CAS 入門
安裝環境javascript
jdk 1.8 、tomcat 8 、cas 5.1html
以前使用的是 cas 5.1 和 tomcat 7,怎麼都跑不通,一直覺得是配置的問題,一查資料才知道是 cas5 以上至少要 tomcat8 以上版本。java
cas5 源碼下載mysql
官網cas主頁地址: https://www.apereo.org/projects/casgit
github 源碼主頁 : https://github.com/apereo/casgithub
選擇 Maven 構建工程web
選擇版本號下載spring
下載完成以後將項目解壓導入 IDE 中(3.5版本能夠直接從modle 目錄下找到對應的war包直接部署運行便可)sql
tomcat 配置數據庫
由於cas要求是https 請求因此設置tomcat的請求方式爲https
第一步使用 JDK 自帶的工具生成證書文件,命令以下:
keytool -genkey -alias castest -keyalg RSA -keystore C:/key/casKey.keystore
注意:名字與姓氏要爲域名或localhost
第二步導出crt文件:
keytool -export -file C:/key/casKey.crt -alias castest -keystore C:/key/casKey.keystore
執行完這兩步,你將生成兩個文件:
第三步:將生成的證書導入你的運行jdk中:
keytool -import -keystore "E:/JDK/1.8/jre/lib/security/cacerts" -file C:/key/casKey.crt -alias castest
這裏須要注意的是你的路徑必定要爲你的jdk->jre->lib->security,若是你的路徑下存在此文件,則須要將其刪除,再執行導入,密鑰庫口令默認爲changeit
第四步:在 c://windows/System32/drivers/etc/hosts 文件中添加你的域名映
127.0.0.1 sso.castest.com
第五步: 修改 tomcat 的server.xml:
找到:
將其打開並修改成:
<Connector port="8086" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:/key/casKey.keystore" keystorePass="111111" />
其中 keystorePass 爲第一步設置的密碼,並非 changeit,並將以前的配置註釋掉:
運行tomca測試https訪問:https://sso.castest.com:8086/
選擇高級
訪問成功:
修改源碼配置
將源碼載入Eclipse 中目錄結構
執行 maven-clean -> maven-install 而後添加maven的資源文件夾
進入target 目錄將class 目錄下的application.properties 和 service文件夾 拷貝到 resources目錄下
修改etc/cas/config目錄下的 cas.properties
cas.server.name: https://sso.castest.com:8086
cas.server.prefix: https://sso.castest.com:8086/cas
cas.adminPagesSecurity.ip=127\.0\.0\.1
logging.config: file:/etc/cas/config/log4j2.xml
# cas.serviceRegistry.config.location: classpath:/services
修改application.properties 文件
## # CAS Server Context Configuration # server.context-path=/cas server.port=8086 cas.serviceRegistry.initFromJson=true server.ssl.key-store=file:/C:/key/caskey.Keystore server.ssl.key-store-password=changeit server.ssl.key-password=changeit # server.ssl.ciphers= # server.ssl.client-auth= # server.ssl.enabled= # server.ssl.key-alias= # server.ssl.key-store-provider= # server.ssl.key-store-type= # server.ssl.protocol= # server.ssl.trust-store= # server.ssl.trust-store-password= # server.ssl.trust-store-provider= # server.ssl.trust-store-type= server.compression.enabled=true server.compression.mime-types=application/javascript,application/json,application/xml,text/html,text/xml,text/plain server.max-http-header-size=2097152 server.use-forward-headers=true server.connection-timeout=20000 server.error.include-stacktrace=NEVER server.tomcat.max-http-post-size=2097152 server.tomcat.basedir=build/tomcat server.tomcat.accesslog.enabled=true server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms) server.tomcat.accesslog.suffix=.log server.tomcat.max-threads=10 server.tomcat.port-header=X-Forwarded-Port server.tomcat.protocol-header=X-Forwarded-Proto server.tomcat.protocol-header-https-value=https server.tomcat.remote-ip-header=X-FORWARDED-FOR server.tomcat.uri-encoding=UTF-8 spring.http.encoding.charset=UTF-8 spring.http.encoding.enabled=true spring.http.encoding.force=true ## # CAS Cloud Bus Configuration # spring.cloud.bus.enabled=false # spring.cloud.bus.refresh.enabled=true # spring.cloud.bus.env.enabled=true # spring.cloud.bus.destination=CasCloudBus # spring.cloud.bus.ack.enabled=true endpoints.enabled=false endpoints.sensitive=true endpoints.restart.enabled=false endpoints.shutdown.enabled=false management.security.enabled=true management.security.roles=ACTUATOR,ADMIN management.security.sessions=if_required management.context-path=/status management.add-application-context-header=false security.basic.authorize-mode=role security.basic.enabled=false security.basic.path=/cas/status/** ## # CAS Web Application Session Configuration # server.session.timeout=300 server.session.cookie.http-only=true server.session.tracking-modes=COOKIE ## # CAS Thymeleaf View Configuration # spring.thymeleaf.encoding=UTF-8 spring.thymeleaf.cache=true spring.thymeleaf.mode=HTML ## # CAS Log4j Configuration # # logging.config=file:/etc/cas/log4j2.xml server.context-parameters.isLog4jAutoInitializationDisabled=true ## # CAS AspectJ Configuration # spring.aop.auto=true spring.aop.proxy-target-class=true ## # CAS Authentication Credentials # #cas.authn.accept.users=casuser::Mellon ## # CAS Delegated Authentication # #cas.authn.pac4j.bitbucket.clientName=Bitbucket #cas.authn.pac4j.dropbox.clientName=Dropbox #cas.authn.pac4j.facebook.clientName=Facebook #cas.authn.pac4j.foursquare.clientName=Foursquare #cas.authn.pac4j.github.clientName=Github #cas.authn.pac4j.google.clientName=Google #cas.authn.pac4j.linkedIn.clientName=LinkedIn #cas.authn.pac4j.paypal.clientName=PayPal #cas.authn.pac4j.twitter.clientName=Twitter #cas.authn.pac4j.yahoo.clientName=Yahoo #cas.authn.pac4j.windowsLive.clientName=Windows Live #cas.authn.pac4j.wordpress.clientName=WordPress cas.authn.jdbc.query[0].sql=SELECT * FROM t_user WHERE name=? # cas.authn.jdbc.query[0].healthQuery= # cas.authn.jdbc.query[0].isolateInternalQueries=false cas.authn.jdbc.query[0].url=jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&useSSL=false&serverTimezone=GMT # cas.authn.jdbc.query[0].failFastTimeout=1 cas.authn.jdbc.query[0].isolationLevelName=ISOLATION_READ_COMMITTED cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect cas.authn.jdbc.query[0].leakThreshold=10 cas.authn.jdbc.query[0].propagationBehaviorName=PROPAGATION_REQUIRED # cas.authn.jdbc.query[0].batchSize=1 cas.authn.jdbc.query[0].user=root # cas.authn.jdbc.query[0].ddlAuto=create-drop # cas.authn.jdbc.query[0].maxAgeDays=180 cas.authn.jdbc.query[0].password= cas.authn.jdbc.query[0].autocommit=false cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver # cas.authn.jdbc.query[0].idleTimeout=5000 # cas.authn.jdbc.query[0].credentialCriteria= # cas.authn.jdbc.query[0].name= # cas.authn.jdbc.query[0].order=0 # cas.authn.jdbc.query[0].dataSourceName= # cas.authn.jdbc.query[0].dataSourceProxy=false # Hibernate-specific properties (i.e. `hibernate.globally_quoted_identifiers`) # cas.authn.jdbc.query[0].properties.propertyName=propertyValue cas.authn.jdbc.query[0].fieldPassword=password # cas.authn.jdbc.query[0].fieldExpired= # cas.authn.jdbc.query[0].fieldDisabled= # cas.authn.jdbc.query[0].principalAttributeList=sn,cn:commonName,givenName # cas.authn.jdbc.query[0].passwordEncoder.type=NONE|DEFAULT|STANDARD|BCRYPT|SCRYPT|PBKDF2|com.example.CustomPasswordEncoder # cas.authn.jdbc.query[0].passwordEncoder.characterEncoding= # cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm= # cas.authn.jdbc.query[0].passwordEncoder.secret= # cas.authn.jdbc.query[0].passwordEncoder.strength=16 # cas.authn.jdbc.query[0].principalTransformation.pattern=(.+)@example.org # cas.authn.jdbc.query[0].principalTransformation.groovy.location=file:///etc/cas/config/principal.groovy # cas.authn.jdbc.query[0].principalTransformation.suffix= # cas.authn.jdbc.query[0].principalTransformation.caseConversion=NONE|UPPERCASE|LOWERCASE # cas.authn.jdbc.query[0].principalTransformation.prefix=
maven-install 打包並放入tomca目錄中,測試運行 cmd -> startup
在這兒以前也想過在 Eclipse 中直接運行可是不知道爲何運行到最後 從瀏覽器中能夠訪問到,可是tomcat就是啓動不起來一段時間以後就會超時自動關閉。
瀏覽器測試: https://sso.castest.com:8086/cas
輸入 casuser Mellon :(該用戶名和密碼是在application.properties 文件中寫死的,稍後說綁定數據庫)
到此,最基本的 CAS 服務器就算配置成功了。可是在實際項目中登陸確定不單單是這麼簡單,登陸的過程確定還要綁定數據庫,數據庫還要加密等等。
數據庫綁定
以MySQL爲例:
數據庫:
添加mysql驅動依賴
<dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-jdbc</artifactId> <version>5.1.9</version> </dependency> <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-jdbc-drivers</artifactId> <version>5.1.9</version> </dependency>
修改application.properties 文件中的配置:
## # CAS Server Context Configuration # server.context-path=/cas server.port=8086 cas.serviceRegistry.initFromJson=true server.ssl.key-store=file:/C:/key/caskey.Keystore server.ssl.key-store-password=changeit server.ssl.key-password=changeit # server.ssl.ciphers= # server.ssl.client-auth= # server.ssl.enabled= # server.ssl.key-alias= # server.ssl.key-store-provider= # server.ssl.key-store-type= # server.ssl.protocol= # server.ssl.trust-store= # server.ssl.trust-store-password= # server.ssl.trust-store-provider= # server.ssl.trust-store-type= server.compression.enabled=true server.compression.mime-types=application/javascript,application/json,application/xml,text/html,text/xml,text/plain server.max-http-header-size=2097152 server.use-forward-headers=true server.connection-timeout=20000 server.error.include-stacktrace=NEVER server.tomcat.max-http-post-size=2097152 server.tomcat.basedir=build/tomcat server.tomcat.accesslog.enabled=true server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms) server.tomcat.accesslog.suffix=.log server.tomcat.max-threads=10 server.tomcat.port-header=X-Forwarded-Port server.tomcat.protocol-header=X-Forwarded-Proto server.tomcat.protocol-header-https-value=https server.tomcat.remote-ip-header=X-FORWARDED-FOR server.tomcat.uri-encoding=UTF-8 spring.http.encoding.charset=UTF-8 spring.http.encoding.enabled=true spring.http.encoding.force=true ## # CAS Cloud Bus Configuration # spring.cloud.bus.enabled=false # spring.cloud.bus.refresh.enabled=true # spring.cloud.bus.env.enabled=true # spring.cloud.bus.destination=CasCloudBus # spring.cloud.bus.ack.enabled=true endpoints.enabled=false endpoints.sensitive=true endpoints.restart.enabled=false endpoints.shutdown.enabled=false management.security.enabled=true management.security.roles=ACTUATOR,ADMIN management.security.sessions=if_required management.context-path=/status management.add-application-context-header=false security.basic.authorize-mode=role security.basic.enabled=false security.basic.path=/cas/status/** ## # CAS Web Application Session Configuration # server.session.timeout=300 server.session.cookie.http-only=true server.session.tracking-modes=COOKIE ## # CAS Thymeleaf View Configuration # spring.thymeleaf.encoding=UTF-8 spring.thymeleaf.cache=true spring.thymeleaf.mode=HTML ## # CAS Log4j Configuration # # logging.config=file:/etc/cas/log4j2.xml server.context-parameters.isLog4jAutoInitializationDisabled=true ## # CAS AspectJ Configuration # spring.aop.auto=true spring.aop.proxy-target-class=true ## # CAS Authentication Credentials # #cas.authn.accept.users=casuser::Mellon ## # CAS Delegated Authentication # #cas.authn.pac4j.bitbucket.clientName=Bitbucket #cas.authn.pac4j.dropbox.clientName=Dropbox #cas.authn.pac4j.facebook.clientName=Facebook #cas.authn.pac4j.foursquare.clientName=Foursquare #cas.authn.pac4j.github.clientName=Github #cas.authn.pac4j.google.clientName=Google #cas.authn.pac4j.linkedIn.clientName=LinkedIn #cas.authn.pac4j.paypal.clientName=PayPal #cas.authn.pac4j.twitter.clientName=Twitter #cas.authn.pac4j.yahoo.clientName=Yahoo #cas.authn.pac4j.windowsLive.clientName=Windows Live #cas.authn.pac4j.wordpress.clientName=WordPress cas.authn.jdbc.query[0].sql=SELECT * FROM t_user WHERE name=? # cas.authn.jdbc.query[0].healthQuery= # cas.authn.jdbc.query[0].isolateInternalQueries=false cas.authn.jdbc.query[0].url=jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&useSSL=false&serverTimezone=GMT # cas.authn.jdbc.query[0].failFastTimeout=1 cas.authn.jdbc.query[0].isolationLevelName=ISOLATION_READ_COMMITTED cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect cas.authn.jdbc.query[0].leakThreshold=10 cas.authn.jdbc.query[0].propagationBehaviorName=PROPAGATION_REQUIRED # cas.authn.jdbc.query[0].batchSize=1 cas.authn.jdbc.query[0].user=root # cas.authn.jdbc.query[0].ddlAuto=create-drop # cas.authn.jdbc.query[0].maxAgeDays=180 cas.authn.jdbc.query[0].password= cas.authn.jdbc.query[0].autocommit=false cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver # cas.authn.jdbc.query[0].idleTimeout=5000 # cas.authn.jdbc.query[0].credentialCriteria= # cas.authn.jdbc.query[0].name= # cas.authn.jdbc.query[0].order=0 # cas.authn.jdbc.query[0].dataSourceName= # cas.authn.jdbc.query[0].dataSourceProxy=false # Hibernate-specific properties (i.e. `hibernate.globally_quoted_identifiers`) # cas.authn.jdbc.query[0].properties.propertyName=propertyValue cas.authn.jdbc.query[0].fieldPassword=password # cas.authn.jdbc.query[0].fieldExpired= # cas.authn.jdbc.query[0].fieldDisabled= # cas.authn.jdbc.query[0].principalAttributeList=sn,cn:commonName,givenName # cas.authn.jdbc.query[0].passwordEncoder.type=NONE|DEFAULT|STANDARD|BCRYPT|SCRYPT|PBKDF2|com.example.CustomPasswordEncoder # cas.authn.jdbc.query[0].passwordEncoder.characterEncoding= # cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm= # cas.authn.jdbc.query[0].passwordEncoder.secret= # cas.authn.jdbc.query[0].passwordEncoder.strength=16 # cas.authn.jdbc.query[0].principalTransformation.pattern=(.+)@example.org # cas.authn.jdbc.query[0].principalTransformation.groovy.location=file:///etc/cas/config/principal.groovy # cas.authn.jdbc.query[0].principalTransformation.suffix= # cas.authn.jdbc.query[0].principalTransformation.caseConversion=NONE|UPPERCASE|LOWERCASE # cas.authn.jdbc.query[0].principalTransformation.prefix=
修改 背景色 着重標記的數據便可,打包運行測試
登陸結果:
到此服務端就完成了,客戶端添加依賴導入web.xml 就能夠了。
客戶端:
配置服務端接受客戶端服務配置文件:
注意:服務文件的命名必須爲 域名/localhost + 序號 .json 的格式,而且要開啓服務點的配置:
cas.serviceRegistry.initFromJson=true
Localhost-10000003.json:
{
"@class": "org.apereo.cas.services.RegexRegisteredService",
"serviceId": "^(http)://localhost.*",
"name": "本地服務",
"id": 10000003,
"description": "這是一個本地容許的服務,經過localhost訪問都容許經過",
"evaluationOrder": 1
}
導入 jar 包
<dependency> <groupId>org.jasig.cas.client</groupId> <artifactId>cas-client-core</artifactId> <version>3.2.1</version> </dependency> <!-- https://mvnrepository.com/artifact/commons-collections/commons-collections --> <dependency> <groupId>commons-collections</groupId> <artifactId>commons-collections</artifactId> <version>3.2.2</version> </dependency> <!-- https://mvnrepository.com/artifact/commons-logging/commons-logging --> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.2</version> </dependency> <!-- https://mvnrepository.com/artifact/javax.servlet/servlet-api --> <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>2.5</version> <scope>provided</scope> </dependency>
web.xml:
<?xml version="1.0" encoding="UTF-8"?> <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <!-- ======================== 單點登陸開始 ======================== --> <!-- 用於單點退出,該過濾器用於實現單點登出功能,可選配置--> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <!-- 該過濾器用於實現單點登出功能,可選配置。 --> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 該過濾器負責用戶的認證工做,必須啓用它 --> <filter> <filter-name>CASFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://sso.castest.com:8086/cas/login</param-value> </init-param> <!-- 指定客戶端的域名和端口,是指客戶端應用所在機器而不是 CAS Server 所在機器如下配置表示, 系統部署在域名爲shirui-55的機器上,端口爲80 --> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8111</param-value> </init-param> </filter> <filter-mapping> <filter-name>CASFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 該過濾器負責對Ticket的校驗工做,必須啓用它 --> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://sso.castest.com:8086/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8111</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 該過濾器負責實現HttpServletRequest請求的包裹, 好比容許開發者經過HttpServletRequest的getRemoteUser()方法得到SSO登陸用戶的登陸名,可選配置。 --> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class> org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 該過濾器使得開發者能夠經過org.jasig.cas.client.util.AssertionHolder來獲取用戶的登陸名。 好比AssertionHolder.getAssertion().getPrincipal().getName()。 --> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- ======================== 單點登陸結束 ======================== --> <!-- session超時定義,單位爲分鐘 --> <session-config> <session-timeout>2</session-timeout> </session-config> </web-app>
親測有效,時間有限就不寫了。。。,
官方配置: https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#jdbc
源碼: https://files.cnblogs.com/files/guofz/cas-overlay-template-5.1.rar
參照: http://www.javashuo.com/article/p-xxwrctld-de.html
http://www.cnblogs.com/flying607/p/7598248.html
http://www.javashuo.com/article/p-gdkmuyis-de.html
ps : 巨人的肩膀就是好使~
SSO原理:
http://www.javashuo.com/article/p-wedlybjg-km.html
https://blog.csdn.net/javaloveiphone/article/details/52439613
相關文章
- 1. CAS入門
- 2. CAS - 入門小 demo
- 3. cas入門之十八:cas審計日誌Inspektr(上)
- 4. cas入門之二十九:cas 集羣簡介
- 5. cas入門之:cas 4 如何以http形式發佈
- 6. CAS 單點登陸【1】入門
- 7. 深入理解CAS
- 8. 深入分析 CAS
- 9. cas導入Eclipse中
- 10. CAS protocol(CAS協議)
- 更多相關文章...
- • Memcached入門教程 - NoSQL教程
- • Neo4j數據庫入門教程 - NoSQL教程
- • YAML 入門教程
- • Java Agent入門實戰(一)-Instrumentation介紹與使用
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. CAS入門
- 2. CAS - 入門小 demo
- 3. cas入門之十八:cas審計日誌Inspektr(上)
- 4. cas入門之二十九:cas 集羣簡介
- 5. cas入門之:cas 4 如何以http形式發佈
- 6. CAS 單點登陸【1】入門
- 7. 深入理解CAS
- 8. 深入分析 CAS
- 9. cas導入Eclipse中
- 10. CAS protocol(CAS協議)