本文共 6119 字,大约阅读时间需要 20 分钟。
最近在做cas单点登录时,由于是单点登录。必然会涉及到单点注销,然而在做单点注销时由于对cas注销机制不了解加之测试条件所致,所有测试都是在本机下完成(机器性能较低,没用虚拟机);导致折腾了很久。网上说的原因也各式各样,大部分原因集中在:
1:你的CAS服务器将cookie设置成了浏览器有效,那么表示如果浏览器不关闭,则一直有效。
在WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml中设置cookie有效期,默认配置cookie有效期为-12:你的应用中注销的filter-mapping没有放在所有mapping之前
一一尝试过。无论怎么测试都出现了一个诡异的状况;本地测试可以正常退出,服务器端和客户端分离时则单点注销无法正常退出。官网的例子和说明也看了一遍又一遍,无论怎么尝试还是失败。直到操作了一下退出,然后服务器端看了下tomcat的日志,看到了一个WARN、Error日志。
2015-12-10 16:04:05,991 WARN [org.jasig.cas.util.SimpleHttpClient] -
看到这有种蛋碎了一地的感觉,这是不是服务器端要和客户端通信,而服务端无法正常发送消息给客户端呢?于是
原单点登录配置
CAS Single Sign Out Filter org.jasig.cas.client.session.SingleSignOutFilter CAS Single Sign Out Filter /CasClient/* org.jasig.cas.client.session.SingleSignOutHttpSessionListener CASFilter org.jasig.cas.client.authentication.AuthenticationFilter casServerLoginUrl https://sso.castest.com:8443/cas/login serverName http://localhost:8080 CASFilter /* CAS Validation Filter org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter casServerUrlPrefix https://sso.castest.com:8443/cas/ serverName http://localhost:8080 CAS Validation Filter /* CAS HttpServletRequest Wrapper Filter org.jasig.cas.client.util.HttpServletRequestWrapperFilter CAS HttpServletRequest Wrapper Filter /* CAS Assertion Thread Local Filter org.jasig.cas.client.util.AssertionThreadLocalFilter CAS Assertion Thread Local Filter /*
修改后单点登录配置
org.jasig.cas.client.session.SingleSignOutHttpSessionListener CAS Single Sign Out Filter org.jasig.cas.client.session.SingleSignOutFilter CAS Single Sign Out Filter /CasClient/* CASFilter org.jasig.cas.client.authentication.AuthenticationFilter casServerLoginUrl https://sso.castest.com:8443/cas/login serverName http://192.168.1.125:8080 CASFilter /* CAS Validation Filter org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter casServerUrlPrefix https://sso.castest.com:8443/cas/ serverName http://192.168.1.125:8080 CAS Validation Filter /* CAS HttpServletRequest Wrapper Filter org.jasig.cas.client.util.HttpServletRequestWrapperFilter CAS HttpServletRequest Wrapper Filter /* CAS Assertion Thread Local Filter org.jasig.cas.client.util.AssertionThreadLocalFilter CAS Assertion Thread Local Filter /*
改完后,重启tomcat。再次测试,瞬间千万个草泥马呼啸而过。