1.首先下载cas工程包cas-server-3.3.5-release.zip,解压后,将modules目录下的cas-server-webapp-3.3.5.war拷贝到tomcat的webapps目录下,作为一个应用进行部署。
2.cas默认使用的是ldap的访问方式,所以需要将modules目录下的cas-server-support-jdbc-3.3.5.jar拷贝到cas-server-webapp-3.3.5.war应用中,同时将jdbc数据库对应的jar同时拷贝到cas-server-webapp-3.3.5.war应用的classpath下面。
3.修改cas-server-webapp-3.3.5\WEB-INF目录下面的deployerConfigContext.xml配置文件,对cas进行重新配置,
修改的地方为:
<1>修改验证方式
注释掉:
<bean
class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
增加:
<!-- add jdbc database source (add by samuel) -->
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="sql" value="select password from adminuser where name = ?" />
<property name="dataSource" ref="dataSource" />
<property name="passwordEncoder" ref="MD5PasswordEncoder" />
</bean>
结果为:
<property name="authenticationHandlers">
<list>
<!--
| This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
| a server side SSL certificate.
+-->
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<!--
| This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS
| into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
| where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your
| local authentication strategy. You might accomplish this by coding a new such handler and declaring
| edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
+-->
<!--
<bean
class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
-->
<!-- add jdbc database source (add by samuel) -->
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="sql" value="select password from adminuser where name = ?" />
<property name="dataSource" ref="dataSource" />
<property name="passwordEncoder" ref="MD5PasswordEncoder" />
</bean>
</list>
</property>
<2>增加对应的数据源dataSource配置:
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" destroy-method="close" >
<property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
<property name="url"><value>jdbc:mysql://localhost:3306/chplan</value></property>
<property name="username"><value>chplan</value></property>
<property name="password"><value>chplan</value></property>
</bean>
一定要增加在<beans>下面,增加到<list></list>里面是错误的
<3>增加对应的密码加密算法,cas提供MD5加密算法引入方式为:
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="sql" value="select password from adminuser where name = ?" />
<property name="dataSource" ref="dataSource" />
<property name="passwordEncoder" ref="MD5PasswordEncoder" />
</bean>
同时需要增加MD5PasswordEncoder的bean定义:
<bean id="MD5PasswordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
<constructor-arg index="0">
<value>MD5</value>
</constructor-arg>
</bean>
也可以根据自己的数据库加密算法实现cas加密接口:
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="sql" value="select password from adminuser where name = ?" />
<property name="dataSource" ref="dataSource" />
<property name="passwordEncoder" ref="sfwPasswordEncoder" />
</bean>
<bean id="sfwPasswordEncoder" class="org.sfw.cas.CASPasswordEncoder"/>
4.启动tomcat,输入http://samuel.dev:8080/cas-server-webapp-3.3.5 ,进行测试(samuel.dev为本机的域名)
5.出现如下界面,表示登录成功:
6.出现如下界面,表示密码错误:
7.以上只是测试界面,实际应用中,登录和成功转向的界面,需要修改为系统的登录和转向成功的界面。