CAS Client for Java 3.1
The current official version is version 3.3.3. You should immediately upgrade to this version for security reasons (https://lists.wisc.edu/read/messages?id=33836937). Note, that as of 3.1.11, the Maven2 info has changed. The groupId is now org.jasig.cas.client
The JA-SIG CAS Client for Java 3.1 is a reworking of the original Yale CAS Client and the newer JA-SIG CAS Client for Java 3.0. Both were excellent for different reasons: the Yale client had minimal dependencies and could get you up and running quickly while the JA-SIG client offered a more flexible configuration and conformed to more modern "best practices" but came with a large number of dependencies.
The JA-SIG CAS Client for Java 3.1 looks to offer the best of both worlds. In its default configuration mode, it can be configured completely in the web.xml and has only one dependency, Commons Logging, which most applications use anyway. However, if you need the more advanced configuration you can easily configure the CAS client using Spring (and take its jars along with you ).
Going forward, the JA-SIG CAS Client for Java 3.1 will be included in projects requiring a Java CAS Client, such as Spring Security.
Download
http://downloads.jasig.org/cas-clients/
Configuring the CAS Client
Let's take a look at how to configure the JA-SIG CAS Client for Java 3.1:
- Configuring the Jasig CAS Client for Java in the web.xml
- Configuring the JA-SIG CAS Client for Java using Spring
- Configuring the JA-SIG CAS Client for Java using JNDI
- Configuring Single Sign Out
Order of Required Filters
How to configure the filters is described on the pages above. This section details the order in which the filters should appear:
- SingleLogOutFilter (if you're using it)
- AuthenticationFilter
- TicketValidationFilter (whichever one is chosen)
- HttpServletRequestWrapperFilter
- AssertionThreadLocalFilter
Please note that the order of the filters is determined by the filter-mapping not the filter definitions
.
Recommend Logout Procedure
The CAS Client for Java has no code to help you handle log out. The client merely places objects in session. Therefore, we recommend you do a session.invalidate() call when you log a user out. However, that's entirely your application's responsibility.
The CAS Client for Java team has recommended guidelines for logout pages for CAS Clients. We recommend that text similar to the following appear when the application's session is ended.
You have been logged out of APPLICATION NAME GOES HERE.
To log out of all applications, click here. (provide link to CAS server's logout)
Examples
- web.xml for Tomcat 5.5 Tomcat Manager (just authentication)
- JA-SIG Java Client Simple WebApp Sample (authentication, public and protected pages and proxy ticket generation)
- Saml11TicketValidationFilter Example authentication and attribute display
Git source code access
Point your favorite git client at the link below: