浏览系统A，向 CAS Server 进行登录验证，没有登陆则跳转登录页面，登录成功 CAS Server 会将账号密码保存在cookie，CAS Server再生成一个ticket，带着ticket重定向系统A。系统A将ticket重定向CAS Server，然后将数据保存系统自身session，以后登录先查找session。
再浏览系统B， CAS Server 带着ticket重定向系统B，系统B将ticket重定向CAS Server，然后将数据保存在系统自身session。
退出登录就删除TGC

需要开启CAS服务/usr/local/web/tomcat-cas/bin；

CAS和security整合需要用户认证交给cas，security负责权限认证。

public class UserDetailServiceImpl implements UserDetailsService {
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        //用户认证交给cas，security负责权限认证
        List<GrantedAuthority>authorityList = new ArrayList<>();
        authorityList.add(new SimpleGrantedAuthority("ROLE_USER"));
        return new User(username,"",authorityList);
    }
}

spring-security.xml配置

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
    <!--不需要登录就可以访问的资源-->
    <http pattern="/css/**" security="none"/>
    <http pattern="/data/**" security="none"/>
    <http pattern="/fonts/**" security="none"/>
    <http pattern="/img/**" security="none"/>
    <http pattern="/js/**" security="none"/>
    <http pattern="/plugins/**" security="none"/>
    <http pattern="/cart.html" security="none"/>


    <!-- entry-point-ref 入口点引用  -->
    <http use-expressions="false" entry-point-ref="casProcessingFilterEntryPoint">
        <!--允许匿名登录anonymousUser-->
        <intercept-url pattern="/cart/*.do" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/**" access="ROLE_USER"/>
        <csrf disabled="true"/>
        <!-- custom-filter 为过滤器， position  表示将过滤器放在指定的位置上， before
        表示放在指定位置之前 ， after 表示放在指定的位置之后 -->
        <custom-filter ref="casAuthenticationFilter" position="CAS_FILTER"/>
        <custom-filter ref="requestSingleLogoutFilter"
                       before="LOGOUT_FILTER"/>
        <custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
    </http>
    <!-- CAS 入口点 开始  -->
    <beans:bean id="casProcessingFilterEntryPoint"
                class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
        <!-- ■  单点登录服务器登录 URL■  -->
        <beans:property name="loginUrl"
                        value="http://cas.pinyougou.com/login"/>
        <beans:property name="serviceProperties" ref="serviceProperties"/>
    </beans:bean>
    <beans:bean id="serviceProperties"
                class="org.springframework.security.cas.ServiceProperties">
        <!--■ service  配置自身工程的根地址 +/login/cas■  -->
        <beans:property name="service"
                        value="http://cart.pinyougou.com/login/cas"/>
    </beans:bean>
    <!-- CAS 入口点 结束  -->
    <!--  认证过滤器 开始  -->
    <beans:bean id="casAuthenticationFilter"
                class="org.springframework.security.cas.web.CasAuthenticationFilter">
        <beans:property name="authenticationManager"
                        ref="authenticationManager"/>
    </beans:bean>
    <!--  认证管理器  -->
    <authentication-manager alias="authenticationManager">
        <authentication-provider ref="casAuthenticationProvider"/>
    </authentication-manager>
    <!-- ■ 认证类 ■ -->
    <beans:bean id="userDetailsService"
                class="com.pinyougou.cart.service.impl.UserDetailServiceImpl"/>
    <!--  认证提供者  -->
    <beans:bean id="casAuthenticationProvider"
                class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
        <beans:property name="authenticationUserDetailsService">
            <beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
                <beans:constructor-arg ref="userDetailsService"/>
            </beans:bean>
        </beans:property>
        <beans:property name="serviceProperties" ref="serviceProperties"/>
        <!-- ■ ticketValidator  为票据验证器 ■  -->
        <beans:property name="ticketValidator">
            <beans:bean
                    class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                <beans:constructor-arg index="0"
                                       value="http://cas.pinyougou.com"/>
            </beans:bean>
        </beans:property>
        <beans:property name="key"
                        value="an_id_for_this_auth_provider_only"/>
    </beans:bean>
    <!--  认证过滤器 结束  -->
    <!--  单点登出 开始 -->
    <beans:bean id="singleLogoutFilter"
                class="org.jasig.cas.client.session.SingleSignOutFilter"/>
    <beans:bean id="requestSingleLogoutFilter"
                class="org.springframework.security.web.authentication.logout.LogoutFilter">
        <beans:constructor-arg
                value="http://cas.pinyougou.com/logout?service=http://user.pinyougou.com"/>
        <beans:constructor-arg>
            <beans:bean
                    class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
        </beans:constructor-arg>
        <beans:property name="filterProcessesUrl" value="/logout/cas"/>
    </beans:bean>
    <!--  单点登出 结束  -->
</beans:beans>