一、使用pac4j插件
https://apereo.github.io/cas/6.0.x/protocol/REST-Protocol.html
官網鏈接cas restclient
二、cas server端下載依賴
三、使用客戶端測試連接
private final static String CAS_LOGIN_URL = "https://mmoayyed.unicon.net:8433/cas";
// private final static String CAS_LOGIN_URL = "https://mmoayyed.unicon.net:8433/cas/v1/tickets/login";
private final static String APP_URL = "http://app1.cas.com:9001/hello/index";
private final static String serviceUrl = "http://app1.cas.com:9001";
@PostMapping(value="/hello/restLogin")
public void restLogin(HttpServletRequest request, HttpServletResponse response) {
final CasConfiguration casConfiguration = new CasConfiguration(CAS_LOGIN_URL);
casConfiguration.setRestUrl("https://mmoayyed.unicon.net:8433/cas/v1/tickets/login");
CasRestFormClient client = new CasRestFormClient();
client.setConfiguration(casConfiguration);
System.out.println("界面提交執行");
WebContext webContext = new J2EContext(request, response);
try {
UsernamePasswordCredentials credentials = client.getCredentials(webContext);
String userName = credentials.getUsername();
System.out.println(userName);
CasRestProfile profile = client.getUserProfile(credentials, webContext);
String tgc = profile.getTicketGrantingTicketId();
String redirectUrl=CAS_LOGIN_URL+"?service="+APP_URL+"&tgc="+tgc;
final TokenCredentials casCredentials = client.requestServiceTicket(serviceUrl, profile, webContext);
// validate service ticket
final CasProfile casProfile = client.validateServiceTicket(serviceUrl, casCredentials, webContext);
response.sendRedirect("http://app1.cas.com:9001/hello/restLogin");
} catch (HttpAction | IOException e) {
// } catch (HttpAction e) {
e.printStackTrace();
}
}
//使用cas restclient測試連接的打印日志
2019-01-23 09:22:11,460 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: 111 WHAT: Supplied credentials: [UsernamePasswordCredential(username=111, source=null)] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Wed Jan 23 09:22:11 CST 2019 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2019-01-23 09:22:11,555 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: 111 WHAT: TGT-1-*****fX-X6f4JWUoDESKTOP-NEPM8G8 ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Wed Jan 23 09:22:11 CST 2019 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2019-01-23 09:22:11,591 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: 111 WHAT: [status=201-CREATED,location=https://mmoayyed.unicon.net:8433/cas/v1/tickets/login/TGT-1-*****fX-X6f4JWUoDESKTOP-NEPM8G8] ACTION: REST_API_TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Wed Jan 23 09:22:11 CST 2019 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2019-01-23 09:22:11,756 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: 111 WHAT: [result=Service Access Granted,service=http://app1.cas.com:9001,requiredAttributes={}] ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED APPLICATION: CAS WHEN: Wed Jan 23 09:22:11 CST 2019 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2019-01-23 09:22:11,776 INFO [org.apereo.cas.DefaultCentralAuthenticationService] - <Granted ticket [ST-1-8LGjogmk3cmoiMVgC6nlsbmUslMDESKTOP-NEPM8G8] for service [http://app1.cas.com:9001] and principal [111]> 2019-01-23 09:22:11,778 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: 111 WHAT: ST-1-8LGjogmk3cmoiMVgC6nlsbmUslMDESKTOP-NEPM8G8 for http://app1.cas.com:9001 ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Wed Jan 23 09:22:11 CST 2019 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2019-01-23 09:22:11,779 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: 111 WHAT: [status=200-OK,body=ST-1-8LGjogmk3cmoiMVgC6nlsbmUslMDESKTOP-NEPM8G8] ACTION: REST_API_SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Wed Jan 23 09:22:11 CST 2019 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2019-01-23 09:22:11,868 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: [result=Service Access Granted,service=http://app1.cas.com:9001,principal=SimplePrincipal(id=111, attributes={}),requiredAttributes={}] ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED APPLICATION: CAS WHEN: Wed Jan 23 09:22:11 CST 2019 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2019-01-23 09:22:11,874 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: 111 WHAT: ST-1-8LGjogmk3cmoiMVgC6nlsbmUslMDESKTOP-NEPM8G8 ACTION: SERVICE_TICKET_VALIDATE_SUCCESS APPLICATION: CAS WHEN: Wed Jan 23 09:22:11 CST 2019 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 =============================================================
這時:出現的問題是使用cas restclient進行測試,雖然顯示時st認證成功,但是在cas server的登陸頁依舊沒有顯示成功,而沒有使用cas restclient接口的時候,cas client在st認證成功的情況下,cas server的登陸頁顯示的就是登陸成功的界面
對此分析借鑒的原因是:要是由於業務系統使用自己的登陸頁面登陸后,沒有在CAS的域下寫入TGC的Cookie值