我目前使用的cas的是5.2.0版本,此方法可能使用所有cas 5.X的版本。
单点退出的原理相信都知道了,cas服务端会向所有已经在cas服务端中已经注册的客户端发出销毁这些客户端的Session的请求。可是在使用过程中发现seesion并没有销毁,发出的单点退出请求并没有生效。客户端还是处于登录状态。开始解决的方案是先向客户端发出请求,客户端手动销毁seesion后再向cas服务端发送退出请求,这种方法在客户端较少的情况下还可以,但是客户端一旦多起来,可能会出问题。
所以急需另一种解决方案。后来有人说可能是nginx代理的问题,我们试了下不走nginx代理,终于松了一口气,因为完全没效果。后来看到一位大佬的单点退出源码分析:https://blog.csdn.net/gdsgdh308227363/article/details/80446168。
我试着去debug了下源码,发现在获取所有已经登录的客户端的地址,然后会判断这些地址是否有效,如果注册的地址为域名的类型会直接跳过,即我们在客户端配置cas的时候要把域名换成ip地址。就是比如你项目开发阶段访问时localhost,但是在配置cas是不能写localhost要替换成127.0.0.1。如下图所示
顺便附带个cas客户端的配置
package springtest.config;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.AssertionThreadLocalFilter;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
@Configuration
public class CasConfigure {
/**
* 用于实现单点登出功能
*/
@Bean
public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() {
ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listener = new ServletListenerRegistrationBean<SingleSignOutHttpSessionListener>();
listener.setEnabled(true);
listener.setListener(new SingleSignOutHttpSessionListener());
listener.setOrder(1);
return listener;
}
@Bean
public FilterRegistrationBean<SingleSignOutFilter> logOutFilter() {
FilterRegistrationBean<SingleSignOutFilter> authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new SingleSignOutFilter());
authenticationFilter.setEnabled(true);
Map<String, String> initParameters = new HashMap<String, String>();
initParameters.put("casServerUrlPrefix", "http://localhost:8080/cas/");
authenticationFilter.setInitParameters(initParameters);
authenticationFilter.addUrlPatterns("/*");
authenticationFilter.setOrder(1);
return authenticationFilter;
}
// 单点登录
@Bean
public FilterRegistrationBean authenticationFilterRegistrationBean() {
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new AuthenticationFilter());
Map<String, String> initParameters = new HashMap<String, String>();
initParameters.put("casServerLoginUrl", "http://localhost:8080/cas/login");
initParameters.put("serverName", "http://127.0.0.1:8088");//域名换成ip,不然单点退出失效
initParameters.put("ignorePattern", "/cas/*");
authenticationFilter.setInitParameters(initParameters);
authenticationFilter.setOrder(1);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 设置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
// 校验
@Bean
public FilterRegistrationBean ValidationFilterRegistrationBean() {
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
//此处cas30,用cas20获取不到cas返回的登录信息
authenticationFilter.setFilter(new Cas30ProxyReceivingTicketValidationFilter());
Map<String, String> initParameters = new HashMap<String, String>();
initParameters.put("casServerUrlPrefix", "http://localhost:8080/cas/");
initParameters.put("serverName", "http://127.0.0.1:8088");
initParameters.put("ignorePattern", "/cas/*");//不拦截的路径
authenticationFilter.setInitParameters(initParameters);
authenticationFilter.setOrder(1);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 设置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
// 取用户信息
@Bean
public FilterRegistrationBean casHttpServletRequestWrapperFilter() {
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new HttpServletRequestWrapperFilter());
authenticationFilter.setOrder(1);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 设置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
// 取用户信息
@Bean
public FilterRegistrationBean casAssertionThreadLocalFilter() {
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new AssertionThreadLocalFilter());
authenticationFilter.setOrder(1);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 设置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
}
以后有时间了我补上debug源码分析。