本质都是干掉session
1 浏览器发起全站登出,各个系统承接logout请求
2 CAS server发起登出,带着JSESSIOnID(用户的sticky),各系统销毁session
3 发布订阅模式
---------------------------------------
CAS server的这种
<filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
/* * Copyright 2007 The JA-SIG Collaborative. All rights reserved. See license * distributed with this file and available online at * http://www.ja-sig.org/products/cas/overview/license/index.html */ package org.jasig.cas.client.session; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.jasig.cas.client.util.AbstractConfigurationFilter; import org.jasig.cas.client.util.CommonUtils; import org.jasig.cas.client.util.XmlUtils; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import java.io.IOException; /** * Implements the Single Sign Out protocol. It handles registering the session and destroying the session. * * @author Scott Battaglia * @version $Revision$ $Date$ * @since 3.1 */ public final class SingleSignOutFilter extends AbstractConfigurationFilter { /** * The name of the artifact parameter. This is used to capture the session identifier. */ private String artifactParameterName = "ticket"; private static SessionMappingStorage SESSION_MAPPING_STORAGE = new HashMapBackedSessionMappingStorage(); private static Log log = LogFactory.getLog(SingleSignOutFilter.class); public void init(final FilterConfig filterConfig) throws ServletException { if (!isIgnoreInitConfiguration()) { setArtifactParameterName(getPropertyFromInitParams(filterConfig, "artifactParameterName", "ticket")); } init(); } public void init() { CommonUtils.assertNotNull(this.artifactParameterName, "artifactParameterName cannot be null."); CommonUtils.assertNotNull(SESSION_MAPPING_STORAGE, "sessionMappingStorage cannote be null."); } public void setArtifactParameterName(final String artifactParameterName) { this.artifactParameterName = artifactParameterName; } public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException { final HttpServletRequest request = (HttpServletRequest) servletRequest; if ("POST".equals(request.getMethod())) { final String logoutRequest = CommonUtils.safeGetParameter(request, "logoutRequest"); if (CommonUtils.isNotBlank(logoutRequest)) { if (log.isTraceEnabled()) { log.trace ("Logout request=[" + logoutRequest + "]"); } final String sessionIdentifier = XmlUtils.getTextForElement(logoutRequest, "SessionIndex"); if (CommonUtils.isNotBlank(sessionIdentifier)) { final HttpSession session = SESSION_MAPPING_STORAGE.removeSessionByMappingId(sessionIdentifier); if (session != null) { String sessionID = session.getId(); if (log.isDebugEnabled()) { log.debug ("Invalidating session [" + sessionID + "] for ST [" + sessionIdentifier + "]"); } try { session.invalidate(); } catch (final IllegalStateException e) { log.debug(e,e); } } return; } } } else { final String artifact = CommonUtils.safeGetParameter(request, this.artifactParameterName); if (CommonUtils.isNotBlank(artifact)) { final HttpSession session = request.getSession(true); if (log.isDebugEnabled()) { log.debug("Storing session identifier for " + session.getId()); } try { SESSION_MAPPING_STORAGE.removeBySessionById(session.getId()); } catch (final Exception e) { // ignore if the session is already marked as invalid. Nothing we can do! } SESSION_MAPPING_STORAGE.addSessionById(artifact, session); } else { log.debug("No Artifact Provided; no action taking place."); } } filterChain.doFilter(servletRequest, servletResponse); } public void setSessionMappingStorage(final SessionMappingStorage storage) { SESSION_MAPPING_STORAGE = storage; } public static SessionMappingStorage getSessionMappingStorage() { return SESSION_MAPPING_STORAGE; } public void destroy() { // nothing to do } }
==================
恩
10:24:38
小李 2016/7/14 10:24:38
这个不要也可以
10:36:21
天天向上 2016/7/14 10:36:21
这两种登出本质都是干掉session,一个是浏览器发起,一个是CAS直接干掉,我们现在的从use的登出,可以简化CAS的设计,本质差不多
小李 2016/7/14 10:37:15
恩 是可以,最好的方式还是cas登出, use 的退出干掉
10:43:26
天天向上 2016/7/14 10:43:26
这个CAS设计起来要略微复杂了,方案1,,cas只要管TGC就ok了,而cas直接去各个子系统登出,得把用户-应用-sessionId都给存起来,哈哈,复杂了
小李 2016/7/14 10:44:41
uc 这种退出方式我觉得有点low
10:44:55
小李 2016/7/14 10:44:55
每加一个系统,我这边就得配一个退出链接
10:47:03
天天向上 2016/7/14 10:47:03
这是因为硬编码的原因,把链接搞成可配置的,就不会存在需要改代码的问题了,类似OAUTH那样第三方登录,也都是要把app,URL都给配上
天天向上 2016/7/14 10:47:15
USER登出挺好的,CAS少干点事情好