首先参考前面文章来配置好CAS,并且配置好RESTFUL,参考:
http://blog.csdn.net/happyteafriends/article/details/7450120
场景如下,
CAS地址为:http://10.1.81.223:8080/cas-server-webapp
两个WEB应用地址:http://10.1.81.223:8080/webapp2
http://10.1.81.223:8080/webapp1
目标:CS架构的程序调用REST最终获取到ST,并登录webapp1
curl -i -X POST -d "username=admin&password=admin&service=http://10.1.81.223:8080/webapp1" http://10.1.81.223:8080/cas-server-webapp/v1/tickets/
结果:
HTTP/1.1 201 Created
Server: Apache-Coyote/1.1
Date: Tue, 07 Jan 2014 01:24:30 GMT
Location: http://10.1.81.223:8080/cas-server-webapp/v1/tickets/TGT-1-sof0YkUAyxSBOWcIFI6lZRmpBmOBgmmNlwL7xvKWbfir4J7hMH-cas
Accept-Ranges: bytes
Server: Noelios-Restlet-Engine/1.1..1
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 444
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>201 The request has been fulfilled and resulted in a new resource being created</title></head><body><h1>TGT Created</h1><form action="http://10.1.81.223:8080/cas-server-webapp/v1/tickets/TGT-1-sof0YkUAyxSBOWcIFI6lZRmpBmOBgmmNlwL7xvKWbfir4J7hMH-cas" method="POST">Service:<input type="text" name="service" value=""><br><input type="submit" value="Submit"></form></body></html>
可见这里已经已经生成了TGT
curl -i -X POST -d "service=http%3A%2F%2F10.1.81.223%3A8080%2Fwebapp1%2F" http://10.1.81.223:8080/cas-server-webapp/v1/tickets/TGT-1-sof0YkUAyxSBOWcIFI6lZRmpBmOBgmmNlwL7xvKWbfir4J7hMH-cas
注意这里的service必须所编码后的,否则到后面会报错:
票根XXX 不符合目标服务 结果:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Date: Tue, 07 Jan 2014 02:05:53 GMT
Accept-Ranges: bytes
Server: Noelios-Restlet-Engine/1.1..1
Content-Type: text/plain;charset=ISO-8859-1
Content-Length: 29
ST-1-iTyUm4scimR6UlaVFGbM-cas
可见这里得到里ST,直接打开浏览器用这个ST去登录WEBAPP1既可
打开浏览器输入
http://10.1.81.223:8080/webapp1/?ticket=ST-1-iTyUm4scimR6UlaVFGbM-cas
发现可以登录。这个ST用一次就失效了。
退出主要是使TGT失效,方法如下:
curl -i -X DELETE http://10.1.81.223:8080/cas-server-webapp/v1/tickets/TGT-1-1fPYM6FWvLX9ZIRqtp1eF9nQAypB79VdyyYG29Bef6iFvyCnwT-cas
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Date: Tue, 07 Jan 2014 02:20:39 GMT
Accept-Ranges: bytes
Server: Noelios-Restlet-Engine/1.1..1
Content-Length: 0
修改WEB-INF/ticketExpirationPolicies.xml 里修改
<!-- This argument is the time a ticket can exist before its considered expired. -->
<constructor-arg
index="1"
value="1000000" />
值可以改大点,我这里改的有点过大了,可能是改成了1000秒
上面提到了这个问题了,注意对service进行编码,变成类似于:
http%3A%2F%2F10.1.81.223%3A8080%2Fwebapp1%2F 才可以
参考:https://wiki.jasig.org/display/casum/restful+api