时间:2021-07-01 10:21:17 帮助过:48人阅读
这个CAS( Central Authentication Service )是耶鲁大学的开源项目,旨在实现企业应用单点登录,还是很不错的,牛b的大学确实不一样,不是我们这些2b学校式的教育。其官网http://www.jasig.org/cas,很不幸,应该翻了墙才能进去,自己去捣鼓翻墙吧,建议就GoA
这个CAS(Central Authentication Service)是耶鲁大学的开源项目,旨在实现企业应用单点登录,还是很不错的,牛b的大学确实不一样,不是我们这些2b学校式的教育。其官网http://www.jasig.org/cas,很不幸,应该翻了墙才能进去,自己去捣鼓翻墙吧,建议就GoAgent足已。
1 |
1.jdk7_45 |
2 |
2.tomcat7_45 |
3 |
3.三台虚拟机: |
4 |
1.tomcat1(部署cas验证服务器) |
5 |
2.tomcat2(其中部署了两个web应用cas-web-client,
cas-web-client2) |
6 |
3.mysql
server一台(直接到数据库种验证) |
http://downloads.jasig.org/
解压之,jar会再modules目录下,其他都为源代码项目
已经打包的server:
client:
------------------------------------------------------
开始搭建:
1.在tomcat1所在机器生成证书:
这时会在用户主目录下生成.keystore文件,这个文件也可在上述命令种指定,其中生成过程会填入一些信息,注意输入第一个时(名字与姓氏)就输入你本机器的域名(不能时IP), 这里我的是www.tomcat1.com:
2.导出证书(后面将其导入客户端的jre环境中):
于是在用户主目录下就有了ssotest.crt证书文件(保留着,待会客户端配置要用),
3.配置Tomcat SSL: ${TOMCAT_HOME}/conf/server.xml中83-93行修改为:
01 |
|
05 |
|
06 |
< Connector port = "8443" protocol = "HTTP/1.1" SSLEnabled = "true" |
07 |
maxThreads = "150" scheme = "https" secure = "true" |
08 |
clientAuth = "false" sslProtocol = "TLS" |
09 |
keystoreFile = "/home/tomcatadmin/.keystore" |
10 |
keystorePass = "ssotest" /> |
这时输入用户名及密码(保持一样就可以,默认CAS验证方式只要用户名密码一样就行), 可见其默认验证实现类SimpleTestUsernamePasswordAuthenticationHandler:
01 |
public final class SimpleTestUsernamePasswordAuthenticationHandler extends |
02 |
AbstractUsernamePasswordAuthenticationHandler
{ |
03 |
04 |
public boolean authenticateUsernamePasswordInternal( final UsernamePasswordCredentials
credentials) { |
05 |
final String
username = credentials.getUsername(); |
06 |
final String
password = credentials.getPassword(); |
07 |
08 |
if (StringUtils.hasText(username)
&& StringUtils.hasText(password) |
09 |
&&
username.equals(getPasswordEncoder().encode(password))) { //用户名及密码相同就成功 |
10 |
return true ; |
11 |
} |
12 |
return false ; |
13 |
} |
14 |
} |
这样CAS服务端就默认配置完毕了,待会儿我们还要配置数据库验证。
1.生成.keystore(同上);
2.将CAS服务端的导出ssotest.crt证书拷贝到某目录,并且导入到客户端机器的jre运行环境中:
1 |
keytool
- import -keystore
$JAVA_HOME/jre/lib/security/cacerts - file ~/ssotest.crt
- alias ssotest |
2 |
#
NOTE: 有可能会有异常:java.io.IOException: Keystore was tampered with, or password was incorrect. 那就先删除本机上述的cacerts文件。 |
3.配置客户端Tomcat SSL(同上);
4.新建WEB项目cas-web-client, 并加入依赖包:cas-client-core-3.2.1.jar,commons-logging-1.1.jar
5.配置web.xml:
01 |
xml version = "1.0" encoding = "UTF-8" ?> |
02 |
< web-app xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance" xmlns = "http://java.sun.com/xml/ns/javaee" xsi:schemaLocation = "http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id = "WebApp_ID" version = "2.5" > |
03 |
< display-name >cas-web-client2 display-name > |
04 |
< listener > |
05 |
< listener-class > |
06 |
org.jasig.cas.client.session.SingleSignOutHttpSessionListener |
07 |
listener-class > |
08 |
listener > |
09 |
< filter > |
10 |
< filter-name >CasSingleSignOutFilter filter-name > |
11 |
< filter-class >org.jasig.cas.client.session.SingleSignOutFilter filter-class > |
12 |
filter > |
13 |
< filter-mapping > |
14 |
< filter-name >CasSingleSignOutFilter filter-name > |
15 |
< url-pattern >/* url-pattern > |
16 |
filter-mapping > |
17 |
< filter > |
18 |
< filter-name >CASFilter filter-name > |
19 |
< filter-class >org.jasig.cas.client.authentication.AuthenticationFilter filter-class > |
20 |
< init-param > |
21 |
< param-name >casServerLoginUrl param-name >
|
22 |
< param-value >https://www.tomcat1.com:8443/cas/login param-value > |
23 |
init-param > |
24 |
< init-param >
|
25 |
< param-name >serverName param-name > |
26 |
< param-value >http://www.tomcat2.com:8080 param-value > |
27 |
init-param > |
28 |
filter > |
29 |
< filter-mapping > |
30 |
< filter-name >CASFilter filter-name > |
31 |
< url-pattern >/* url-pattern > |
32 |
filter-mapping > |
33 |
< filter > |
34 |
< filter-name >CasTicketFilter filter-name > |
35 |
< filter-class > |
36 |
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter filter-class > |
37 |
< init-param > |
38 |
< param-name >casServerUrlPrefix param-name > |
39 |
< param-value >https://www.tomcat1.com:8443/cas param-value > |
40 |
init-param > |
41 |
< init-param > |
42 |
< param-name >serverName param-name > |
43 |
< param-value >http://www.tomcat2.com:8080 param-value > |
44 |
init-param > |
45 |
filter > |
46 |
< filter-mapping > |
47 |
< filter-name >CasTicketFilter filter-name > |
48 |
< url-pattern >/* url-pattern > |
49 |
filter-mapping > |
50 |
< filter > |
51 |
< filter-name >CasRequestWrapFilter filter-name > |
52 |
< filter-class > |
53 |
org.jasig.cas.client.util.HttpServletRequestWrapperFilter filter-class > |
54 |
filter > |
55 |
< filter-mapping > |
56 |
< filter-name >CasRequestWrapFilter filter-name > |
57 |
< url-pattern >/* url-pattern > |
58 |
filter-mapping > |
59 |
< filter > |
60 |
< filter-name >AssertionThreadLocalFilter filter-name > |
61 |
< filter-class >org.jasig.cas.client.util.AssertionThreadLocalFilter filter-class > |
62 |
filter > |
63 |
< filter-mapping > |
64 |
< filter-name >AssertionThreadLocalFilter filter-name > |
65 |
< url-pattern >/* url-pattern > |
66 |
filter-mapping > |
67 |
< welcome-file-list > |
68 |
< welcome-file >index.jsp welcome-file > |
69 |
welcome-file-list > |
70 |
web-app > |
这样cas-web-client就完成了,拷贝一份为另一个web客户端cas-web-client2:
启动Cas Server所在tomcat(Tomcat1),再启动web客户端所在tomcat(Tomcat2),此时我们访问两个web客户端:
http://www.tomcat2.com:8080/cas-web-client/index.jsp
http://www.tomcat2.com:8080/cas-web-client2/index.jsp
都会被重定想到CAS Server登录界面,登录成功其中之一(将看到对应的index.jsp),再刷新另一个(也能看到对应的index.jsp了,因为已经登录过了), 这就算服务端和客户端都配置OK了。
------------------------------------------------------
1.新建WEB项目cas-auth-server,你需要将cas-server-webapp-3.5.2.war中的资源对应拷贝到项目中,再把下载包中cas-server-webapp的源码考到项目中,由于基于数据库验证,还得将cas-server-support-jdbc-3.5.2.jar和mysql-connector驱动包拷贝到WEB-INF/lib目录下,这样就构成了纯净的cas server项目,当然你也可以通过maven去构建,官网也有说明,如图:
2.我们要做的是修改一些配置,就是WEB-INF/deployerConfigContext.xml文件,先配置mysql数据源:
1 |
|
2 |
< bean id = "mysqlDataSource" class = "org.apache.commons.dbcp.BasicDataSource" > |
3 |
< property name = "driverClassName" value = "com.mysql.jdbc.Driver" /> |
4 |
< property name = "url" value = "jdbc:mysql://192.168.141.129:3306/blog?useUnicode=true&characterEncoding=utf-8" /> |
5 |
< property name = "username" value = "mysqladmin" /> |
6 |
< property name = "password" value = "mysqladmin" /> |
7 |
bean > |
01 |
< property name = "authenticationHandlers" > |
02 |
< list > |
03 |
< bean class = "org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref = "httpClient" /> |
04 |
|
06 |
|
07 |
< bean class = "org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler" > |
08 |
< property name = "dataSource" ref = "mysqlDataSource" /> |
09 |
< property name = "sql" |
10 |
value = "select
password from t_user where username = ?" /> |
11 |
< property name = "passwordEncoder" ref = "myPasswordEncoder" > property > |
12 |
bean > |
13 |
list > |
14 |
property > |
1 |
|
2 |
< bean id = "myPasswordEncoder" class = "org.jasig.cas.custom.encoder.MyPasswordEncoder" /> |
这样就配置完成了,将项目导出war包,并部署到tomcat1所在机器上运行起来,效果会之前一样。
收工。
http://my.oschina.net/indestiny/blog/200768