CAS环境搭建
1.1环境要求
(1)JDK 1.7
(2)TOMCAT 8.0.32
(3)cas-server-4.0.0、cas-client 3.4
.1
1.1开始搭建
1.1.1创建/导入证书
注:如果不需要HTTPS进行访问,则可以跳过创建/导入证书这一节。
(1)使用JDK自带的keytool工具生成证书。
keytool -genkey -alias cassso -keyalg RSA -keystore E:/cas/keys/cassso.keystore
(2)导出证书
keytool -export -file E:/cas/keys/cassso.crt -alias cassso -keystore E:/cas/keys/cassso.keystore
(3)将证书导入到JDK中,出现如下图表示导出成功。注:这里输入密码是JDK的,如果没有修改过密码为:changeit
(4)配置TOMCAT
在tomcat目录下conf打开server.xml,找到84行,删除注释。
修改前:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
修改后:
<Connector port="8443" protocol="HTTP/1.1"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="E:/cas/keys/cassso.keystore" keystorePass="123456"/>
注意:
keystoreFile=证书存放的路径,keystorePass=生成证书时设置的密码
1.1.2部署CAS SERVER端
(1)解压cas-server-4.0.0-release.zip 解压后在modules找到cas-server-webapp-4.0.0.war,将其拷贝到tomcat webapps下,运行tomcat,启动成功后在浏览器
输入:https://localhost:8443/cas-server-webapp-4.0.0/
显示如下页面,那就恭喜你已经部署成功了。
(2)输入用户名:casuser,密码:Mellon 登录,登录成功如下图:
这里我配置了证书,CAS默认是采用HTTPS的,如果没有配置证书,不需要用HTTPS更改以下配置,关闭即可
(1)修改配置文件:deployerConfigContext.xml
修改前: <bean id="proxyAuthenticationHandler" class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> 修改后: <bean id="proxyAuthenticationHandler" class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" p:requireSecure="false"/>
(2)修改配置文件:spring-configuration->ticketGrantingTicketCookieGenerator.xml
修改前:
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="true"
p:cookieMaxAge="-1"
p:cookieName="CASTGC"
p:cookiePath="/cas" />
修改后:
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="false"
p:cookieMaxAge="-1"
p:cookieName="CASTGC"
p:cookiePath="/cas" />
(3)修改配置文件:spring-configuration->warnCookieGenerator.xml
修改前:
<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="true"
p:cookieMaxAge="-1"
p:cookieName="CASPRIVACY"
p:cookiePath="/cas" />
修改后:
<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="false"
p:cookieMaxAge="-1"
p:cookieName="CASPRIVACY"
p:cookiePath="/cas" />
(4) 在浏览器上输入:http://localhost:8080/cas-server-webapp-4.0.0
1.1.3CAS客户端部署
(1)在需要单点登录的应用web.xml中加入以下代码:
<!-- 用于单点登录退出监听 -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!--该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
<filter-name>CASSingle Sign OutFilter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CASSingle Sign OutFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://localhost:8080/cas-server/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8180</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CASValidationFilter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://localhost:8080/cas-server</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8180</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责实现HttpServletRequest请求的包裹, 比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。 -->
<filter>
<filter-name>CASHttpServletRequest WrapperFilter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>CASHttpServletRequest WrapperFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 比如AssertionHolder.getAssertion().getPrincipal().getName()。 -->
<filter>
<filter-name>CASAssertion Thread LocalFilter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CASAssertion Thread LocalFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
(2)添加以下依赖:
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.4.1</version>
</dependency>
(3)加入修改相应的项目端口地址即可。