demand
Recently, the leader asked me to add functions for an old project to realize the access of other systems into our system. The old project used CAS for single sign-on, so I went to understand the application principle of CAS
Thought analysis
- I searched a set of basic courses of CAS on the Internet.
- After reading a series of articles of this author, I found that CAS integration restful authentication can be used to authenticate through REST or those tickets of CAS, so as to realize the no-login operation without skipping login.
- But unfortunately, no matter how I operated and experimented, I could not achieve the effect introduced in the article. I could not integrate CAS and restful, and I could not obtain the ticket. – So I consulted various examples on the Internet and official documents, but none of them could meet my requirements, so I decided to change my mind;
- Luckily, I read another article that didn’t tell me how to do it, but gave me a new idea;
- When accessing a cas client, the login address of the cas server is displayed because the user does not login to the cas client. However, unlike the login address of the cas client, the login address is generated. Service = client address;
- Here I found that I could use a trick trick to modify the login page directly and implement my no-login feature
Function implementation
- Start by finding the casloginView.jsp page on the server side
- Add the js method to get the parameters on the URL
// Get the url from the url
function getQueryVariable(variable)
{
var query = window.location.search.substring(1);
var vars = query.split("&");
for (var i=0; i<vars.length; i++) {var pair = vars[i].split("=");
if(pair[0] == variable){return pair[1];}
}
return(false);
}
Copy the code- Add a method to the page-loading function to determine if the service in the parameter matches the address for which you want to perform a no-logout operation
$(function(){
// Get the service parameter on the URL
var service = getQueryVariable("service");
// Check whether the service address is the same as the address we need to avoid Posting
if(unescape(service)=='http://127.0.0.1:8080/eventcore/') {// If the address is the same, hide the original page to improve user experience
$("#loginBody").hide();
// Inject the username and password
$("#username").val('admin');
$("#password").val('111111');
// Change the form address to the address we want to jump to, otherwise it will not work
$('#fm1').action = "Http://127.0.0.1:8081/cas/login? Service = HTTP % 3 a % 2 f % 2. F172 20.41.198%3 a8080%2 feventcore % 2 f";
// Trigger the submit button to achieve a similar effect
$("#sub_button").click(); }}Copy the codeconclusion
Because I am unable to integrate restful API for the time being, I adopted this method to cheat. Besides, the project is an internal one, so I did not consider some security factors. It will be modified according to business requirements later.