最近,一个应用华丹WEB报表平台作为数据分析平台的客户,新近开发了一个新的门户,要求华丹WEB报表平台作为CAS客户端,可以同时单点登录到两个不同门户(CAS服务端)。
以前华丹WEB报表已作为CAS客户端单点登录到一门户服务器上,现在需要同时单点登录到两个门户中,即要求一个CAS客户端对接两个CAS服务器。
因新门户并不是通过菜单链接集成式的调用,而是通过一个按钮入口直接调用整个数据分析平台,基于这种情况研究解决方案如下:
1、对接原门户的方案不变。增加一个登录验证入口(即一个jsp文件,login_casnew.jsp),去对接新的门户,验证成功后,注册登录成功后的session信息,展现数据分析平台。
2、修改web.xml文件,增加一Authentication Filter及Validation Filter,形如:
<!-- 原cas过滤器 -->
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<!--此处配置cas服务器端的登录地址 -->
<param-value>http://192.168.1.101/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<!-- 此处配置客户端地址(即项目访问地址)<第三方系统> -->
<param-value>http://192.168.1.111</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/login.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/login_cas.jsp</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<!--此处配置cas服务器端的登录地址 -->
<param-value>http://192.168.1.101/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<!-- 此处配置客户端地址(即项目访问地址)<第三方系统> -->
<param-value>http://192.168.1.111</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/login.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/login_cas.jsp</url-pattern>
</filter-mapping>
<!-- 新服务器配置,cas过滤器 -->
<filter>
<filter-name>CAS Authentication Filter New</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<!--此处配置cas服务器端的登录地址 -->
<param-value>http://192.168.1.10/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<!-- 此处配置客户端地址(即项目访问地址)<第三方系统> -->
<param-value>http://192.168.1.111</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter New</filter-name>
<url-pattern>/login_casnew.jsp</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Validation Filter New</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<!--此处配置cas服务器端的登录地址 -->
<param-value>http://192.168.1.10/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<!-- 此处配置客户端地址(即项目访问地址)<第三方系统> -->
<param-value>http://192.168.1.111</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter New</filter-name>
<url-pattern>/login_casnew.jsp</url-pattern>
</filter-mapping>
通过上述方案,即可实行一个cas客户端对接两个cas服务器的目的,但这里注意的是:如果超时失效后,点击页面链接还是会主动跳转到原门户cas服务器上的。因为只有login_casnew.jsp这个入门对应新的门户cas服务器。解决这个问题可以将session超时设得长一些。比如:
<session-config>
<session-timeout>600</session-timeout>
</session-config>
附login_casnew.jsp源码:
<%@page contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@include file="/charisma/includes/jspHeader.jsp"%>
<%@page import="charisma.web.util.WebKeys"%>
<%@page import="java.util.Set"%>
<%@page import="java.util.Map"%>
<%@page import="java.util.List"%>
<%@page import="java.util.ArrayList"%>
<%@page import="org.jasig.cas.client.validation.Assertion"%>
<%@page import="org.jasig.cas.client.util.AssertionHolder" %>
<%@page import="org.jasig.cas.client.authentication.AttributePrincipal" %>
<%@page import="com.gsoft.modules.ums.service.UserMapperHessianService" %>
<%@page import="com.caucho.hessian.client.HessianProxyFactory" %>
<%@page import="charisma.web.sys.login.LoginUtil"%>
<%
String callerURL=RequestUtil.getParamValue(request,WebKeys.CALLER_URL_KEY);
if(callerURL==null)
callerURL=(String)request.getAttribute(WebKeys.CALLER_URL_KEY);
Assertion assertion =null;
try
{
assertion = AssertionHolder.getAssertion();
}
catch(Exception e)
{
System.out.println(e.getMessage());
}
if(assertion != null)
{
AttributePrincipal attributePrincipal = assertion.getPrincipal(); //获取AttributePrincipal对象,这是客户端对象
String name = attributePrincipal.getName();
String accountName=null;
String accountIdStr=request.getParameter("accountId");
Long accountId = accountIdStr!=null && !accountIdStr.equals("")?Long.valueOf(accountIdStr):null;
if(accountId!=null)
{
HessianProxyFactory factory = new HessianProxyFactory();
String url = "http://xxx/cas/workportal-war/hessian/com.gsoft.modules.ums.service.UserMapperHessianService";
UserMapperHessianService basicService = (UserMapperHessianService) factory.create(UserMapperHessianService.class, url);
String appCode = "XZGL";
accountName = basicService.getThirdUserName(name, accountId, appCode);
//拿到accountName不为空后,即视为登录成功,为该用户创建会话
}
else
accountName=name;
String innerUserID=accountName;
if(innerUserID!=null && !innerUserID.equals(""))
{
LoginUtil.loginSuccess(request,response,innerUserID,"casLogin",true);
response.sendRedirect("index.jsp");
}
else
response.sendRedirect("login.jsp");
}
%>