WebServices SSO jasig CAS
I tried to do SSO with web services with jasig CAS.
I did the security for web application using spring filters, but I don't know how to do it with web services o开发者_StackOverflow中文版n the server side.
We do this with a combination of the rest client (https://wiki.jasig.org/display/CASUM/RESTful+API) and the CasLoginModule (https://wiki.jasig.org/display/CASC/CASLoginModule+for+JAAS+applications) through JAAS (https://wiki.jasig.org/display/CASUM/JAAS) . It works like this:
The client sends down a username and password to your web service who authenticates and validates this against the CAS server. After this, the CASLoginModule caches the resulting service ticket so that future requests that can provide a service ticket don't need to contact CAS again.
This is quite a long way out of the "normal" usage of CAS because essentially it makes the service ticket a long lived item. Normally the ST should last long enough for the resulting service to validate the client. In my case I figured that it doesn't matter too much because all of our communication is on the server-side behind a firewall but this may be different for you.
精彩评论