cas 單點登陸(SSO)實驗之二: cas-client

cas 單點登陸(SSO)實驗之二: cas-client

參考文章:
html

http://my.oschina.net/indestiny/blog/200768#comments
java

http://wenku.baidu.com/view/0bcc0d01e87101f69e319595.htmlweb

接上一篇文章:chrome

cas 單點登陸(SSO)實驗之中的一個: jasig cas-server 安裝apache

本文說明怎樣寫一個web服務(cas-study)。使用cas-server提供的驗證服務。當用戶訪問這個cas-study服務。會使用上一節的cas-server來驗證。ubuntu

爲了說明問題,本文使用tomcat7。http:8080。本文全部內容在服務器B(Ubuntu14.04)上執行。
api

1 用Maven新建一個webproject

$ mvn archetype:generate -DgroupId=com.pepstack -DartifactId=cas-study -DarchetypeArtifactId=maven-archetype-webapp -DinteractiveMode=false -X瀏覽器

假設發現mvn命令停在如下這行tomcat

[DEBUG] Searching for remote catalog: http://repo1.maven.org/maven2/archetype-catalog.xml
就手動下載: http://repo1.maven.org/maven2/archetype-catalog.xml

archetype-catalog.xml 拷貝到如下的路徑(2.x 依據實際狀況而定):服務器

~/.m2/repository/org/apache/maven/archetype/archetype-catalog/2.x

而後又一次執行(添加了選項-DarchetypeCatalog=local):

$ mvn archetype:generate -DgroupId=com.pepstack -DartifactId=cas-study -DarchetypeArtifactId=maven-archetype-webapp -DarchetypeCatalog=local -DinteractiveMode=false -X

輸入如下的命令建立一個quickstartproject:

$ mvn archetype:generate -DgroupId=com.pepstack -DartifactId=quickstart -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false -X -DarchetypeCatalog=local

將quickstartproject的java和test文件夾拷貝到cas-studyproject下:

$ cp -r quickstart/src/test cas-study/src/

$ cp -r quickstart/src/main/java cas-study/src/main

在cas-study文件夾下執行命令,編譯war:

$ mvn clean compile install

$ mvn test

2 改動webproject

在cas-study文件夾下:

1) 按如下的內容改動pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>com.pepstack</groupId>
    <artifactId>cas-study</artifactId>
    <packaging>war</packaging>
    <version>1.0-SNAPSHOT</version>
    <name>cas-study Maven Webapp</name>
    <url>http://maven.apache.org</url>

    <dependencies>
        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
            <version>3.8.1</version>
            <scope>test</scope>
        </dependency>

        <dependency>
            <groupId>commons-logging</groupId>
            <artifactId>commons-logging</artifactId>
            <version>1.1.3</version>
        </dependency>

        <dependency>
            <!-- Jasig CAS Client For Java Core -->
            <groupId>org.jasig.cas.client</groupId>
            <artifactId>cas-client-core</artifactId>
            <version>3.2.1</version>
            <exclusions>
                <exclusion>
                    <artifactId>servlet-api</artifactId>
                    <groupId>javax.servlet</groupId>
                </exclusion>
            </exclusions>
        </dependency>

        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>javax.servlet-api</artifactId>
            <version>3.1.0</version>
            <scope>provided</scope>
        </dependency>

    </dependencies>

    <build>
        <finalName>cas-study</finalName>

        <plugins>
            <!-- $ mvn jetty:run -->
            <!--
            <plugin>
                <groupId>org.mortbay.jetty</groupId>
                <artifactId>maven-jetty-plugin</artifactId>
            </plugin>
            -->

            <plugin>
                <groupId>org.eclipse.jetty</groupId>
                <artifactId>jetty-maven-plugin</artifactId>
                <version>9.1.0.v20131115</version>
                <configuration>
                    <webApp>
                        <contextPath>/cas-study</contextPath>
                    </webApp>
                </configuration>
            </plugin>

        </plugins>

    </build>

</project>

2) jetty 執行命令

$ mvn clean compile install

$ mvn jetty:run

而後打開瀏覽器輸入:

http://localhost:8080/cas-study/

看到如下的內容:

Hello World!

3) Eclipse project

$ mvn eclipse:eclipse

而後:

eclipse>> import existing project

cas-study run as server

3 加入一個簡單的serverlet

${project_dir}/src/main/java/com/pepstack/SimpleServlet.java

/**
 * SimpleServlet.java
 */
package com.pepstack;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class SimpleServlet extends HttpServlet
{
    @Override
    protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
        throws ServletException, IOException {
        final PrintWriter out = resp.getWriter();
        out.println("<h1>SimpleServlet Executed</h1>");
        out.flush();
        out.close();
    }
}

${project_dir}/src/main/webapp/WEB-INF/web.xml

<!DOCTYPE web-app PUBLIC
 "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
 "http://java.sun.com/dtd/web-app_2_3.dtd" >

<web-app>
    <display-name>Archetype Created Web Application</display-name>

    <servlet>
        <servlet-name>simple</servlet-name>
        <servlet-class>com.pepstack.SimpleServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>simple</servlet-name>
        <url-pattern>/simple</url-pattern>
    </servlet-mapping>
</web-app>

而後執行:

$ mvn clean compile install jetty:run

打開瀏覽器訪問:

http://localhost:8080/cas-study/simple

顯示:

SimpleServlet Executed

4 把服務器A(cas server)的證書加入到B

在上一篇文章中,咱們已經在服務器A上生成了證書:ssotest.crt。

這裏需要把這個文件拷貝到服務器B。

而後加入到jre中。假定證書在~/ssotest.crt。加入證書命令:

若有必要先刪除:

$ rm -r /usr/local/java/jdk1.7.0_67/jre/lib/security/cacerts

再加入證書(ssotest.crt必定是服務器A上生成的證書):

$ keytool -import -keystore /usr/local/java/jdk1.7.0_67/jre/lib/security/cacerts -file ./ssotest.crt -alias ssotest

Enter keystore password:  123456
Re-enter new password: 123456
Owner: CN=repo.pepstack.com, OU=pepstack.com, O=pepstack.com, L=SHA, ST=SHA, C=CN
Issuer: CN=repo.pepstack.com, OU=pepstack.com, O=pepstack.com, L=SHA, ST=SHA, C=CN
Serial number: 2c324853
Valid from: Fri Aug 07 15:55:58 CST 2015 until: Thu Nov 05 15:55:58 CST 2015
Certificate fingerprints:
     MD5:  49:77:8E:3C:6A:3E:67:0F:4A:F2:9F:AD:07:D5:1C:70
     SHA1: 8A:B0:BF:96:46:7C:B7:DA:53:E4:10:40:49:EC:16:33:BA:66:81:D1
     SHA256: 14:7F:01:D7:54:8A:64:C3:88:33:81:37:BD:0D:24:AD:D5:E7:A7:1B:CC:E1:84:36:AC:3B:E8:E3:0B:99:81:47
     Signature algorithm name: SHA256withRSA
     Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9C 34 0B 19 6F 6E 4D 64   BF 77 EC 80 88 D8 E4 37  .4..onMd.w.....7
0010: F8 EF C3 71                                        ...q
]
]

Trust this certificate? [no]:  yes
Certificate was added to keystore

5 改動web.xml。更改後的例如如下

<?xml version="1.0" encoding="UTF-8"?

> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <jsp-config> <jsp-property-group> <url-pattern>*.jsp</url-pattern> <el-ignored>false</el-ignored> </jsp-property-group> </jsp-config> <display-name>cas-study</display-name> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <filter> <filter-name>CasSingleSignOutFilter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter-mapping> <filter-name>CasSingleSignOutFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>CASFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <!-- Cas Server URL --> <param-name>casServerLoginUrl</param-name> <param-value>https://repo.pepstack.com:8443/cas/login</param-value> </init-param> <init-param> <!-- Cas Client URL --> <param-name>serverName</param-name> <param-value>http://localhost:8080</param-value> </init-param> </filter> <filter-mapping> <filter-name>CASFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>CasTicketFilter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://repo.pepstack.com:8443/cas/</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8080</param-value> </init-param> </filter> <filter-mapping> <filter-name>CasTicketFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>CasRequestWrapFilter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>CasRequestWrapFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>AssertionThreadLocalFilter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter-mapping> <filter-name>AssertionThreadLocalFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <servlet> <servlet-name>simple</servlet-name> <servlet-class>com.pepstack.SimpleServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>simple</servlet-name> <url-pattern>/simple</url-pattern> </servlet-mapping> </web-app>

當中:

1) repo.pepstack.com 是服務器A的hostname. 服務器B需要配置/etc/hosts:

192.168.122.18  repo.pepstack.com

2) localhost:8080 是serverB的web服務。

訪問方式:http://localhost:8080/cas-study/

6 又一次編譯並執行cas-study

$ mvn clean compile install jetty:run

打開firefox瀏覽器,輸入如下的地址:

http://localhost:8080/cas-study/

或者

http://localhost:8080/cas-study/simple

可以顯示jasig的登陸界面。假設已經登陸過。直接顯示網頁內容。

打開chrome瀏覽器,仍然需要又一次登陸,因爲不一樣的瀏覽器session不公用。

相關文章
相關標籤/搜索