CAS (2) —— Mac下配置CAS到Tomcat(客戶端)

時間  2019-12-09
標籤 cas mac 配置 tomcat 客戶端 欄目 MacBook 简体版
原文   原文鏈接

CAS (2) —— Mac下配置CAS到Tomcat(客戶端)

tomcat版本: tomcat-8.0.29html

jdk版本: jdk1.8.0_65java

cas版本: cas4.1.2
cas-client-3.4.1node

參考來源:git

CAS實現單點登陸(SSO)經典完整教程github

CAS 4.0 配置開發手冊web

cas客戶端應用實現數據庫

使用 CAS 在 Tomcat 中實現單點登陸apache

Tomcat (1) —— Mac下配置Tomcat Https/SSLapi

【高可用HA】Apache (2) —— Mac下安裝多個Apache Tomcat實例瀏覽器

目標架構

下載

首先登錄jasig網站http://downloads.jasig.org/,下載相應的cas版本。

因爲網站只提供源碼包而不提供發佈包,因此須要本身下載來編譯。

cas會爲不一樣的客戶端消費者提供client包,這裏咱們選擇java-client做爲演示。

編譯客戶端所須要的jar

java-cas-client-cas-client-3.4.1 Richard$ mvn clean install -Dmaven.test.skip

而後下載供測試的客戶端示例代碼(jasig在github上爲咱們提供了一個簡易的客戶端demo)

$ git clone https://github.com/UniconLabs/cas-sample-java-webapp.git

配置

客戶端

  • 設置

參照如下文章爲Tomcat配置好Https

Tomcat (1) —— Mac下配置Tomcat Https/SSL

【高可用HA】Apache (2) —— Mac下安裝多個Apache Tomcat實例

  • 編譯部署

而後編譯咱們的示例項目

:cas-sample-java-webapp Richard$ mvn clean install -Dmaven.test.skip

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>iamlabs.unicon.net</groupId>
<artifactId>cas-sample-java-webapp</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<name>CAS Example Java Web App</name>
<description>A sample web application that exercises the CAS protocol features via the Java CAS Client.</description>
<build>
    <finalName>cas-sample-java-webapp</finalName>
    <plugins>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-compiler-plugin</artifactId>
            <version>2.5.1</version>
            <configuration>
                <source>1.6</source>
                <target>1.6</target>
            </configuration>
        </plugin>
    </plugins>
</build>

<dependencies>

    <dependency>
        <groupId>commons-logging</groupId>
        <artifactId>commons-logging</artifactId>
        <version>1.1.1</version>
    </dependency>

    <dependency>
        <groupId>log4j</groupId>
        <artifactId>log4j</artifactId>
        <version>1.2.16</version>
    </dependency>
    <dependency>
        <groupId>org.opensaml</groupId>
        <artifactId>opensaml1</artifactId>
        <version>1.1</version>
    </dependency>
    
    <dependency>
        <groupId>javax.servlet</groupId>
        <artifactId>javax.servlet-api</artifactId>
        <version>3.1.0</version>
        <scope>provided</scope>
    </dependency>

    <dependency>
        <groupId>org.jasig.cas.client</groupId>
        <artifactId>cas-client-core</artifactId>
        <version>3.2.1</version>
        <exclusions>
            <exclusion>
                <groupId>javax.servlet</groupId>
                <artifactId>servlet-api</artifactId>
            </exclusion>
        </exclusions>
    </dependency>

    <dependency>
        <groupId>commons-codec</groupId>
        <artifactId>commons-codec</artifactId>
        <version>1.6</version>
    </dependency>

    <dependency>
        <groupId>org.apache.santuario</groupId>
        <artifactId>xmlsec</artifactId>
        <version>1.4.3</version>
    </dependency>
</dependencies>

將編譯生成的war包部署到咱們的Tomcat容器中:

項目主要包括兩個頁面

index.jsp(供登錄)

<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@ page import="java.util.Map" %>
<%@ page import="java.util.Iterator" %>
<%@ page import="java.util.List" %>
<%@ page import="org.jasig.cas.client.authentication.AttributePrincipal" %>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>CAS Example Java Web App</title>
</head>
<body>

<h1>CAS Example Java Web App</h1>
<p>A sample web application that exercises the CAS protocol features via the Java CAS Client.</p>
<hr>

<p><b>Authenticated User Id:</b> <a href="../cas1/logout.jsp" title="Click here to log out"><%= request.getRemoteUser() %></a></p>

<%
if (request.getUserPrincipal() != null) {
  AttributePrincipal principal = (AttributePrincipal) request.getUserPrincipal();
  
  /*
  final String password = principal.getPassword();
  if (password != null) {
    out.println("<p><b>User Credentials:</b> " + password + "</p>");
  }
  */
  
  final Map attributes = principal.getAttributes();
  
  if (attributes != null) {
    Iterator attributeNames = attributes.keySet().iterator();
    out.println("<b>Attributes:</b>");
    
    if (attributeNames.hasNext()) {
      out.println("<hr><table border='3pt' width='100%'>");
      out.println("<th colspan='2'>Attributes</th>");
      out.println("<tr><td><b>Key</b></td><td><b>Value</b></td></tr>");

      for (; attributeNames.hasNext();) {
        out.println("<tr><td>");
        String attributeName = (String) attributeNames.next();
        out.println(attributeName);
        out.println("</td><td>");
        final Object attributeValue = attributes.get(attributeName);

        if (attributeValue instanceof List) {
          final List values = (List) attributeValue;
          out.println("<strong>Multi-valued attribute: " + values.size() + "</strong>");
          out.println("<ul>");
          for (Object value: values) {
            out.println("<li>" + value + "</li>");
          }
          out.println("</ul>");
        } else {
          out.println(attributeValue);
        }
        out.println("</td></tr>");
      }
      out.println("</table>");
    } else {
      out.print("No attributes are supplied by the CAS server.</p>");
    }
  } else {
    out.println("<pre>The attribute map is empty. Review your CAS filter configurations.</pre>");
  }
} else {
    out.println("<pre>The user principal is empty from the request object. Review the wrapper filter configuration.</pre>");
}
%>

</body>
</html>

logout.jsp(註銷)

<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@ page import="java.util.Map" %>
<%@ page import="java.util.Iterator" %>
<%@ page import="org.jasig.cas.client.authentication.AttributePrincipal" %>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    "http://www.w3.org/TR/html4/loose.dtd">

<%
    session.invalidate();
%>

<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>CAS Example Java Web App</title>
</head>
<body>
    <h1>CAS Example Java Web App</h1>
    <p>Application session is now invalidated. You may also issue a request to "/cas/logout" to destroy the CAS SSO Session as well.</p>
    <hr>
    
    <a href="../cas1/index.jsp">Back to Home</a>
</body>
</html>

  • 配置CAS Authentication Filter

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<filter>
    <filter-name>CAS Authentication Filter</filter-name>
    <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
    <!-- <filter-class>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class> -->
    <!-- <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> -->
    <init-param>
        <param-name>casServerLoginUrl</param-name>
        <param-value>https://sso.hoau.com:8433/cas/login</param-value>
    </init-param>
    <init-param>
        <param-name>serverName</param-name>
        <param-value>https://app1.hoau.com:8413</param-value>
    </init-param>
</filter>

<filter>
    <filter-name>CAS Validation Filter</filter-name>
    <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
    <!-- <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class> -->  
    <!-- <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> --> 
    <init-param>
        <param-name>casServerUrlPrefix</param-name>
        <param-value>https://sso.hoau.com:8433/cas</param-value>
    </init-param>
    <init-param>
        <param-name>serverName</param-name>
        <param-value>https://app1.hoau.com:8413</param-value>
    </init-param>
    <init-param>
        <param-name>redirectAfterValidation</param-name>
        <param-value>true</param-value>
    </init-param>
    <init-param>
        <param-name>useSession</param-name>
        <param-value>true</param-value>
    </init-param>
    <init-param>
        <param-name>acceptAnyProxy</param-name>
        <param-value>true</param-value>
    </init-param>
    <!--
    <init-param>
        <param-name>proxyReceptorUrl</param-name>
        <param-value>/cas1/proxyUrl</param-value>
    </init-param>
    <init-param>
        <param-name>proxyCallbackUrl</param-name>
        <param-value>https://app1.hoau.com:8413/cas1/index.jsp</param-value>
    </init-param>
    -->
</filter>

<filter>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<welcome-file-list>
    <welcome-file>
        index.jsp
</welcome-file>
</welcome-file-list>
</web-app>
* 以上web.xml配置中有四處須要注意的地方

  1. cas目標服務器登錄頁面的配置

    <init-param>
     <param-name>casServerLoginUrl</param-name>
     <param-value>https://sso.hoau.com:8433/cas/login</param-value>
 </init-param>

  2. 本機服務器的地址(即當前node-a)

    <init-param>
     <param-name>serverName</param-name>
     <param-value>https://app1.hoau.com:8413</param-value>
 </init-param>

  3. "Cas20ProxyReceivingTicketValidationFilter"

    2.x和3.x之前也有其餘的Ticket校驗方式,這裏官方推薦用Cas20Proxy

    <filter>
 <filter-name>CAS Validation Filter</filter-name>
 <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
 <init-param>
     <param-name>casServerUrlPrefix</param-name>
     <param-value>https://sso.hoau.com:8433/cas</param-value>
 </init-param>
 <init-param>
     <param-name>serverName</param-name>
     <param-value>https://app1.hoau.com:8413</param-value>
 </init-param>

  4. 暫時將proxyReceptorUrl和proxyCallbackUrl註釋掉,由於這裏沒有使用代理

    <!--
 <init-param>
     <param-name>proxyReceptorUrl</param-name>
     <param-value>/cas1/proxyUrl</param-value>
 </init-param>
 <init-param>
     <param-name>proxyCallbackUrl</param-name>
     <param-value>https://app1.hoau.com:8413/cas1/index.jsp</param-value>
 </init-param>
 -->

測試

嘗試訪問

https://app1.hoau.com:8413/cas1

* 抱歉此處配圖爲node-b的

並使用咱們在數據庫裏面預埋的數據"test01/psw01"登錄

使用相同方式將cas2部署到node-b節點,並指向cas的SSO服務器

*擴展

咱們清空瀏覽器的cache和cookie,按照下列步驟操做

  1. 訪問"https://app1.hoau.com:8413/cas1"

    系統會將咱們重定向到"https://sso.hoau.com:8433/cas/login"。

  2. 輸入用戶名密碼"test01/psw01"

    登錄成功

  3. 訪問"https://app2.hoau.com:8423/cas2"

    系統會自動登錄使用用戶名密碼"test01/psw01"。

問題來了

這就是達到了SSO的效果,可是爲何是這樣,原理是什麼

結束

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程