cas 5.2.0单点退出失效的解决方法

2022年6月21日 627次阅读 来源: 凋叶丶棕

我目前使用的cas的是5.2.0版本,此方法可能使用所有cas 5.X的版本。
单点退出的原理相信都知道了,cas服务端会向所有已经在cas服务端中已经注册的客户端发出销毁这些客户端的Session的请求。可是在使用过程中发现seesion并没有销毁,发出的单点退出请求并没有生效。客户端还是处于登录状态。开始解决的方案是先向客户端发出请求,客户端手动销毁seesion后再向cas服务端发送退出请求,这种方法在客户端较少的情况下还可以,但是客户端一旦多起来,可能会出问题。
所以急需另一种解决方案。后来有人说可能是nginx代理的问题,我们试了下不走nginx代理,终于松了一口气,因为完全没效果。后来看到一位大佬的单点退出源码分析:https://blog.csdn.net/gdsgdh308227363/article/details/80446168。
我试着去debug了下源码,发现在获取所有已经登录的客户端的地址,然后会判断这些地址是否有效,如果注册的地址为localhost会直接跳过,但可以设置为ip地址或者其他域名。就是比如你项目开发阶段访问时localhost,但是在配置cas是不能写localhost要替换成127.0.0.1。如下图所示《cas 5.2.0单点退出失效的解决方法》

顺便附带个cas客户端的配置

package springtest.config;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.AssertionThreadLocalFilter;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;

@Configuration
public class CasConfigure { 
    /** * 用于实现单点登出功能 */

    @Bean
    public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() { 
        ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listener = new ServletListenerRegistrationBean<SingleSignOutHttpSessionListener>();
        listener.setEnabled(true);
        listener.setListener(new SingleSignOutHttpSessionListener());
        listener.setOrder(1);
        return listener;
    }

    @Bean
    public FilterRegistrationBean<SingleSignOutFilter> logOutFilter() { 
        FilterRegistrationBean<SingleSignOutFilter> authenticationFilter = new FilterRegistrationBean();
        authenticationFilter.setFilter(new SingleSignOutFilter());
        authenticationFilter.setEnabled(true);
        Map<String, String> initParameters = new HashMap<String, String>();
        initParameters.put("casServerUrlPrefix", "http://localhost:8080/cas/");
        authenticationFilter.setInitParameters(initParameters);
        authenticationFilter.addUrlPatterns("/*");
        authenticationFilter.setOrder(1);
        return authenticationFilter;
    }

    // 单点登录
    @Bean
    public FilterRegistrationBean authenticationFilterRegistrationBean() { 
        FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
        authenticationFilter.setFilter(new AuthenticationFilter());
        Map<String, String> initParameters = new HashMap<String, String>();
        initParameters.put("casServerLoginUrl", "http://localhost:8080/cas/login");
        initParameters.put("serverName", "http://127.0.0.1:8088");//域名换成ip,不然单点退出失效
        initParameters.put("ignorePattern", "/cas/*");
        authenticationFilter.setInitParameters(initParameters);
        authenticationFilter.setOrder(1);
        List<String> urlPatterns = new ArrayList<String>();
        urlPatterns.add("/*");// 设置匹配的url
        authenticationFilter.setUrlPatterns(urlPatterns);
        return authenticationFilter;
    }

    // 校验
    @Bean
    public FilterRegistrationBean ValidationFilterRegistrationBean() { 
        FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
        //此处cas30,用cas20获取不到cas返回的登录信息
        authenticationFilter.setFilter(new Cas30ProxyReceivingTicketValidationFilter());
        Map<String, String> initParameters = new HashMap<String, String>();
        initParameters.put("casServerUrlPrefix", "http://localhost:8080/cas/");
        initParameters.put("serverName", "http://127.0.0.1:8088");
        initParameters.put("ignorePattern", "/cas/*");//不拦截的路径
        authenticationFilter.setInitParameters(initParameters);
        authenticationFilter.setOrder(1);
        List<String> urlPatterns = new ArrayList<String>();
        urlPatterns.add("/*");// 设置匹配的url
        authenticationFilter.setUrlPatterns(urlPatterns);
        return authenticationFilter;
    }

    // 取用户信息
    @Bean
    public FilterRegistrationBean casHttpServletRequestWrapperFilter() { 
        FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
        authenticationFilter.setFilter(new HttpServletRequestWrapperFilter());
        authenticationFilter.setOrder(1);
        List<String> urlPatterns = new ArrayList<String>();
        urlPatterns.add("/*");// 设置匹配的url
        authenticationFilter.setUrlPatterns(urlPatterns);
        return authenticationFilter;
    }

    // 取用户信息
    @Bean
    public FilterRegistrationBean casAssertionThreadLocalFilter() { 
        FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
        authenticationFilter.setFilter(new AssertionThreadLocalFilter());
        authenticationFilter.setOrder(1);
        List<String> urlPatterns = new ArrayList<String>();
        urlPatterns.add("/*");// 设置匹配的url
        authenticationFilter.setUrlPatterns(urlPatterns);
        return authenticationFilter;
    }
}

以后有时间了我补上debug源码分析。

    原文作者:凋叶丶棕
    原文地址: https://blog.csdn.net/c_kkl213/article/details/81781731
    本文转自网络文章,转载此文章仅为分享知识,如有侵权,请联系博主进行删除。
点赞