CAS学习笔记

 

1 实验环境

1.1 CAS Server

FreeBSD + Diablo-JDK 1.5.0 + Tomcat 6.0 + CAS Server 3.2.1

IP地址:192.168.0.180

域名:www.test.com

1.2 CAS Client

Windows + JDK 1.5.10 + Tomcat 6.0 + JA-SIG CAS-Client-3.1.3

IP地址:192.168.0.116

1.3 CAS Server 端数据验证的数据库

数据库:PostgreSQL 8.2

IP 地址192.168.0.180

数据库名称:BH_PORTAL

表名称:citizen

表定义:

CREATE TABLE citizen

(

  citizenid character varying(20) NOT NULL,

  "password" character varying NOT NULL,

  question character varying,

  answer character varying,

  name character varying NOT NULL,

  CONSTRAINT citizen_pkey PRIMARY KEY (citizenid)

)

说明:其中citizenid用于登录的ID”password”用于密码校验


 

2 环境搭建

2.1 CAS 服务器端

2.1.1 CAS服务器端生成HTTPS证书并注册

%JAVA_HOME%/jre/lib/security目录下运行如下Shell文件

#!/bin/csh

clear

keytool -delete -alias tomcatsso -keystore cacerts -storepass changeit

keytool -list -keystore cacerts -storepass changeit

keytool -genkey -keyalg RSA -alias tomcatsso -dname "cn=www.test.com" -keystore cacerts -storepass changeit

keytool -export -alias tomcatsso -file tomcatsso.crt -keystore cacerts -storepass changeit

keytool -import -alias tomcatsso -file tomcatsso.crt -keystore cacerts -storepass changeit

keytool -list -keystore cacerts -storepass changeit

说明:在生成key的过程,"cn=www.test.com" 中的www.test.comServer端的域名。

 

2.1.2 配置TomcatHTTPS服务

cacerts文件复制到TOMCATconf目录下

修改server.xml

<Connector port="8080" protocol="HTTP/1.1"

               connectionTimeout="20000"

               redirectPort="443" />

<Connector port="443" minSpareThreads="5" maxSpareThreads="75"  

           enableLookups="true" disableUploadTimeout="true"    

           acceptCount="100"  maxThreads="200"  

           scheme="https" secure="true" SSLEnabled="true"  

           clientAuth="false" sslProtocol="TLS"

           keystoreFile="conf/cacerts" keystorePass="changeit"

           truststoreFile="conf/cacerts"/>

启动Tomcat,测试https://www.test.com:443

 

2.2 CAS客户端

2.2.1 复制证书

复制tomcatsso.crt 文件到%JAVA_HOME%/jre/lib/security

 

2.2.2 导入证书

将证书tomcatsso.crt 文件导入到cacerts文件中

keytool -import -alias tomcatsso -file tomcatsso.crt -keystore cacerts -storepass changeit


 

3 配置

3.1 服务器端

3.1.1 部署cas server

将下载的cas-server-webapp- 3.2.1 .war复制到TOMCATwebapps目录下,并改名为cas-server.war

 

3.1.2 修改认证方式

WEB-INF目录下修改deployerConfigContext.xml文件

将原来的

<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />

修改为

<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">

      <property name="dataSource" ref="dataSource" />

      <property name="sql" value="select password from citizen where citizenid = ?" />

</bean>

 

<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">

<property name="driverClassName">

             <value>org.postgresql.Driver</value>

      </property>

 

<property name="url">

             <value>jdbc:postgresql://192.168.0.180:5432/bh_portal</value>

</property>

 

       <property name="username">

             <value>pgsql</value>

       </property>

     

       <property name="password">

             <value>javac</value>

       </property>

</bean>

其目的是将原来的SimpleTestUsernamePasswordAuthenticationHandler认证改为根据数据库数据进行认证。

 

3.2 客户端应用

3.2.1 建立应用

partner1partner2

Partner1下建立子目录secure,在secure中写2个测试页面,debug.jspindex.jsp

3.2.2 P artner1配置

编辑web.xml

<?xml version="1.0" encoding="ISO-8859-1"?>

<web-app xmlns="http://java.sun.com/xml/ns/javaee"

   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"

   version="2.5">

 

<context-param>

    <param-name>contextConfigLocation</param-name>

    <param-value>/WEB-INF/classes/spring-appContext.xml</param-value>

  </context-param>

 

<filter>

      <filter-name>CAS Single Sign Out Filter</filter-name>

     <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>

</filter>

             

<filter-mapping>

      <filter-name>CAS Single Sign Out Filter</filter-name>

      <url-pattern>/*</url-pattern>

</filter-mapping>

             

<listener>                  <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>

</listener>

  

<filter>

    <filter-name>CAS Authentication Filter</filter-name>

    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

    <init-param>

      <param-name>targetBeanName</param-name>

      <param-value>casAuthenticationFilter</param-value>

    </init-param>

</filter>

 

  <filter>

    <filter-name>CAS Validation Filter</filter-name>

    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

    <init-param>

      <param-name>targetBeanName</param-name>

      <param-value>casValidationFilter</param-value>

    </init-param>

  </filter>

 

  <filter>

    <filter-name>CAS HttpServletRequestWrapperFilter</filter-name>

    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

    <init-param>

      <param-name>targetBeanName</param-name>

      <param-value>casHttpServletRequestWrapperFilter</param-value>

    </init-param>

  </filter>

 

  <filter-mapping>

  <filter-name>CAS Authentication Filter</filter-name>

    <url-pattern>/secure/*</url-pattern>

  </filter-mapping>

 

  <filter-mapping>

    <filter-name>CAS Validation Filter</filter-name>

    <url-pattern>/secure/*</url-pattern>

  </filter-mapping>

 

  <filter-mapping>

    <filter-name>CAS HttpServletRequestWrapperFilter</filter-name>

    <url-pattern>/secure/*</url-pattern>

  </filter-mapping>

 

<listener>

    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>

</listener>

   

</web-app>

 

编辑spring-appContext.xml文件

/WEB-INF/classes目录下创建spring-appContext.xml文件

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

       xsi:schemaLocation="http://www.springframework.org/schema/beans

                http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">

 

<bean id="casAuthenticationFilter"

    class="org.jasig.cas.client.authentication.AuthenticationFilter">

       <property name ="casServerLoginUrl" value="https://www.test.com:443/cas-server/login"/>

       <property name ="serverName" value="http://192.168.0.116:8080"/>

  </bean>

 

<bean id="casValidationFilter"

      class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter">

    <property name="ticketValidator">

      <ref bean="Cas20ServiceTicketValidator"/>

    </property> 

    <property name="useSession" value="true"/> 

    <property name="serverName" value="http://192.168.0.116:8080"/> 

    <property name="redirectAfterValidation" value="false"/>

  </bean> 

     

  <bean id="Cas20ServiceTicketValidator" class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> 

    <constructor-arg index="0" value="https://www.test.com:443/cas-server" /> 

  </bean>   

 

  <bean id="casHttpServletRequestWrapperFilter"

class="org.jasig.cas.client.util.HttpServletRequestWrapperFilter"/>

</beans>

 

复制所需JAR

cas-client-core- 3.1.3 .jarspring.jar这两个JAR包复制到/WEB-INF/lib目录下

 

3.2.3 P artner2配置

partner1完全相同

 

3.2.4 gateway参数更改(用于实验三, 在实验一和实验二中不要修改

配置index.jspGateway参数

设置Gateway参数为false(默认值为false

web.xml文件:

保持原有无需改变

 

spring-appContext.xml文件

AuthenticationFilter对应的Bean添加一个属性gateway,并显式的设置为false

<property name ="gateway" value="false"/>

 

配置debug.jspGateway参数

设置Gateway参数为true(默认值为false

 

web.xml文件

       debug.jsp独立配置上面spring-appContext.xml文件中所提及到的3个过滤器AuthenticationFilter, Cas20ProxyReceivingTicketValidationFilter, HttpServletRequestWrapperFilter

 

spring-appContext.xml文件

AuthenticationFilter对应的Bean添加一个属性gateway并设置值为true

<property name ="gateway" value="true"/>


 

4 实验

4.1 实验一:单点登录

A. 访问http://192.168.0.116:8080/partner1/secure/index.jsp

B. 浏览器RedirectCAS服务器端,输入用户名和密码,点击确认

C. 在另外一个选项卡上访问http://192.168.0.116:8080/partner2/secure/index.jsp

 

4.2 实验二:单点登出

A.      访问http://192.168.0.116:8080/partner1/secure/index.jsp

B.      浏览器RedirectCAS服务器端,输入用户名和密码,点击确认

C.      在另外一个选项卡上访问http://192.168.0.116:8080/partner2/secure/index.jsp

D.     在另外一个选项卡上访问https://www.test.com:443/cas-server/logout,进行登出

E.      在另外一个选项卡上访问http://192.168.0.116:8080/partner2/secure/debug.jsp,确认登出成功

 

4.3 实验三:测试Gateway参数

A.      访问http://192.168.0.116:8080/partner1/secure/debug.jsp

B.      在另外一个选项卡上访问http://192.168.0.116:8080/partner1/secure/index.jsp

浏览器RedirectCAS服务器端,输入用户名和密码,点击确认
评论 4
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值