CAS环境搭建
1、下载CAS服务器
CAS 官网:http://www.jasig.org/cas 下载,这可能需要翻墙
CAS下载:http://downloads.jasig.org/cas/
2、应用CAS
1)下载 CAS 服务器最新版:cas-server-3.5.2-release.zip
2)解压程序包
3)复制 cas-server-3.5.2/modules/cas-server-webapp-3.5.2.war 到 Tomcat 的 webapps 目录下,并重命名为 ROOT.war
3、创建密钥库
1
|
keytool -genkeypair -alias
"cas"
-keyalg
"RSA"
-keystore
"F:\sync\java\Keys\cas.keystore"
|
4、导出到证书文件
1、“名字与姓氏”应该是域名,若输成了姓名,和真正运行的时候域名不符,会出问题;
1
|
keytool -export-alias cas -file
"F:\sync\java\Keys\cas.crt"
-keystore
"F:\sync\java\Keys\cas.keystore"
|
5、为JVM导入证书
1
|
keytool -import-keystore
"%JAVA_HOME%\jre\lib\security\cacerts"
-file
"F:\sync\java\Keys\cas.crt"
-alias cas
|
1)可能遇到以下错误 (删除cacerts)
1
|
java.io.IOException:Keystore was tampered with,
or
password was incorrectkeytool -delete-keystore
"%JAVA_HOME%\jre\lib\security\cacerts"
-alias cas //删除操作
|
2)没有导入证书
1
|
javax.net.ssl.SSLException: java.lang.RuntimeException:Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
|
3)创建密钥库的时候没有填localhost为你的名字,注意cas server有用到ca证书
1
|
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:No name matching localhost found
|
注意:你有多个java环境的时候
6、修改tomcat配置
clientAuth:设置是否双向验证,默认为false,设置为true代表双向验证
keystoreFile:服务器证书文件路径
keystorePass:服务器证书密码
truststoreFile:用来验证客户端证书的根证书,此例中就是服务器证书
truststorePass:根证书密码
1
|
<
Connectorport
=
"8443"
protocol
=
"org.apache.coyote.http11.Http11Protocol"
maxThreads
=
"150"
SSLEnabled
=
"true"
scheme
=
"https"
secure
=
"true"
clientAuth
=
"false"
sslProtocol
=
"TLS"
/>
|
1)找到以下配置加入keystoreFile、keystorePass
7、登录cas服务器
1)https://localhost:8443/login(注意是HTTPS)
2)账号密码相同即登录成功
3)退出时:https://localhost:8443/login
8、修改密码
1)为了能访问数据库还得做如下配置:WEB-INFO/deployerConfigContext.xml
1
2
3
4
5
6
7
|
<!--注释 -->
<
beanclass
=
"org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler"
/>
<!--加入-->
<
beanclass
=
"org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
><
propertyname
=
"dataSource"
ref
=
"dataSource"
></
property
><
propertyname
=
"sql"
value
=
"select password from users where userName=?"
></
property
>
<!--<property name="passwordEncoder" ref="MD5PasswordEncoder"></property>-->
</
bean
>
|
2)在最下面加入
1
|
<
beanid
=
"dataSource"
class
=
"org.springframework.jdbc.datasource.DriverManagerDataSource"
><
propertyname
=
"driverClassName"
><
value
>com.mysql.jdbc.Driver</
value
></
property
><
propertyname
=
"url"
><
value
>jdbc:mysql://192.168.64.137/cas?useUnicode=true&characterEncoding=utf-8</
value
></
property
><
propertyname
=
"username"
><
value
>root</
value
></
property
><
propertyname
=
"password"
><
value
>123456</
value
></
property
></
bean
><
beanid
=
"MD5PasswordEncoder"
class
=
"org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
><
constructor-argindex
=
"0"
><
value
>MD5</
value
></
constructor-arg
></
bean
>
|
3)然后从\cas-server-3.5.2-release\cas-server-3.5.2\modules目录下拷贝cas-server-support-jdbc-3.5.2.jar,再下载mysql-connector-java-5.1.26-bin.jar,将这两个文件拷贝到%CATALINA_HOME%/webapps/cas/WEB-INF/lib目录下
注:数据库确定有t_cas_user表,id, userName,password