CAS拦截器过滤指定URL
2016-01-08 21:13
1196 查看
摘要: 当我们将应用系统进行SSO单点登录集成时,配置信息往往设置*表示对全部URL进行拦截。此时如果我们想要对某些特定的URL不进行单点拦截,如:当我们系统需要向第三方系统提供接口服务、或者特定链接引入时,在不登录CAS的情况下系统提供的url在调用的过程中会被CAS拦截过滤。此时,我们则可以通过如下操作,设置不被拦截的URL。
CAS客户端集成web.xml常规配置如下:
org.jasig.cas.client.authentication.AuthenticationFilter即为 CAS拦截器实现类,该类继承了AbstractCasFilter类。
我们重新定义一个类MyAuthenticationFilter,也继承AbstractCasFilter类,在该类中完全复制AuthenticationFilter类中的内容,并做如下修改:
1.增加excludePaths属性,用于存放要排除过滤的路径
2.修改initInternal方法、从web.xml配置中解析出要排除过滤的路径
3.修改doFilter方法、判断请求路径是否在过滤路径内。如果在,则跳过
4.修改完以上方法、则web.xml中还需要修改两点,i 拦截器实现类指向我们重写的类MyAuthenticationFilter;ii 增加过滤不拦截URL属性excludePaths;修改后的web.xml配置如下:
此时,我们重新启动服务即可发现,在没有登录cas服务器进行身份认证的情况下,我们设置的不进行拦截的url已经可以正常访问。
注:为了项目的简洁,避免出现org.jasig.cas.client.authentication.MyAuthenticationFilter这种多余的包,可以将该类打成jar包,拷贝到工程lib下即可。
PS:.net客户端过滤改造,原理同样!
CAS客户端集成web.xml常规配置如下:
<filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://localhost/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost</param-value> </init-param> </filter>
org.jasig.cas.client.authentication.AuthenticationFilter即为 CAS拦截器实现类,该类继承了AbstractCasFilter类。
我们重新定义一个类MyAuthenticationFilter,也继承AbstractCasFilter类,在该类中完全复制AuthenticationFilter类中的内容,并做如下修改:
1.增加excludePaths属性,用于存放要排除过滤的路径
/** * 存放要排除的路径 */ private String[] excludePaths;
2.修改initInternal方法、从web.xml配置中解析出要排除过滤的路径
protected void initInternal(final FilterConfig filterConfig) throws ServletException { if (!isIgnoreInitConfiguration()) { super.initInternal(filterConfig); setCasServerLoginUrl(getPropertyFromInitParams(filterConfig, "casServerLoginUrl", null)); log.trace("Loaded CasServerLoginUrl parameter: " + this.casServerLoginUrl); setRenew(parseBoolean(getPropertyFromInitParams(filterConfig, "renew", "false"))); log.trace("Loaded renew parameter: " + this.renew); setGateway(parseBoolean(getPropertyFromInitParams(filterConfig, "gateway", "false"))); log.trace("Loaded gateway parameter: " + this.gateway); final String gatewayStorageClass = getPropertyFromInitParams(filterConfig, "gatewayStorageClass", null); if (gatewayStorageClass != null) { try { this.gatewayStorage = (GatewayResolver) Class.forName(gatewayStorageClass).newInstance(); } catch (final Exception e) { log.error(e,e); throw new ServletException(e); } } //cas拦截器过滤修改************begin by wangzhen // 取出配置的不拦截url 启动时加载 String _excludePaths = getPropertyFromInitParams(filterConfig, "excludePaths", null); System.out.println("web.xml中配置的不拦截uri:"+_excludePaths); if(CommonUtils.isNotBlank(_excludePaths)){ setExcludePaths(_excludePaths.trim().split(",")); } //cas拦截器过滤修改************end by wangzhen } }
3.修改doFilter方法、判断请求路径是否在过滤路径内。如果在,则跳过
public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException { final HttpServletRequest request = (HttpServletRequest) servletRequest; final HttpServletResponse response = (HttpServletResponse) servletResponse; final HttpSession session = request.getSession(false); final Assertion assertion = session != null ? (Assertion) session.getAttribute(CONST_CAS_ASSERTION) : null; //cas拦截器过滤修改************begin by wangzhen String uri = request.getRequestURI(); System.out.println("uri:"+uri); boolean isInWhiteList = false; if(excludePaths!=null && excludePaths.length>0 && uri!=null){ for(String path : excludePaths){ if(CommonUtils.isNotBlank(path)){ isInWhiteList = uri.indexOf(path.trim())>-1; if(isInWhiteList){ break; } } } } if(isInWhiteList){ System.out.println("cas不拦截该uri:"+uri); filterChain.doFilter(request, response); return; } //cas拦截器过滤修改************end by wangzhen if (assertion != null) { filterChain.doFilter(request, response); return; } final String serviceUrl = constructServiceUrl(request, response); final String ticket = CommonUtils.safeGetParameter(request,getArtifactParameterName()); final boolean wasGatewayed = this.gatewayStorage.hasGatewayedAlready(request, serviceUrl); if (CommonUtils.isNotBlank(ticket) || wasGatewayed) { filterChain.doFilter(request, response); return; } final String modifiedServiceUrl; log.debug("no ticket and no assertion found"); if (this.gateway) { log.debug("setting gateway attribute in session"); modifiedServiceUrl = this.gatewayStorage.storeGatewayInformation(request, serviceUrl); } else { modifiedServiceUrl = serviceUrl; } if (log.isDebugEnabled()) { log.debug("Constructed service url: " + modifiedServiceUrl); } final String urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), modifiedServiceUrl, this.renew, this.gateway); if (log.isDebugEnabled()) { log.debug("redirecting to \"" + urlToRedirectTo + "\""); } response.sendRedirect(urlToRedirectTo); }
4.修改完以上方法、则web.xml中还需要修改两点,i 拦截器实现类指向我们重写的类MyAuthenticationFilter;ii 增加过滤不拦截URL属性excludePaths;修改后的web.xml配置如下:
<filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.MyAuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://localhost/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost</param-value> </init-param> <init-param> <description>cas not filter url</description> <param-name>excludePaths</param-name> <param-value>interfacesJSON.do,data_json.jsp,soa/service</param-value> </init-param> </filter>
此时,我们重新启动服务即可发现,在没有登录cas服务器进行身份认证的情况下,我们设置的不进行拦截的url已经可以正常访问。
注:为了项目的简洁,避免出现org.jasig.cas.client.authentication.MyAuthenticationFilter这种多余的包,可以将该类打成jar包,拷贝到工程lib下即可。
PS:.net客户端过滤改造,原理同样!
相关文章推荐
- jasig-cas 学习历程
- 配置完 Exchange Server 2010 CAS Array后需要做的
- CAS实现单点登录(SSO)经典完整教程(1)
- CAS实现单点登录(SSO)经典完整教程(2)
- ZCS与CAS(Central Authentication Service)单点登录系统的集成
- 原创cas支持客户端应用验证
- 单点登录(cas)、缓存技术与负载均衡
- JAVA CAS原理深度分析
- cas单点登录
- CAS单点登录之重复登录的问题
- Lock-Free
- 解决Unable to read TLD "META-INF/c.tld" from JAR file
- Yale CAS实现原理及其基础协议
- CAS的配置,登录界面的更改以及数据库的连接--Java(Eclipse,非Maven)
- cas logout跳转到指定页面(带service)
- cas logout 报session already invalidated(struts2报错)
- cas logout代码细节
- CAS单点登陆的两个原理图
- CAS SSO SSL证书配置