无法从CAS

时间:2015-07-29 06:24:36

标签: java servlets single-sign-on cas

我在jboss上有一个应用程序,我想用CAS登录。在我的应用程序中,我扩展了Cas20ProxyReceivingTicketValidationFilter,我试图覆盖onSuccessfulValidation方法来做某事(我需要在我的应用程序中知道谁登录,所以我需要从CAS获取用户名),但我注意到它从未被调用,这种方法。经过一些谷歌搜索后,我发现CAS在我的servlet发出的请求中使用了AttributePrincipal,但在从CAS返回后,在doGET方法的请求中,principal为null。有人能告诉我我做错了什么吗?为什么我无法从CAS获取servlet中的用户名? 谢谢。

更新1: 所以我开始调试所有内容,当它进入时我注意到了:

public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {

票证为空(即使我在上次登录后访问该页面(因此它应该有票证))。更重要的是,我读到CAS应该在变量userPrincipal中添加一些东西,但在这个过滤器中,它是null。会话为空。我无法在任何变量中找到我在CAS中引入的用户名。为了清楚起见,我在Cas20ProxyReceivingTicketValidationFilter中调试,我认为我应该找到我的用户名。仍然希望得到一些帮助:)

更新2: 我不知道该怎么做了。如果有帮助,请点击我的servlet web.xml:

    <!DOCTYPE web-app PUBLIC
 "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
 "http://java.sun.com/dtd/web-app_2_3.dtd" >

<web-app>
    <display-name>Archetype Created Web Application</display-name>

    <!--**********Filter 1********** -->


    <filter>
        <filter-name>CAS Authentication Filter</filter-name>
        <filter-class>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <param-value>https://135.243.36.205:8443/cas/login</param-value>
        </init-param>
        <init-param>
            <param-name>service</param-name>
            <param-value>http://localhost:8080/casuser</param-value>
        </init-param>
    </filter>


    <!--**************************** -->
    <!--**********Filter 2********** -->


    <filter>
        <filter-name>CAS Validation Filter</filter-name>
        <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>https://135.243.36.205:8443/cas</param-value>
        </init-param>
        <init-param>
            <param-name>service</param-name>
            <param-value>http://localhost:8080/casuser</param-value>
        </init-param>
    </filter>


    <!--**************************** -->
    <!--**********Filter 3********** -->


    <filter>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
    </filter>


    <!--**************************** -->
    <!--**********Filter 4********** -->


    <filter>
        <filter-name>CAS Assertion Thread Local Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
    </filter>


    <!--**************************** -->


    <filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>CAS Authentication Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>CAS Validation Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>CAS Assertion Thread Local Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>


    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Java CAS Client Test Application</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>



    <servlet>
        <servlet-name>cas</servlet-name>
        <servlet-class>soo.cas.Index</servlet-class>
        <!--<init-param> <param-name>keystoreFile</param-name> <param-value>lib/security/GiaKeystore.jks</param-value> 
            </init-param> <init-param> <param-name>keystorePassword</param-name> <param-value>The.GIA.Keystore.Password</param-value> 
            </init-param> <init-param> <param-name>privateKeyAlias</param-name> <param-value>giakey</param-value> 
            </init-param> <init-param> <param-name>privateKeyPassword</param-name> <param-value>The.GIA.Private.Key.Password</param-value> 
            </init-param> <init-param> <param-name>cookiePath</param-name> <param-value>/</param-value> 
            </init-param> <init-param> <param-name>cookieDomain</param-name> <param-value></param-value> 
            </init-param> <init-param> <param-name>cookieDurationInSeconds</param-name> 
            <param-value>3600</param-value> </init-param> -->
        <init-param>
            <param-name>encodeServletRedirect</param-name>
            <param-value>false</param-value>
        </init-param>
    </servlet>

    <servlet-mapping>
        <servlet-name>cas</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
</web-app>

这是我的Index.java:

package soo.cas;
import java.io.*;
import java.security.GeneralSecurityException;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
import org.apache.log4j.Logger;
import soo.util.*;

public class Index extends HttpServlet{
private Ticket myTicket = new Ticket();

public void doPost(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException
        {
    String username = request.getRemoteUser();
    PrintWriter out = response.getWriter();
    out.println("Test\n");
    out.println(username);
        }

    public void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException
    {
        String username = request.getRemoteUser();
        PrintWriter out = response.getWriter();
        out.println("Test\n");
        out.println(username);
    }
}

Principal为null,ticket为null,request.getRemoteUser()为null ... 拜托,有人可以帮助我吗?

这可能是因为我的CAS服务器中有一些配置吗?或者因为我使用CAS协议进行验证? 另外,这可能是因为它总是在我的servlet中使用doGET方法而且我读到验证过滤器应该调用doPOST方法......?

1 个答案:

答案 0 :(得分:1)

您的过滤器混合了两种协议...... SAML 1.1&amp; CAS 2.0。身份验证过滤器和验证过滤器成对出现。让它们保持一致:

CAS协议

org.jasig.cas.client.authentication.AuthenticationFilterorg.jasig.cas.client.validation.Cas10TicketValidationFilter(或org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter

SAML协议

  

如果需要用户属性,请使用

org.jasig.cas.client.authentication.Saml11AuthenticationFilterorg.jasig.cas.client.validation.Saml11TicketValidationFilter

请参阅https://wiki.jasig.org/display/CASC/Configuring+the+Jasig+CAS+Client+for+Java+in+the+web.xml

上的过滤器详细信息