cas不能实现首次跨系统免登陆
0
悬赏园豆:10
[已关闭问题]
关闭于 2015-03-20 16:41
我访问A系统,重定向到cas服务器登陆,登陆成功后跳转回A系统,此时我又访问B系统,还是重定向到cas服务器登陆,再次登陆成功后,就可以A系统与B系统来回切换而不需要重定向到cas服务器了,这是为什么? 有什么解决办法?
问题补充:
实质上只实现了A系统与CAS 服务器通信,B系统与CAS服务器通信,而没有实现A、CAS、B三者之间的通信。
这是我客户端的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>MySpring</display-name>
<!--proxool-config -->
<servlet>
<servlet-name>ServletConfigurator</servlet-name>
<servlet-class>org.logicalcobwebs.proxool.configuration.ServletConfigurator</servlet-class>
<init-param>
<param-name>propertyFile</param-name>
<param-value>${confPath}/j1-center/jdbc.properties</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>ProxoolAdmin</servlet-name>
<servlet-class>org.logicalcobwebs.proxool.admin.servlet.AdminServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ProxoolAdmin</servlet-name>
<url-pattern>/proxool/admin</url-pattern>
</servlet-mapping>
<!-- log4j -->
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>${confPath}/j1-center/log4j.properties</param-value>
</context-param>
<listener>
<listener-class>com.huayuan.log4j.config.MyLog4jConfigurer</listener-class>
</listener>
<!-- 启动时加载SpringContextServlet -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:config/application-context-*.xml</param-value>
</context-param>
<!-- Spring AOP获取request -->
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<!--SpringMVC-->
<servlet>
<servlet-name>SpringMVC</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<!--SpringMVC-->
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:config/spring-mvc.xml</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>SpringMVC</servlet-name>
<url-pattern>/page/*</url-pattern>
</servlet-mapping>
<!--XFire -->
<servlet>
<servlet-name>XFire</servlet-name>
<servlet-class>org.codehaus.xfire.spring.XFireSpringServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>XFire</servlet-name>
<url-pattern>/services/*</url-pattern>
</servlet-mapping>
<!-- Spring过滤中文字符集 -->
<filter>
<filter-name>EncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>EncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- URL-Access过滤器 -->
<!-- <filter>
<filter-name>doFilter</filter-name>
<filter-class>com.founder.ec.common.filter.AccessFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>doFilter</filter-name>
<url-pattern>/page/*</url-pattern>所有访问的URL都会先经过过滤器
</filter-mapping>
<filter-mapping>
<filter-name>doFilter</filter-name>
<url-pattern>*.jsp</url-pattern>所有访问的URL都会先经过过滤器
</filter-mapping> -->
<!-- Session & Listener -->
<session-config>
<session-timeout>120</session-timeout><!--时间单位:分钟 -->
</session-config>
<listener>
<listener-class>com.founder.ec.common.listener.MySessionListener</listener-class>
</listener>
<listener>
<listener-class>com.founder.ec.common.listener.MySessionAttributeListener</listener-class>
</listener>
<!-- errors -->
<error-page>
<error-code>404</error-code>
<location>/error/404.jsp</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/error/500.jsp</location>
</error-page>
<welcome-file-list>
<!-- <welcome-file>login.jsp</welcome-file>
<welcome-file>index.html</welcome-file> -->
<welcome-file>/jsp/index.jsp</welcome-file>
</welcome-file-list>
<!-- ======================== 单点登陆开始 ======================== -->
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置 -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- 该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责用户的认证工作,必须启用它 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<!-- <filter-class>com.founder.ec.common.filter.CASFilter</filter-class> -->
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://localhost:8080/j1-cas/login</param-value><!-- cas 服务器登录 地址 http://IP:PORT/CasWebProName/login -->
</init-param>
<init-param>
<!-- 这里的server是服务端的IP -->
<param-name>serverName</param-name>
<param-value>http://localhost:8090/</param-value><!-- 客户端服务器地址 http://IP:PORT -->
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://localhost:8080/j1-cas/</param-value><!-- cas 服务器地址 http://IP:PORT/CasWebProName -->
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8090/</param-value><!-- 客户端服务器地址 http://IP:PORT -->
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责实现HttpServletRequest请求的包裹, 比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。 -->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 比如AssertionHolder.getAssertion().getPrincipal().getName()。 -->
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- ======================== 单点登录结束 ======================== -->
</web-app>
我的CAS服务端没有做任何处理!
所有回答(1)
0
CAS 默认是走https的,如果你想实现单点登录就得配https,不想走https也行,CAS服务端改下,禁止https就行了,不知道你用的是哪个版本,我就的是cas-4.2.0-RC1,改cas.properties的,tgc.secure=false就行了,如果用其他版本话,网上搜下,好像记得是改ticketGrantingTicketCookieGenerator.xml下的ticketGrantingTicketCookieGenerator的p:cookieSecure="false"就搞定了。
