当前位置: 代码迷 >> Web前端 >> CAS 浅析 - 服务端web.xml配备简介
  详细解决方案

CAS 浅析 - 服务端web.xml配备简介

热度:614   发布时间:2012-07-23 09:42:19.0
CAS 浅析 - 服务端web.xml配置简介
声明:这只是个人见解,不代表官方。
这是摘自源码里的配置文件:
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
	version="2.4">
	<display-name>Central Authentication System (CAS) ${project.version}</display-name>
	<!-- spring 的一些配置文件 -->
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			/WEB-INF/spring-configuration/*.xml
			/WEB-INF/deployerConfigContext.xml
		</param-value>
	</context-param>


	<!--
		- Location of the Log4J config file, for initialization and refresh checks.
		- Applied by Log4jConfigListener.
	-->
	<context-param>
		<param-name>log4jConfigLocation</param-name>
		<param-value>classpath:log4j.xml</param-value>
	</context-param>
	
	<context-param>
		<param-name>log4jExposeWebAppRoot</param-name>
		<param-value>false</param-value>
	</context-param>

<!--
    Specify that the log4j configuration should be reloaded periodically
    to pick up changes
  -->
  <context-param>
    <param-name>log4jRefreshInterval</param-name>
    <param-value>60000</param-value>
  </context-param>
	
	<!-- 这个过滤器主要是将客户端的和服务端的IP存放到一个本地线程变量里 -->
	<filter>
		<filter-name>CAS Client Info Logging Filter</filter-name>
		<filter-class>com.github.inspektr.common.web.ClientInfoThreadLocalFilter</filter-class>
	</filter>
	
	<filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter>
        <filter-name>characterEncodingFilter</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>characterEncodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/services/*</url-pattern>
    </filter-mapping>

	<filter-mapping>
		<filter-name>CAS Client Info Logging Filter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<!--
		- Configures Log4J for this web app.
		- As this context specifies a context-param "log4jConfigLocation", its file path
		- is used to load the Log4J configuration, including periodic refresh checks.
		-
		- Would fall back to default Log4J initialization (non-refreshing) if no special
		- context-params are given.
		-
		- Exports a "web app root key", i.e. a system property that specifies the root
		- directory of this web app, for usage in log file paths.
		- This web app specifies "cas.root" (see log4j.properties file).
	-->
	<!-- Leave the listener commented-out if using JBoss -->
	<listener>
		<listener-class>
			org.springframework.web.util.Log4jConfigListener
		</listener-class>
	</listener>

	<!--
		- Loads the CAS ApplicationContext.  
		- The deployer choice here is how to handle Throwables thrown by Spring's 
		- ContextLoaderListener.  The Spring ContextLoaderListener will throw an exception when the
		- application context cannot be loaded, say because the bean XML files are not valid XML or do not
		- refer to real classes and properties or because a bean configured via Spring throws an exception
		- at construction, property setting, or on an afterPropertiesSet() lifecycle method.
		-
		- If you'd like these errors to be fatal and prevent the CAS servlet context from loading at all,
		- use org.springframework.web.context.ContextLoaderListener.
		-
		- If you'd like these errors to result in all requests for CAS getting a "CAS is Unavailable" response, 
		- use org.jasig.cas.web.init.SafeContextLoaderListener
	-->
	<listener>
		<listener-class>
			org.jasig.cas.web.init.SafeContextLoaderListener
		</listener-class>
	</listener>

	<!--
		- This is the Spring dispatcher servlet which delegates all requests to the 
		- Spring WebMVC controllers as configured in cas-servlet.xml.
		-   
		- The choice made above about how to handle a broken ApplicationContext at 
		- context initialization applies here as well, since this servlet is load-on-startup.
		-
		- If you'd like these errors to be fatal and prevent the CAS servlet from loading at all,
		- use org.springframework.web.servlet.DispatcherServlet.
		-
		- If you'd like these errors to result in all requests for CAS getting a "CAS is Unavailable" response, 
		- use org.jasig.cas.web.init.SafeDispatcherServlet
	-->
	<servlet>
		<servlet-name>cas</servlet-name>
		<servlet-class>
			org.jasig.cas.web.init.SafeDispatcherServlet
		</servlet-class>
		<init-param>
			<param-name>publishContext</param-name>
			<param-value>false</param-value>
		</init-param>
		<load-on-startup>1</load-on-startup>
	</servlet>
	
	<servlet-mapping>
		<servlet-name>cas</servlet-name>
		<url-pattern>/login</url-pattern>
	</servlet-mapping>

	<servlet-mapping>
		<servlet-name>cas</servlet-name>
		<url-pattern>/logout</url-pattern>
	</servlet-mapping>

	<servlet-mapping>
		<servlet-name>cas</servlet-name>
		<url-pattern>/validate</url-pattern>
	</servlet-mapping>

	<servlet-mapping>
		<servlet-name>cas</servlet-name>
		<url-pattern>/serviceValidate</url-pattern>
	</servlet-mapping>
	
	<servlet-mapping>
		<servlet-name>cas</servlet-name>
		<url-pattern>/samlValidate</url-pattern>
	</servlet-mapping>

	<servlet-mapping>
		<servlet-name>cas</servlet-name>
		<url-pattern>/proxy</url-pattern>
	</servlet-mapping>

	<servlet-mapping>
		<servlet-name>cas</servlet-name>
		<url-pattern>/proxyValidate</url-pattern>
	</servlet-mapping>

	<servlet-mapping>
		<servlet-name>cas</servlet-name>
		<url-pattern>/CentralAuthenticationService</url-pattern>
	</servlet-mapping>
	
	<servlet-mapping>
		<servlet-name>cas</servlet-name>
		<url-pattern>/services/add.html</url-pattern>
	</servlet-mapping>

    <servlet-mapping>
        <servlet-name>cas</servlet-name>
        <url-pattern>/services/viewStatistics.html</url-pattern>
    </servlet-mapping>


	<servlet-mapping>
		<servlet-name>cas</servlet-name>
		<url-pattern>/services/logout.html</url-pattern>
	</servlet-mapping>
	
	<servlet-mapping>
		<servlet-name>cas</servlet-name>
		<url-pattern>/services/loggedOut.html</url-pattern>
	</servlet-mapping>
	
	<servlet-mapping>
		<servlet-name>cas</servlet-name>
		<url-pattern>/services/manage.html</url-pattern>
	</servlet-mapping>
	
	<servlet-mapping>
		<servlet-name>cas</servlet-name>
		<url-pattern>/services/edit.html</url-pattern>
	</servlet-mapping>

	<servlet-mapping>
		<servlet-name>cas</servlet-name>
		<url-pattern>/openid/*</url-pattern>
	</servlet-mapping>

	<servlet-mapping>
		<servlet-name>cas</servlet-name>
		<url-pattern>/services/deleteRegisteredService.html</url-pattern>
	</servlet-mapping>

    <servlet-mapping>
        <servlet-name>cas</servlet-name>
        <url-pattern>/authorizationFailure.html</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>cas</servlet-name>
        <url-pattern>/403.html</url-pattern>
    </servlet-mapping>
    
    <servlet>
    	<servlet-name>cas checked</servlet-name>
    	<servlet-class>com.more.cas.web.service.CASCheckedFilter</servlet-class>
    </servlet>
    <servlet-mapping>
		<servlet-name>cas checked</servlet-name>
		<url-pattern>/checked</url-pattern>
	</servlet-mapping>

	<session-config>
		<!-- Default to 5 minute session timeouts -->
		<session-timeout>5</session-timeout>
	</session-config>

	<error-page>
		<exception-type>org.springframework.context.ApplicationContextException</exception-type>
		<location>/WEB-INF/view/jsp/brokenContext.jsp</location>
	</error-page>

	<error-page>
        <error-code>500</error-code>
		<location>/WEB-INF/view/jsp/errors.jsp</location>
	</error-page>

	<error-page>
		<error-code>404</error-code>
		<location>/</location>
	</error-page>

    <error-page>
        <error-code>403</error-code>
        <location>/403.html</location>
    </error-page>
	
	<welcome-file-list>
  		<welcome-file>index.jsp</welcome-file>
  	</welcome-file-list> 
</web-app>

其中由Filter(2个),Servlet(1)个,Listener(2个)组成。
com.github.inspektr.common.web.ClientInfoThreadLocalFilter 主要是把客户端和服务端的IP地址获得之后存放到一个本地线程变里。
org.springframework.web.filter.DelegatingFilterProxy 这个我就不做介绍了,用过Spring Security的人应该都清楚。
org.springframework.web.util.Log4jConfigListener 这个Log4j的监听器。
org.jasig.cas.web.init.SafeContextLoaderListener 这个监听器,主要是在Servlet上下文有异常的时候进行异常统一处理。
org.jasig.cas.web.init.SafeDispatcherServlet 这个Servlet主要是进行转发,将接收到的请求转交给webflow来处理。
  相关解决方案