使用不带web.xml的Spring(Boot)配置CAS

时间:2015-12-04 16:32:52

标签: java xml spring spring-mvc cas

我正在使用Boot将WebApp从Spring 3移植到Spring 4.

下面的原始web.xml

<listener>
 <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>

<filter>
 <filter-name>CAS Authentication Filter</filter-name>
 <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
 <init-param>
    <param-name>casServerLoginUrl</param-name>
    <param-value>https://casserver/login</param-value>
 </init-param>
 <init-param>
    <param-name>serverName</param-name>
    <param-value>http://myapp</param-value>
 </init-param>
</filter>

<filter>
 <filter-name>CAS Validation Filter</filter-name>
 <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
 <init-param>
    <param-name>casServerUrlPrefix</param-name>
    <param-value>https://casserver/login</param-value>
 </init-param>
 <init-param>
    <param-name>serverName</param-name>
    <param-value>http://myapp</param-value>
 </init-param>
 <init-param>
    <param-name>encoding</param-name>
    <param-value>UTF-8</param-value>
 </init-param>
</filter>

<filter>
 <filter-name>CAS Single Sign Out Filter</filter-name>
 <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>

<filter-mapping>
 <filter-name>CAS Single Sign Out Filter</filter-name>
 <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
 <filter-name>CAS Authentication Filter</filter-name>
 <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
 <filter-name>CAS Validation Filter</filter-name>
 <url-pattern>/*</url-pattern>
</filter-mapping>

<session-config>
 <session-timeout>90</session-timeout>
</session-config>

<context-param>
 <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
 <param-value>messages</param-value>
</context-param>

我正在尝试在AppConfic类中注册所有过滤器,监听器和映射(下面并没有完成,因为它已经无法正常工作......)

@Configuration
public class MyWebApplicationInitializer implements ServletContextInitializer  {

    @Override
    public void onStartup(ServletContext servletContext) {
        servletContext.addListener(new SingleSignOutHttpSessionListener());

        Cas20ProxyReceivingTicketValidationFilter cas20 = new Cas20ProxyReceivingTicketValidationFilter();
        cas20.setServerName("http://myapp");

        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        authenticationFilter.setCasServerLoginUrl("https://casserver");
        authenticationFilter.setServerName("http://myapp");

        servletContext.addFilter("CAS Authentication Filter", authenticationFilter);
        servletContext.addFilter("CAS Validation Filter", cas20);
        servletContext.addFilter("CAS Single Sign Out Filter", new SingleSignOutFilter());
    }
}

1 / CAS20实例化问题

我无法定义cas20 casServerUrlPrefix ......没有setter?!

2 / AuthenticationFilter问题

即使定义了serverName,在启动期间也会发生以下错误:

java.lang.IllegalArgumentException: serverName or service must be set.
    at org.jasig.cas.client.util.CommonUtils.assertTrue(CommonUtils.java:116) ~[cas-client-core-3.2.1.jar:3.2.1]
    at org.jasig.cas.client.util.AbstractCasFilter.init(AbstractCasFilter.java:103) ~[cas-client-core-3.2.1.jar:3.2.1]
    at org.jasig.cas.client.authentication.AuthenticationFilter.init(AuthenticationFilter.java:96) ~[cas-client-core-3.2.1.jar:3.2.1]
    at org.jasig.cas.client.util.AbstractCasFilter.init(AbstractCasFilter.java:84) ~[cas-client-core-3.2.1.jar:3.2.1]
    at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:279) ~[tomcat-embed-core-8.0.28.jar:8.0.28]
    at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:109) ~[tomcat-embed-core-8.0.28.jar:8.0.28]

是否可以在ServletContextInitializer中定义这种过滤器?我是否必须加载xml(dispatcher-servlet.xml之类的?)

1 个答案:

答案 0 :(得分:6)

我强烈建议您阅读Servlet 3.0 spec,以及如果您知道自己在做什么,那么如何将web.xml移植得非常好。您只需要在注册时指定init参数。

<filter>
 <filter-name>CAS Validation Filter</filter-name>
 <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
 <init-param>
    <param-name>casServerUrlPrefix</param-name>
    <param-value>https://casserver/login</param-value>
 </init-param>
 <init-param>
    <param-name>serverName</param-name>
    <param-value>http://myapp</param-value>
 </init-param>
 <init-param>
    <param-name>encoding</param-name>
    <param-value>UTF-8</param-value>
 </init-param>
</filter>

用这个

<filter-mapping>
 <filter-name>CAS Validation Filter</filter-name>
 <url-pattern>/*</url-pattern>
</filter-mapping>

在Java中大致使用WebApplicationInitializer

@Configuration
public class MyWebApplicationInitializer implements ServletContextInitializer  {

    @Override
    public void onStartup(ServletContext sc) {
        FilterRegistration.Dynamic cas20Registration = sc.addFilter("CAS Validation Filter", Cas20ProxyReceivingTicketValidationFilter.class);
        cas20Registration.setInitParameter("casServerUrlPrefix casServerUrlPrefix", "https://casserver/login");
        cas20Registration.setInitParameter("serverName", "http://myapp");
        cas20Registration.setInitParameter("encoding", "UTF-8");
        cas20Registration.addMappingForUrlPatterns(null, false, "/*");
    }
}

以上是xml与java的一对一翻译。哪个应该可以让您了解其他过滤器。

但是,您使用Spring Boot会更容易。只需创建一个@Bean方法,为所需的过滤器返回FilterRegistrationBean。另请参阅Spring Boot Reference Guide中的相应section

@Bean
public FilterRegistrationBean cas20Registration() {
    FilterRegistrationBean cas20 = new FilterRegistrationBean();
    cas20.setFilter(new Cas20ProxyReceivingTicketValidationFilter());
    cas20.addUrlPatterns("/*");
    cas20.addInitParameter("casServerUrlPrefix casServerUrlPrefix", "https://casserver/login");
    cas20.addInitParameter("serverName", "http://myapp");
    cas20.addInitParameter("encoding", "UTF-8");        
    return cas20;
}

您可以对其他过滤器,侦听器和所需组件执行相同操作。

但是有一件事你不能用基于java的配置来设置会话超时值。但是,您只需将其移至application.properties并添加server.session.timeout属性即可。您将需要使用60多个值,因为在web.xml中它是几分钟,在属性文件中它应该是以秒为单位。

server.session.timeout=5400 # 90 minutes