CAS RESTful API 开发文档

来源：互联网发布：photo shop mac破解版编辑：程序博客网时间：2024/04/30 13:44

版本

日期

修改人

描述

1.0.0

2010-06-05

yinchong

创建文档

2010-06-07

yinchong

增加客户端开发配置

1.下载.... 2

2. 安装server. 2

3. 配置server. 2

3.1. 添加cas server依赖的jar. 2

3.2. 添加数据源... 3

3.3. 配置MD5加密bean. 3

3.4. 添加cas服务的验证... 3

3.5. 取消https验证... 4

3.6. 中文登录... 5

3.7. 配置restlet. 5

3.8. 配置session有效时间... 6

4. 客户端开发/配置.... 6

4.1. 下载客户端依赖jar. 6

4.2. RESTful示例... 6

1. 下载

server地址：http://www.jasig.org/cas/download

client地址：http://www.ja-sig.org/downloads/cas-clients/

当前最新版本cas-server-3.4.2，cas-client-3.1.10

2. 安装server

l 解压cas-server-3.4.2，将cas-server-3.4.2/modules/cas-server-webapp-3.4.2.war拷贝到tomcat的webapps下。

3. 配置server

3.1. 添加cas server依赖的jar

n cas-server-3.4.2/modules/cas-server-support-jdbc-3.4.2.jar 、cas-server-integration-restlet-3.4.2.jar拷贝到D:/server/apache-tomcat-6.0.18/webapps/cas/WEB-INF/lib目录下。

n 数据库驱动jar拷贝到D:/server/apache-tomcat-6.0.18/webapps/cas/WEB-INF/lib目录下。

n 到apache网站下载下面三个cas server 依赖jar包拷贝到

D:/server/apache-tomcat-6.0.18/webapps/cas/WEB-INF/lib目录下

Ø http://apache.freelamp.com/commons/collections/binaries/commons-collections-3.2.1-bin.zip

Ø http://apache.etoak.com/commons/dbcp/binaries/commons-dbcp-1.4-bin.zip

Ø http://apache.etoak.com/commons/pool/binaries/commons-pool-1.5.4-bin.zip

n 下载restlet相关 http://www.restlet.org/downloads/,解压后将下面jar拷贝到D:/server/apache-tomcat-6.0.18/webapps/cas/WEB-INF/lib:(它奶奶地这一步骤很折腾)

com.noelios.restlet.ext.servlet_2.5.jar

com.noelios.restlet.ext.spring_2.5.jar

com.noelios.restlet.jar

org.restlet.ext.spring_2.5.jar

org.restlet.jar

n 下载CGlib http://sourceforge.net/projects/cglib/files/拷贝到D:/server/apache-tomcat-6.0.18/webapps/cas/WEB-INF/lib。

n 下载 ASM/OW2 http://forge.ow2.org/projects/asm/拷贝到D:/server/apache-tomcat-6.0.18/webapps/cas/WEB-INF/lib。

3.2. 添加数据源

将下面代码复制到D:/server/apache-tomcat-6.0.18/webapps/cas/WEB-INF/deployerConfigContext.xml配置文件的beans节点里面：

<value>com.mysql.jdbc.Driver</value>

</property>

<value>jdbc:mysql://192.168.1.22:3306/databaseName?useUnicode=true&useServerPrepStmts=false&characterEncoding=UTF-8&autoReconnect=true</value>

</property>

</property>

</property>

</bean>

3.3. 配置MD5加密bean

将下面代码复制到D:/server/apache-tomcat-6.0.18/webapps/cas/WEB-INF/deployerConfigContext.xml配置文件的beans节点里面：

<constructor-arg value="MD5"/>

</bean>

3.4. 添加cas服务的验证

D:/server/apache-tomcat-6.0.18/webapps/cas/WEB-INF/deployerConfigContext.xml配置文件找到下面代码：

替换为下面代码：

</bean>

3.5. 取消https验证

打开D:/server/apache-tomcat-6.0.18/webapps/cas/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml配置文件，将p:cookieSecure="true" 改为p:cookieSecure="false"，改完后如下：

<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"

p:cookieSecure="false"

p:cookieMaxAge="-1"

p:cookieName="CASTGC"

p:cookiePath="/cas" />

打开D:/server/apache-tomcat-6.0.18/webapps/cas/WEB-INF/spring-configuration/warnCookieGenerator.xml配置文件，将p:cookieSecure="true" 改为p:cookieSecure="false"，改完后如下：

<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"

p:cookieSecure="false"

p:cookieMaxAge="-1"

p:cookieName="CASTGC"

p:cookiePath="/cas" />

打开D:/server/apache-tomcat-6.0.18/webapps/cas/WEB-INF/deployerConfigContext.xml配置文件，找到HttpBasedServiceCredentialsAuthenticationHandler增加p:requireSecure="false"，改完后如下：

<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"

p:httpClient-ref="httpClient" p:requireSecure="false"/>

3.6. 中文登录

打开D:/server/apache-tomcat-6.0.18/webapps/cas/WEB-INF/web.xml，增加下面蓝色部分代码：

<context-param>

<param-name>contextConfigLocation</param-name>

<param-value>

/WEB-INF/spring-configuration/*.xml

/WEB-INF/deployerConfigContext.xml

</param-value>

</context-param>

<filter-name>encoding-filter</filter-name>

<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>

<init-param>

<param-name>encoding</param-name>

<param-value>UTF-8</param-value>

</init-param>

</filter>

<filter-mapping>

<filter-name>encoding-filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

这个时候启动tomcat，cas可以和你配置的数据库进行交互。

http://localhost:8080/cas输入配置数据库中的tblUser表中的用户名密码即可以登录。

3.7. 配置restlet

打开D:/server/apache-tomcat-6.0.18/webapps/cas/WEB-INF/web.xml文件，添加下面servlet：

<servlet-name>restlet</servlet-name>

<servlet-class>com.noelios.restlet.ext.spring.RestletFrameworkServlet</servlet-class>

<load-on-startup>1</load-on-startup>

</servlet>

<servlet-mapping>

<servlet-name>restlet</servlet-name>

<url-pattern>/v1/*</url-pattern>

</servlet-mapping>

参考：http://jasig.275507.n4.nabble.com/Setting-up-the-RESTlet-servlet-on-CAS-3-3-5-td2068602.html

3.8. 配置session有效时间

打开配置文件D:/server/apache-tomcat-6.0.18/webapps/cas/WEB-INF/spring-configuration/ticketExpirationPolicies.xml，配置文件很简单，分别是修改serviceTicket和grantingTicket，打开一看就知道怎么改了。

4. 客户端开发/配置

RESTful API作用应该是service to service的验证，我的理解。

使用RESTful API开发非常简单，也不需要配置什么xml文件，只需要写code就可以了。

4.1. 下载客户端依赖jar

http://commons.apache.org/codec/download_codec.cgi

http://hc.apache.org/downloads.cgi

4.2. RESTful示例

参考最下面java示例：https://wiki.jasig.org/display/CASUM/RESTful+API

根据官方例子修改后如下:

/**

* Created by IntelliJ IDEA.

* User: yinchong

* Date: 2010-6-7

* Time: 14:16:14

* To change this template use File | Settings | File Templates.

* <BR>SSO验证实现类

public final class SSO {

private static final Logger LOG = Logger.getLogger(SSODaoImpl.class.getName());

/**

* http请求状态码201

private static final int HTTP_STATUS_CODE_201 = 201;

/**

* http请求状态码200

private static final int HTTP_STATUS_CODE_200 = 200;

/**

* 获取Service ticket

* @param server cas服务url

* @param ticketGrantingTicket ticket granting ticket

* @param service 被验证的服务url

* @return service ticket

public String getServiceTicket(final String server, final String ticketGrantingTicket, final String service) {

notNull(server, "server must not be null");

notNull(ticketGrantingTicket, "ticketGrantingTicket must not be null");

notNull(service, "service must not be null");

final HttpClient client = new HttpClient();

final PostMethod post = new PostMethod(server + "/" + ticketGrantingTicket);

post.setRequestBody(new NameValuePair[]{new NameValuePair("service", service)});

try {

client.executeMethod(post);

final String response = post.getResponseBodyAsString();

switch (post.getStatusCode()) {

case HTTP_STATUS_CODE_200:

return response;

default:

LOG.warning("Invalid response code (" + post.getStatusCode() + ") from CAS server!");

LOG.info("Response (1k): " + response.substring(0, Math.min(1024, response.length())));

break;

}

} catch (final IOException e) {

LOG.warning("getServiceTicket" + e);

} finally {

post.releaseConnection();

}

return null;

}

/**

* 获取ticket granting ticket

* @param server cas服务url

* @param username 验证的用户名

* @param password 验证的用户密码

* @return ticket granting ticket

public String getTicketGrantingTicket(final String server, final String username, final String password) {

notNull(server, "server must not be null");

notNull(username, "username must not be null");

notNull(password, "password must not be null");

final HttpClient client = new HttpClient();

final PostMethod post = new PostMethod(server);

post.setRequestBody(new NameValuePair[]{

new NameValuePair("username", username),

new NameValuePair("password", password)});

try {

client.executeMethod(post);

final String response = post.getResponseBodyAsString();

switch (post.getStatusCode()) {

case HTTP_STATUS_CODE_201: {

final Matcher matcher = Pattern.compile(".*action=/".*/(.*?)/".*").matcher(response);

if (matcher.matches()) {

return matcher.group(1);

}

LOG.warning("Successful ticket granting request, but no ticket found!");

LOG.info("Response (1k): " + response.substring(0, Math.min(1024, response.length())));

break;

}

default:

LOG.warning("Invalid response code (" + post.getStatusCode() + ") from CAS server!");

LOG.info("Response (1k): " + response.substring(0, Math.min(1024, response.length())));

break;

}

} catch (final IOException e) {

LOG.warning("getTicketGrantingTicket:" + e);

} finally {

post.releaseConnection();

}

return null;

}

/**

* 删除cas服务中制定ticket granting ticket,也就是logout.

* @param server cas服务url

* @param ticket ticket granting ticket

public void deleteTicket(String server, String ticket) {

notNull(server, "server must not be null");

notNull(ticket, "username must not be null");

final HttpClient client = new HttpClient();

final DeleteMethod delete = new DeleteMethod(server + "/" + ticket);

try {

client.executeMethod(delete);

final String response = delete.getResponseBodyAsString();

switch (delete.getStatusCode()) {

case HTTP_STATUS_CODE_200:

LOG.info("Successful delete ticket granting ticket.");

break;

default:

LOG.warning("Invalid response code (" + delete.getStatusCode() + ") from CAS server!");

LOG.info("Response (1k): " + response.substring(0, Math.min(1024, response.length())));

break;

}

} catch (final IOException e) {

LOG.info("deleteTicket:" + e);

} finally {

delete.releaseConnection();

}

/**

* 参数验证方法，保证参数不为null

* @param object 需要验证的参数

* @param message 验证的异常信息

private static void notNull(final Object object, final String message) {

if (object == null) {

throw new IllegalArgumentException(message);

}