轻松搭建CAS 5.x系列(4)-Java客户端程序接入CAS单点登录，Hello World版

概述说明

---

　　按照本系列的前3篇文章描述的步骤，我们已经搭建好cas sso server。那应用程序怎么接入到实现sso呢？ （如果您还没有搭建cas server，可以到《轻松搭建CAS 5.x系列文章》按照步驟） CAS官方支持了JAVA、.NET和PHP客户端程序接入支持，其他语言如Python，可以找找非官方的支持。 本章节是编写最简单版本的Java的客户端接入。

操作步骤

---

进入正题

·1. 首先启动tomcat，看下之前搭建的cas server启动是否正常

双击D:casoverlayapache-tomcat-8.5.31instartup.bat 访问 https://cas.example.org:8443/cas/login

2.编写一个war程序cas-client-demo

项目的目录结构件下图

·3. cas-client-demo添加项目依赖jar包

从cas server的项目lib目录中（D:casoverlayapache-tomcat-8.5.31webappscasWEB-INFlib）

直接copy如下文件到D:casoverlayapache-tomcat-8.5.31webappscas-client-demoWEB-INFlib

cas-client-core-3.4.1.jar
commons-logging-1.2.jar
log4j-api-2.8.2.jar
log4j-slf4j-impl-2.8.2.jar
slf4j-api-1.7.25.jar

·4. cas-client-demo的web.xml

新增文件D:casoverlayapache-tomcat-8.5.31webappscas-client-demoWEB-INFweb.xml

内容如下：

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
                      http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
  version="3.1"
  metadata-complete="true">

  <display-name>Tomcat Documentation</display-name>
  <description>
     Tomcat Documentation.
  </description>


    <filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>https://cas.example.org:8443/cas</param-value>
        </init-param>
    </filter>

    <listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>

    <filter>
        <filter-name>CAS Authentication Filter</filter-name>
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <param-value>https://cas.example.org:8443/cas/login</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://127.0.0.1:8080</param-value>
        </init-param>
    </filter>

    <filter>
        <filter-name>CAS Validation Filter</filter-name>
        <filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>https://cas.example.org:8443/cas</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://127.0.0.1:8080</param-value>
        </init-param>
        <init-param>
            <param-name>redirectAfterValidation</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>useSession</param-name>
            <param-value>true</param-value>
        </init-param>
        <!--
        <init-param>
            <param-name>acceptAnyProxy</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>proxyReceptorUrl</param-name>
            <param-value>/sample/proxyUrl</param-value>
        </init-param>
        <init-param>
            <param-name>proxyCallbackUrl</param-name>
            <param-value>https://mmoayyed.unicon.net:9443/sample/proxyUrl</param-value>
        </init-param>
        -->
        <init-param>
            <param-name>authn_method</param-name>
            <param-value>mfa-duo</param-value>
        </init-param>
    </filter>

    <filter>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>CAS Validation Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>CAS Authentication Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <welcome-file-list>
        <welcome-file>
            index.jsp
        </welcome-file>
    </welcome-file-list>
</web-app>

·5. cas-client-demo编写获取cas当前登录信息的帐号名

新增文件D:casoverlayapache-tomcat-8.5.31webappscas-client-demoindex.jsp

内容如下

<html>
<body>
Hello World,<%=request.getRemoteUser()%>!
<HR>
<a href="https://cas.example.org:8443/cas/logout">Logout</a>
</body>
</html> 

`6. 至此我们的cas客户端的代码已经编写好了

不过，

由于CAS认证是通过web servcie方式调用cas服务端的，

cas服务端的SSL证书是我们本地生成，

直接调用cas的web接口会出现报错，

需要将证书导入到客户端。

具体导入客户端的步骤，我后面会写新的文章。

·7. 重新启动tomcat，访问 cas-client-demo

https://127.0.0.1:8443/cas-client-demo/index.jsp

系统会自动跳转到登录页面

-8. 输入帐号名密码

admin/123456

大功告成！

参考文档

---

1. CAS中文文档站点#各种语言开发的系统接入支持