分類  >  Web前端 >

CAS SSO敵手機應用支持的一種思路

tags:    時間:2013-12-10 01:19:05
CAS SSO對手機應用支持的一種思路
我們知道,CAS SSO是一種WEB SSO,對針對WEB應用的單點登錄解決方案。隨著移動互聯網應用崛起,通常應用群不僅包括WEB應用,常常也包含手機原生應用、桌面應用等C/S架構應用。如何讓這些應用也納入CAS認證伺服器的管轄範圍,統一認證、統一調度,是我們需要解決的問題。

手機和桌面應用訪問CAS,我們不能直接使用CAS提供的web api。不過CAS提供了一個插件,叫CAS Restlet Integration,該插件提供了CAS API的Restful介面,這個介面可以被程序級調用,這樣就給我們手機應用認證帶來一種思路。首先,手機應用可以程序方式CAS認證伺服器,獲得TGT和ST,然後訪問配置好CAS Client的應用Server,Server與CAS進行通信驗證ST的有效性,如果有效即登錄成功。登出處理比較簡單,直接訪問CAS API刪除TGT即可,CAS會通知刪除所有登錄過應用的登錄信息。

 

對 CAS Server,我們要安裝Restlet Integration插件,

以CAS Server 3.4.5為例(CAS Server的基本配置參見 CAS Server 部署基本步驟),首先下載CAS Restlet Integration插件包及其依賴包(http://mvnrepository.com/artifact/org.jasig.cas/cas-server-integration-restlet/3.4.5),所需包名列表如下:

cas-server-integration-restlet-3.4.5.jar
cglib-nodep-2.1_3.jar
com.noelios.restlet.ext.servlet-1.1.1.jar
com.noelios.restlet.ext.spring-1.1.1.jar
com.noelios.restlet-1.1.1.jar
org.restlet.ext.spring-1.1.1.jar
org.restlet-1.1.1.jar

然後在web.xml中加入:

 

	<!--   for restful api --> 	 	<servlet>     	<servlet-name>restlet</servlet-name>     	<servlet-class>com.noelios.restlet.ext.spring.RestletFrameworkServlet</servlet-class>     	<load-on-startup>1</load-on-startup> 	</servlet>   	<servlet-mapping>     	<servlet-name>restlet</servlet-name>     	<url-pattern>/v1/*</url-pattern> 	</servlet-mapping> 


 程序獲取TGT,ST和Logout,我們可以參考官方的例子:

                    

	/*   獲取tgt和st的API介面是 /v1/tickets */ 	private String getTicketGrantingTicket(final String server,final String username, final String password) { 		final HttpClient client = new HttpClient(); 		final PostMethod post = new PostMethod(server); 		post.setRequestBody(new NameValuePair[] { 				new NameValuePair("username", username), 				new NameValuePair("password", password) }); 		try { 			client.executeMethod(post); 			final String response = post.getResponseBodyAsString(); 			switch (post.getStatusCode()) { 				case 200: 					return response; 				default: 					break; 			} 		} catch (Exception e) { 					                   } finally { 			post.releaseConnection(); 		} 		return null; 	}  	@SuppressWarnings("unchecked") 	private String getServiceTicket(final String server,final String ticketGrantingTicket, final String service) { 		if (ticketGrantingTicket == null) return null; 		final HttpClient client = new HttpClient(); 		final PostMethod post = new PostMethod(server + "/"+ ticketGrantingTicket); 		post.setRequestBody(new NameValuePair[] { new NameValuePair("service",service) }); 		try { 			client.executeMethod(post); 			final String response = post.getResponseBodyAsString(); 			switch (post.getStatusCode()) { 				case 200:  					return response; 				default: 					break; 			} 		} catch (Exception e) { 			 		} finally { 			post.releaseConnection(); 		} 		return null; 	} 	

 

	/*   刪除tgt的API介面是 /v1/tickets/<tgt> ,delete方法 */  	public String logout(String tgt) { 		 		String result = "success";				 		final HttpClient client = new HttpClient();         		final DeleteMethod delete = new DeleteMethod(server + "/" + tgt);         		try {          			client.executeMethod(delete);              		final String response = delete.getResponseBodyAsString();             		switch (delete.getStatusCode()) {                 			case 200:                  	                  		break;                  			default:                  	                   	result = "error"; 					break;              		}          		} catch (IOException e) {          	        		result = "error";  		}finally{              		delete.releaseConnection();         		}          		return result; 	}


 

 

推薦閱讀文章

Bookmark the permalink ,來源:互聯網