cas sso單點登陸系列6_cas單點登陸防止登出退出後刷新後退ticket失效報500錯
轉(http://blog.csdn.net/ae6623/article/details/9494601)java
問題: 我登陸了client2,又登陸了client3,如今我把client2退出了,在client3裏面我F5刷新了一下,結果頁面報錯:web
未可以識別出目標 'ST-41-2VcnVMguCDWJX5zHaaaD-cas01.example.org'票根spring
<span style="font-family:Microsoft YaHei;font-size:12px;">type Exception report message org.jasig.cas.client.validation.TicketValidationException: description The server encountered an internal error that prevented it from fulfilling this request. exception javax.servlet.ServletException: org.jasig.cas.client.validation.TicketValidationException: 鏈兘澶熻瘑鍒嚭鐩爣 'ST-41-2VcnVMguCDWJX5zHaaaD-cas01.example.org'紲ㄦ牴 org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:155) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:99) org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) root cause org.jasig.cas.client.validation.TicketValidationException: 鏈兘澶熻瘑鍒嚭鐩爣 'ST-41-2VcnVMguCDWJX5zHaaaD-cas01.example.org'紲ㄦ牴 org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:73) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:99) org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) note The full stack trace of the root cause is available in the Apache Tomcat/7.0.37 logs.</span>
猜都能猜出來,我註銷了,ticket已經失效了,如今我又發回到server端,它就報錯了。(客戶端發過去就報錯了),如下就是cas ticket失效處理的一個很簡單的解決辦法,複雜的話,須要修改client源碼進行異常處理。瀏覽器
1.因此針對這個狀況,我只能在web.xml中下手了,(你也能夠修改客戶端的jar包中的一些java類,本身去作這個異常處理,接收全部在cas使用過程當中會出錯的處理,所有跳轉到錯誤頁面中,讓掉線的人從新登陸。在這裏,咱們採用web.xml配置一下)tomcat
2.這是官網解釋:https://wiki.jasig.org/display/CASC/Configuring+the+Jasig+CAS+Client+for+Java+in+the+web.xml 它的解釋:服務器
The correct order of the filters in web.xml is necessary:session
- AuthenticationFilter
- TicketValidationFilter (whichever one is chosen)
- HttpServletRequestWrapperFilter
- AssertionThreadLocalFilter
意思是說,過濾器鏈不要錯,我以前的那篇教程裏cas客戶端配置web.xml沒有使用這幾個過濾器,如今咱們從新使用它。app
3.這是一個哥們以前解釋的:我貼出來。webapp
單點登出,客戶端配置。我嘗試使用SAML做爲認證和Ticket校驗,可是調試時發現單點登出取標識的方式只能識別CAS的認證和校驗。
認證:org.jasig.cas.client.authentication.AuthenticationFilter
校驗:org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
過濾器順序:
1. CAS Single Sign Out Filter
2. CAS Validation Filter
3. CAS Authentication Filter
4. CAS HttpServletRequest Wrapper Filter
5. CAS Assertion Thread Local Filter
特別注意Validation在Authentication以前,由於我使用的是Cas20ProxyReceivingTicketValidationFilter。根據CAS文檔描述:If you are using proxy validation, you should map the validation filter before the authentication filter.jsp
4.ok,放上個人web.xml文件,廢掉以前的cas驗證過濾器(CAS Filter)。使用另外一個過濾器(CAS Authentication Filter),而且增長另外三個過濾器(CAS Validation Filter,CAS HttpServletRequest Wrapper Filter,CAS Assertion Thread Local Filter),注意過濾器的順序.
<span style="font-family:Microsoft YaHei;font-size:12px;"><?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.5" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <!-- 解決中文亂碼問題 --> <filter> <filter-name>spring filter</filter-name> <filter-class> org.springframework.web.filter.CharacterEncodingFilter </filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> </filter> <filter-mapping> <filter-name>spring filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 解決中文亂碼問題 --> <!--1.用於單點退出 --> <listener> <listener-class> org.jasig.cas.client.session.SingleSignOutHttpSessionListener </listener-class> </listener> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class> org.jasig.cas.client.session.SingleSignOutFilter </filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!--2.負責Ticket校驗--> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter </filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value> http://192.168.168.141:8080/casServer </param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>192.168.168.141:8080</param-value> </init-param> <init-param> <param-name>useSession</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>exceptionOnValidationFailure</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 3. 單點登陸驗證 --> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class> org.jasig.cas.client.authentication.AuthenticationFilter </filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value> http://192.168.168.141:8080/casServer/login </param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://192.168.168.141:8080</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 3.用於單點登陸 去服務器端認證(以前使用的這種) <filter> <filter-name>CAS Filter</filter-name> <filter-class> edu.yale.its.tp.cas.client.filter.CASFilter </filter-class> <init-param> <param-name> edu.yale.its.tp.cas.client.filter.loginUrl </param-name> <param-value> http://192.168.168.141:8080/casServer/login </param-value> </init-param> <init-param> <param-name> edu.yale.its.tp.cas.client.filter.validateUrl </param-name> <param-value> http://192.168.168.141:8080/casServer/serviceValidate </param-value> </init-param> <init-param> <param-name> edu.yale.its.tp.cas.client.filter.serverName </param-name> <param-value>192.168.168.141:8080</param-value> </init-param> </filter> --> <!--4. CAS HttpServletRequest Wrapper Filter 這個是HttpServletRequet的包裹類,讓他支持getUserPrincipal,getRemoteUser方法來取得用戶信息--> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class> org.jasig.cas.client.util.HttpServletRequestWrapperFilter </filter-class> </filter> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!--5. CAS Assertion Thread Local Filter 這個類把Assertion信息放在ThreadLocal變量中,這樣應用程序不在web層也可以獲取到當前登陸信息--> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class> org.jasig.cas.client.util.AssertionThreadLocalFilter </filter-class> </filter> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>Query</servlet-name> <servlet-class>servlet.Query</servlet-class> </servlet> <servlet-mapping> <servlet-name>Query</servlet-name> <url-pattern>/query</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> </web-app> </span>
5.若是這樣作了,你還須要一件事情,就是前臺獲取用戶信息的方式改了,個人index.jsp改爲了這個:
<span style="font-family:Microsoft YaHei;font-size:12px;"><%@ page language="java" import="java.util.*" pageEncoding="utf-8"%> <%@page import="edu.yale.its.tp.cas.client.filter.CASFilter"%> <%@page import="org.jasig.cas.client.util.AssertionThreadLocalFilter"%> <%@page import="org.jasig.cas.client.util.HttpServletRequestWrapperFilter"%> <%@page import="org.jasig.cas.client.authentication.AttributePrincipal"%> <%@page import="org.jasig.cas.client.util.AbstractCasFilter"%> <%@page import="org.jasig.cas.client.validation.Assertion"%> <body> <h1> 登陸成功,這是客戶端2 </h1> <br /> 歡迎您: <% //String username = (String) session.getAttribute(CASFilter.CAS_FILTER_USER); //String username2 = (String)AssertionHolder.getAssertion().getPrincipal().getName(); String username = ""; AttributePrincipal principal = (AttributePrincipal) request.getUserPrincipal(); if(principal != null){ username = principal.getName();//獲取用戶名 } %> 用戶名:<%=username%></span>
ok,個人應用之間若是一個退出,另外一個就算帶ticket參數也不再也不報錯了,就算是測試組的兄弟拿到那段ticket複製粘貼到另外一個瀏覽器中進行訪問,也不會報錯。
ps:
也有兄弟說能夠經過修改C:\tomcat7\webapps\casServer\WEB-INF\spring-configuration\ticketExpirationPolicies.xml這個文件中的
<!-- Expiration policies --> <util:constant id="SECONDS" static-field="java.util.concurrent.TimeUnit.SECONDS"/> <bean id="serviceTicketExpirationPolicy" class="org.jasig.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy" c:numberOfUses="1" c:timeToKill="${st.timeToKillInSeconds:10}" c:timeUnit-ref="SECONDS"/>
其中那個
c:numberOfUses="1" //使用ticket多少次
c:timeToKill="${st.timeToKillInSeconds:10}" //多少秒過時,默認10秒,你把這個改爲10分鐘玩玩。
這個方法我沒有嘗試,因此但願想嘗試想折騰和想玩的兄弟狠狠的點擊這個連接:http://bbs.csdn.net/topics/390111112
相關文章
- 1. [置頂] SSO單點登陸系列6:cas單點登陸防止登出退出後刷新後退ticket失效報500錯
- 2. CAS5.2x單點登陸(七)-------------單點退出
- 3. CAS-5.2.6單點登陸-退出原理
- 4. (三)SSO之CAS框架單點退出,退出到CAS登陸界面
- 5. CAS 4.1.x 單點登出(退出登陸)的原理解析
- 6. CAS單點登陸(SSO)
- 7. JAVA CAS單點登陸(SSO)
- 8. Cas sso單點登陸(二)
- 9. SSO單點登陸
- 10. sso單點登陸
- 更多相關文章...
- • 登錄MySQL數據庫 - MySQL教程
- • Thymeleaf簡單格式化輸出 - Thymeleaf 教程
- • TiDB 在摩拜單車在線數據業務的應用和實踐
- • Docker容器實戰(七) - 容器眼光下的文件系統
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
