将JPA数据库操作转化为RESTful Web Service
- salesforce 零基础学习(五十一)使用 Salesforce.com SOAP API 实现用户登录以及简单的增删改查(JAVA访问salesforce)
- hadoop学习笔记:创建maven项目与使用hdfs的读写API
- Symbian学习笔记(18) - 初探Web Services API 的使用(中)
- Hadoop学习之路(二十八)MapReduce的API使用(五)