cas server

時間 2019-11-11

標籤 cas server 简体版

原文原文鏈接

Tomcat: V8.5.xhtml

Java: 1.8 x64 java

MySQL: 5.5.x+mysql

OS: Win10 x64git

I. war

0. clone

git clone https://github.com/apereo/cas-gradle-overlay-template.git

1. set gradle

https://gradle.org/releases/github

1) extractweb

gradle-4.10.3-bin.zipspring

2) set system variablesql

$PATH=$PATH;%GRADLE_HOME%\binapache

2. build war

File location: cas\build\libs\cas.war

1) config filejson

gradle.properties

cas.version=5.3.2
->
cas.version=5.3.11


gradle.version=4.8
->
gradle.version=4.10.3


springboot.version=1.5.14.RELEASE
->
springboot.version=1.5.18.RELEASE

change version:

2) build

cd cas-gradle-overlay-template

$gradle build

II. Run

0. key/certificate

1) genkey

keytool -genkey -keyalg RSA -alias thekeystore -keypass changeit -storepass changeit -keysize 2048 -keystore d:/etc/cas/thekeystore

info:

-dname "CN=localhost,OU=test.com,O=test,L=WH,ST=HB,C=CN"

2) export

keytool -export -alias thekeystore -file d:/etc/cas/cas5311.crt -keystore d:/etc/cas/thekeystore -storepass changeit

3) import

keytool -import -alias thekeystore -storepass changeit -file d:/etc/cas/cas5311.crt -keystore "%JAVA_HOME%\jre\lib\security\cacerts"

1. set tomcat

1）thekeystore

copy thekeystore file to $TOMCAT_HOME/conf

2）add https

server.xml

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="conf/thekeystore"
                        keystorePass="changeit"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

2. let's it

(1) tomcat startup

startup.bat

(2) login

http://localhost:8080/cas

https://localhost:8443/cas

Enter username and password

casuser/Mellon

If you want to change the user/password, stop Tomcat and change it in Application.properties(webapps\cas\WEB-INF\classes).

##
# CAS Authentication Credentials
#
cas.authn.accept.users=casuser::Mellon

----Beautiful Split Line----

III. Database Authentication

0. config files folder

copy cas-gradle-overlay-template/etc to The drive letter where Tomcat is located.

For example：

e:\

1. service register

0) ON Services

cas.properties

Append the following Key-Value:

cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.json.location=classpath:/services

1) services file

webapps\cas\WEB-INF\classes\services

cas spring secured app
casSecuredApp-19991.json
cas client for java
loginInfo-10000004.json

2. JDBC Support

1) down jar

MySQL Connector/J is 5.x;

cas-server-support-jdbc for matching ' cas.server '.

If the cas.authn.jdbc.query[0].passwordEncoder.type is not NONE, add the cas-server-support-jdbc-authentication package.

https://mvnrepository.com/artifact/mysql/mysql-connector-java

https://mvnrepository.com/artifact/org.apereo.cas/cas-server-support-jdbc

https://mvnrepository.com/artifact/org.apereo.cas/cas-server-support-jdbc-authentication

***Copy the above three files (*.jar) to the lib(..\webapps\cas\WEB-INF\lib) folder.***

2) properties

application.properties(..\webapps\cas\WEB-INF\classes)

##
# CAS Authentication Credentials
#
#cas.authn.accept.users=casuser::Mellon

View Code

(1) mysql5.5-mysql5.7

# server.port = 8443
cas.server.name: https://localhost:8443
cas.server.prefix: https://localhost:8443/cas

cas.adminPagesSecurity.ip=127\.0\.0\.1

logging.config: file:/etc/cas/config/log4j2.xml
cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.json.location=classpath:/services

# SSL
# server.ssl.enabled=false

cas.authn.accept.users=
cas.authn.accept.name=
#CAS Database Authentication Property
#cas.authn.jdbc.query[0].sql=SELECT * FROM users WHERE email = ?
cas.authn.jdbc.query[0].sql=SELECT * FROM app_user WHERE email = ?
cas.authn.jdbc.query[0].url=jdbc:mysql://127.0.0.1:3306/test
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect
cas.authn.jdbc.query[0].user=DBAdmin
cas.authn.jdbc.query[0].password=xbfirst
cas.authn.jdbc.query[0].ddlAuto=none
cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
## mysql8+
#cas.authn.jdbc.query[0].driverClass=com.mysql.cj.jdbc.Driver
cas.authn.jdbc.query[0].fieldPassword=password
#cas.authn.jdbc.query[0].passwordEncoder.type=NONE
cas.authn.jdbc.query[0].passwordEncoder.type=BCRYPT
# cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=
# cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=
# cas.authn.jdbc.query[0].passwordEncoder.secret=
cas.authn.jdbc.query[0].passwordEncoder.strength=10

cas.properties

(2) mysql8.0+

# server.port = 8443
cas.server.name: https://localhost:8443
cas.server.prefix: https://localhost:8443/cas

cas.adminPagesSecurity.ip=127\.0\.0\.1

logging.config: file:/etc/cas/config/log4j2.xml
cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.json.location=classpath:/services

# SSL
# server.ssl.enabled=false

cas.authn.accept.users=
cas.authn.accept.name=
#CAS Database Authentication Property
#cas.authn.jdbc.query[0].sql=SELECT * FROM users WHERE email = ?
cas.authn.jdbc.query[0].sql=SELECT * FROM app_user WHERE email = ?
#cas.authn.jdbc.query[0].url=jdbc:mysql://127.0.0.1:3306/test
cas.authn.jdbc.query[0].url=jdbc:mysql://127.0.0.1:3306/test?serverTimezone=UTC
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect
cas.authn.jdbc.query[0].user=DBAdmin
cas.authn.jdbc.query[0].password=xbfirst
cas.authn.jdbc.query[0].ddlAuto=none
##cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
## mysql8+
cas.authn.jdbc.query[0].driverClass=com.mysql.cj.jdbc.Driver
cas.authn.jdbc.query[0].fieldPassword=password
#cas.authn.jdbc.query[0].passwordEncoder.type=NONE
cas.authn.jdbc.query[0].passwordEncoder.type=BCRYPT
# cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=
# cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=
# cas.authn.jdbc.query[0].passwordEncoder.secret=
cas.authn.jdbc.query[0].passwordEncoder.strength=10

cas.properties

3) table

create table APP_USER (
   id BIGINT NOT NULL AUTO_INCREMENT,
   sso_id VARCHAR(30) NOT NULL,
   password VARCHAR(100) NOT NULL,
   first_name VARCHAR(30) NOT NULL,
   last_name  VARCHAR(30) NOT NULL,
   email VARCHAR(30) NOT NULL,
   state VARCHAR(30) NOT NULL,  
   PRIMARY KEY (id),
   UNIQUE (sso_id)
);

APP_USER

INSERT INTO APP_USER(sso_id, password, first_name, last_name, email, state)
VALUES ('sam','$2a$10$4eqIF5s/ewJwHK1p8lqlFOEm2QIA0S8g6./Lok.pQxqcxaBZYChRm', 'Sam','Smith','samy@xyz.com', 'Active');

insert data

3. test

cas client

Source:

configure file

{
    "@class" : "org.apereo.cas.services.RegexRegisteredService",
    "serviceId" : "^http://localhost:9000/login/cas",
    "name" : "CAS Spring Secured App",
    "description": "This is a Spring App that usses the CAS Server for it's authentication",
    "id" : 19991,
    "evaluationOrder" : 1
}

casSecuredApp-19991.json

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^http://localhost:9080/loginInfo/",
  "name" : "Login Information",
  "id" : 10000004,
  "description" : "Sample service for Cas client",
  "evaluationOrder" : 1
}

loginInfo-10000004.json

Reference:

0. Database Authentication

1) configure

2) password-encode

1. Service Registry

1) JSON Service Registry

2. keytool - del

keytool -delete -alias thekeystore -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -storepass changeit

3. bcrypt tool

End

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。