根据网上的几个不同的教程,感谢javaeye里朋友提供了学习文档,搭建CAS,其中把一些会错误的过程记下来了,不过感觉比网上的教程简单,没有重新下载jsse,同时cas客户端的包也是直接用cas-server-3.3.1-release.zip包里的cas-server-3.3.1\modules\cas-server-webapp-3.3.1.war这里的lib目录下cas-client-core-3.1.3.jar.
[color=red][b]不过有个疑惑,怎么我这个做法,在登录时去CAS服务端验证通过后在路径的后面显示jsessionid ,不是网上所说的显示ticket,不知大家是怎么样.[/b][/color]
[b]1.环境配置:[/b]
apache-tomcat-6.0.18
jdk1.6.0_11
cas-server-3.3.1-release.zip
spring2.5
本机用户名:bellone
浏览器:IE6
[b]2.生成密钥:[/b]
C:\Program Files\Java\jdk1.6.0_11\bin>keytool -genkey -alias tomcatsso -keypass
changeit -keyalg RSA
输入keystore密码:
再次输入新密码:
[color=red][b][注:这里的密码为changeit,记得在敲上面keytool时注意后面的密码要一样][/b][/color]您的名字与姓氏是什么?
[Unknown]: bellone
[注:网上有说要用本机的名字,不过我试着用localhost好像也可以]
您的组织单位名称是什么?
[Unknown]: doone
您的组织名称是什么?
[Unknown]: doone
您所在的城市或区域名称是什么?
[Unknown]: fj
您所在的州或省份名称是什么?
[Unknown]: fz
该单位的两字母国家代码是什么
[Unknown]: cn
CN=bellone, OU=doone, O=doone, L=fj, ST=fz, C=cn 正确吗?
[否]: y
[color=red][b][注:这里输入y,不是yes,网上也有说输入"是",生成文件在C:/Documents and Settings/wull/.keystore,其中wull为XP的用户名][/b][/color]
[b]3.从keystore中导出别名为tomcatsso的证书:[/b]
C:\Program Files\Java\jdk1.6.0_11\bin>keytool -export -alias tomcatsso -keypass
changeit -file tomcatsso_server.crt
输入keystore密码:
保存在文件中的认证 <tomcatsso_server.crt>
[b]4.将tomcatsso.crt导入jre的可信任证书仓库: [/b]
C:\Program Files\Java\jdk1.6.0_11\bin>keytool -import -file tomcatsso_server.cr
-keypass changeit -keystore ..\jre\lib\security\cacerts
[color=red][b][注:..\jre\lib\security\cacerts路径要注意是jdk目录下的那个jre][/b][/color]
输入keystore密码:
所有者:CN=bellone, OU=doone, O=doone, L=fj, ST=fz, C=cn
签发人:CN=bellone, OU=doone, O=doone, L=fj, ST=fz, C=cn
序列号:49bce9e3
有效期: Sun Mar 15 19:43:31 CST 2009 至Sat Jun 13 19:43:31 CST 2009
证书指纹:
MD5:18:9F:BB:CA:54:B9:48:39:51:18:79:F8:59:25:42:CB
SHA1:D7:ED:A9:55:0E:3E:76:9C:8C:FC:18:7E:37:49:10:6C:F7:99:8A:A3
签名算法名称:SHA1withRSA
版本: 3
信任这个认证? [否]: y
认证已添加至keystore中
[b]5. 配置Tomcat6.0.18中HTTPS服务[/b]
在apache-tomcat-6.0.18\conf\server.xml修改如下:
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:/Documents and Settings/wull/.keystore" keystorePass="changeit"
truststoreFile="C:/Program Files/Java/jdk1.6.0_11/jre/lib/security/cacerts"
clientAuth="false" sslProtocol="TLS"/>
[color=red][b] [注:keystoreFile与truststoreFile的路径指向,我是直接采用原生成的文件目录,网上说是.keystore可以拷贝到tomcat里面][/b][/color]
[b]6.配置服务端[/b]
将下载cas-server-3.3.1-release.zip/包里的\modules\cas-server-webapp-3.3.1.war拷贝到apache-tomcat-6.0.18\webapps 启动tomcat.
在地址栏里输入:
https://localhost:8443/cas-server/login
随便输入:bellone/bellone就可以登录成功了.
[b]7.配置客户端[/b]
我借用了tomcat里的examples工程,
cas-server-3.3.1-release.zip包里的cas-server-3.3.1\modules\cas-server-webapp-3.3.1.war这里的lib目录下cas-client-core-3.1.3.jar.因为在web.xml的设置过滤器要用到,其工作原理可以简单了认为用户访问examples时,触发过滤器转发到CAS服务端,通过https验证成功后又返回到examples.
因为用到spring2.5,网上也有很多人反应监听有问题,也有的报
严重: Error listenerStart
Context [/countries] startup failed due to previous errors
等错误码,应该是少了spring相关的包,所用到相关包(这些都可以在spring的开源包里找到)如下:
asm-2.2.3.jar
asm-commons-2.2.3.jar
asm-util-2.2.3.jar
backport-util-concurrent.jar
c3p0-0.9.1.2.jar
commonj-twm.jar
commons-logging-1.1.jar
ehcache-1.4.1.jar
freemarker.jar
ibatis-2.3.2.715.jar
jamon-2.7.jar
jdo2-api.jar
jstl.jar
jxl.jar
mail.jar
portlet-api.jar
quartz-all-1.6.1-RC1.jar
spring.jar
standard.jar
xapool.jar
xmlsec-1.3.0.jar
[color=red][b][注:我引用了以上这些包,在客户端启动时都没有报错][/b][/color]
[b]在web.xml配置增加如下:[/b]
<!--单点登录验证开始,这些监听器的东东最好放在最前面.-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/config/casContext.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- 负责用户认证 -->
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<!-- CAS login 服务地址-->
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://bellone:8443/cas-server/login</param-value>
</init-param>
<init-param>
<param-name>renew</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>gateway</param-name>
<param-value>false</param-value>
</init-param>
<!-- 客户端应用服务地址-->
<init-param>
<param-name>serverName</param-name>
<param-value>http://bellone:8080</param-value>
</init-param>
</filter>
<!--负责Ticket校验-->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>cas.validationfilter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 单点登录结束 -->
[b]用casContext.xml(这种写法也是网上找了)[/b]
<?xml version="1.0" encoding="gb2312"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-2.5.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd"
default-autowire="byName" default-lazy-init="true"
>
<bean id="cas.validationfilter" class="org.jasig.cas.client.validation.Cas10TicketValidationFilter">
<property name="ticketValidator">
<ref bean="cas10TicketValidator"/>
</property>
<property name="useSession">
<value>true</value>
</property>
<!-- 客户端应用服务地址-->
<property name="serverName">
<value>http://bellone:8080</value>
</property>
<property name="redirectAfterValidation">
<value>true</value>
</property>
</bean>
<bean id="cas10TicketValidator" class="org.jasig.cas.client.validation.Cas10TicketValidator">
<!-- 这里参数是cas服务器的地址-->
<constructor-arg index="0" value="https://bellone:8443/cas-server" />
</bean>
</beans>
[b]8.运行测试[/b]step1:我启动tomcat6.0.18没有出错,如下:
2009-3-28 15:41:33 org.apache.catalina.core.AprLifecycleListener init
信息: The APR based Apache Tomcat Native library which allows optimal performanc
e in production environments was not found on the java.library.path: C:\Program
Files\Java\jdk1.6.0_11\bin;.;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WIND
OWS;C:\Program Files\Java\jdk1.6.0_11\bin;C:\Program Files\Java\jre6\bin;D:\orac
le\wull\product\11.1.0\db_1\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System
32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Com
mon Files\Thunder Network\KanKan\Codecs;C:\Program Files\ThinkPad\ConnectUtiliti
es;C:\Program Files\Intel\Wireless\Bin\;;;C:\Program Files\SSH Communications Se
curity\SSH Secure Shell;C:\Program Files\IDM Computer Solutions\UltraEdit\
2009-3-28 15:41:34 org.apache.coyote.http11.Http11Protocol init
信息: Initializing Coyote HTTP/1.1 on http-8080
2009-3-28 15:41:34 org.apache.coyote.http11.Http11Protocol init
信息: Initializing Coyote HTTP/1.1 on http-8443
2009-3-28 15:41:34 org.apache.catalina.startup.Catalina load
信息: Initialization processed in 1163 ms
2009-3-28 15:41:34 org.apache.catalina.core.StandardService start
信息: Starting service Catalina
2009-3-28 15:41:34 org.apache.catalina.core.StandardEngine start
信息: Starting Servlet Engine: Apache Tomcat/6.0.18
2009-03-28 15:41:36,959 WARN [org.jasig.cas.authentication.handler.support.Simpl
eTestUsernamePasswordAuthenticationHandler] - <org.jasig.cas.authentication.hand
ler.support.SimpleTestUsernamePasswordAuthenticationHandler is only to be used i
n a testing environment. NEVER enable this in a production environment.>
2009-03-28 15:41:37,881 INFO [org.jasig.cas.web.flow.AuthenticationViaFormAction
] - <FormObjectClass not set. Using default class of org.jasig.cas.authenticati
on.principal.UsernamePasswordCredentials with formObjectName credentials and val
idator org.jasig.cas.validation.UsernamePasswordCredentialsValidator.>
2009-3-28 15:41:38 org.springframework.web.context.ContextLoader initWebApplicat
ionContext
信息: Root WebApplicationContext: initialization started
2009-3-28 15:41:38 org.springframework.context.support.AbstractApplicationContex
t prepareRefresh
信息: Refreshing org.springframework.web.context.support.XmlWebApplicationContex
t@1c4a5ec: display name ; startup date [Sat Mar 28 1
5:41:38 CST 2009]; root of context hierarchy
2009-3-28 15:41:38 org.springframework.beans.factory.xml.XmlBeanDefinitionReader
loadBeanDefinitions
信息: Loading XML bean definitions from ServletContext resource [/WEB-INF/config
/casContext.xml]
2009-3-28 15:41:38 org.springframework.context.support.AbstractApplicationContex
t obtainFreshBeanFactory
信息: Bean factory for application context [org.springframework.web.context.supp
ort.XmlWebApplicationContext@1c4a5ec]: org.springframework.beans.factory.support
.DefaultListableBeanFactory@771eb1
2009-3-28 15:41:38 org.springframework.beans.factory.support.DefaultListableBean
Factory preInstantiateSingletons
信息: Pre-instantiating singletons in org.springframework.beans.factory.support.
DefaultListableBeanFactory@771eb1: defining beans [cas.validationfilter,cas10Tic
ketValidator]; root of factory hierarchy
ContextListener: attributeAdded('org.springframework.web.context.WebApplicationC
ontext.ROOT', 'org.springframework.web.context.support.XmlWebApplicationContext@
1c4a5ec: display name ; startup date [Sat Mar 28 15:
41:38 CST 2009]; root of context hierarchy')
2009-3-28 15:41:38 org.springframework.web.context.ContextLoader initWebApplicat
ionContext
信息: Root WebApplicationContext: initialization completed in 301 ms
2009-3-28 15:41:39 org.apache.coyote.http11.Http11Protocol start
信息: Starting Coyote HTTP/1.1 on http-8080
2009-3-28 15:41:39 org.apache.coyote.http11.Http11Protocol start
信息: Starting Coyote HTTP/1.1 on http-8443
2009-3-28 15:41:39 org.apache.jk.common.ChannelSocket init
信息: JK: ajp13 listening on /0.0.0.0:8009
2009-3-28 15:41:39 org.apache.jk.server.JkMain start
信息: Jk running ID=0 time=0/40 config=null
2009-3-28 15:41:39 org.apache.catalina.startup.Catalina start
信息: Server startup in 4728 ms
[b]step2:输入:http://bellone:8080/examples/servlets/servlet/HelloWorldExample[/b]
弹出一个[安全警报]框,选择[是].就可以跳转的地址如:
https://bellone:8443/cas-server/login?service=http%3A%2F%2Fbellone%3A8080%2Fexamples%2Fservlets%2Fservlet%2FHelloWorldExample
这里可以发现service所带的参数就是你的目标地址,只是这里配置的过滤器,全部转到https://bellone:8443/cas-server/login
控制多显示了如下所示:
2009-03-28 15:50:01,915 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - <
Setting path for cookies to: /cas-server>
2009-03-28 15:50:02,857 INFO [org.jasig.cas.ticket.registry.support.DefaultTicke
tRegistryCleaner] - <Starting cleaning of expired tickets from ticket registry a
t [Sat Mar 28 15:50:02 CST 2009]>
2009-03-28 15:50:02,857 INFO [org.jasig.cas.ticket.registry.support.DefaultTicke
tRegistryCleaner] - <0 found to be removed. Removing now.>
2009-03-28 15:50:02,867 INFO [org.jasig.cas.ticket.registry.support.DefaultTicke
tRegistryCleaner] - <Finished cleaning of expired tickets from ticket registry a
t [Sat Mar 28 15:50:02 CST 2009]>
[b]step3:随便输入密码与用户名一样的都可以重定向到目标地址.[/b]控制台继续显示如下信息:
2009-03-28 15:51:02,412 INFO [org.jasig.cas.authentication.AuthenticationManager
Impl] - <AuthenticationHandler: org.jasig.cas.authentication.handler.support.Sim
pleTestUsernamePasswordAuthenticationHandler successfully authenticated the user
which provided the following credentials: [username: a]>
2009-03-28 15:51:02,422 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] -
<Granted service ticket [ST-1-mdkitoYRRrIDPqvzpdyk-cas] for service [http://bell
one:8080/examples/servlets/servlet/HelloWorldExample] for user [a]>
这里出现了与网上的提示不一样了信息,即地址栏上是:
http://bellone:8080/examples/servlets/servlet/HelloWorldExample;jsessionid=E5DBFDEA6E38EACE9AC126AB2A7A4968
[color=red][b]是jsessionid,而不是ticket,也不知为什么?????难道3.3.1版就是这样.[/b][/color]
[color=red][b]不过有个疑惑,怎么我这个做法,在登录时去CAS服务端验证通过后在路径的后面显示jsessionid ,不是网上所说的显示ticket,不知大家是怎么样.[/b][/color]
[b]1.环境配置:[/b]
apache-tomcat-6.0.18
jdk1.6.0_11
cas-server-3.3.1-release.zip
spring2.5
本机用户名:bellone
浏览器:IE6
[b]2.生成密钥:[/b]
C:\Program Files\Java\jdk1.6.0_11\bin>keytool -genkey -alias tomcatsso -keypass
changeit -keyalg RSA
输入keystore密码:
再次输入新密码:
[color=red][b][注:这里的密码为changeit,记得在敲上面keytool时注意后面的密码要一样][/b][/color]您的名字与姓氏是什么?
[Unknown]: bellone
[注:网上有说要用本机的名字,不过我试着用localhost好像也可以]
您的组织单位名称是什么?
[Unknown]: doone
您的组织名称是什么?
[Unknown]: doone
您所在的城市或区域名称是什么?
[Unknown]: fj
您所在的州或省份名称是什么?
[Unknown]: fz
该单位的两字母国家代码是什么
[Unknown]: cn
CN=bellone, OU=doone, O=doone, L=fj, ST=fz, C=cn 正确吗?
[否]: y
[color=red][b][注:这里输入y,不是yes,网上也有说输入"是",生成文件在C:/Documents and Settings/wull/.keystore,其中wull为XP的用户名][/b][/color]
[b]3.从keystore中导出别名为tomcatsso的证书:[/b]
C:\Program Files\Java\jdk1.6.0_11\bin>keytool -export -alias tomcatsso -keypass
changeit -file tomcatsso_server.crt
输入keystore密码:
保存在文件中的认证 <tomcatsso_server.crt>
[b]4.将tomcatsso.crt导入jre的可信任证书仓库: [/b]
C:\Program Files\Java\jdk1.6.0_11\bin>keytool -import -file tomcatsso_server.cr
-keypass changeit -keystore ..\jre\lib\security\cacerts
[color=red][b][注:..\jre\lib\security\cacerts路径要注意是jdk目录下的那个jre][/b][/color]
输入keystore密码:
所有者:CN=bellone, OU=doone, O=doone, L=fj, ST=fz, C=cn
签发人:CN=bellone, OU=doone, O=doone, L=fj, ST=fz, C=cn
序列号:49bce9e3
有效期: Sun Mar 15 19:43:31 CST 2009 至Sat Jun 13 19:43:31 CST 2009
证书指纹:
MD5:18:9F:BB:CA:54:B9:48:39:51:18:79:F8:59:25:42:CB
SHA1:D7:ED:A9:55:0E:3E:76:9C:8C:FC:18:7E:37:49:10:6C:F7:99:8A:A3
签名算法名称:SHA1withRSA
版本: 3
信任这个认证? [否]: y
认证已添加至keystore中
[b]5. 配置Tomcat6.0.18中HTTPS服务[/b]
在apache-tomcat-6.0.18\conf\server.xml修改如下:
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:/Documents and Settings/wull/.keystore" keystorePass="changeit"
truststoreFile="C:/Program Files/Java/jdk1.6.0_11/jre/lib/security/cacerts"
clientAuth="false" sslProtocol="TLS"/>
[color=red][b] [注:keystoreFile与truststoreFile的路径指向,我是直接采用原生成的文件目录,网上说是.keystore可以拷贝到tomcat里面][/b][/color]
[b]6.配置服务端[/b]
将下载cas-server-3.3.1-release.zip/包里的\modules\cas-server-webapp-3.3.1.war拷贝到apache-tomcat-6.0.18\webapps 启动tomcat.
在地址栏里输入:
https://localhost:8443/cas-server/login
随便输入:bellone/bellone就可以登录成功了.
[b]7.配置客户端[/b]
我借用了tomcat里的examples工程,
cas-server-3.3.1-release.zip包里的cas-server-3.3.1\modules\cas-server-webapp-3.3.1.war这里的lib目录下cas-client-core-3.1.3.jar.因为在web.xml的设置过滤器要用到,其工作原理可以简单了认为用户访问examples时,触发过滤器转发到CAS服务端,通过https验证成功后又返回到examples.
因为用到spring2.5,网上也有很多人反应监听有问题,也有的报
严重: Error listenerStart
Context [/countries] startup failed due to previous errors
等错误码,应该是少了spring相关的包,所用到相关包(这些都可以在spring的开源包里找到)如下:
asm-2.2.3.jar
asm-commons-2.2.3.jar
asm-util-2.2.3.jar
backport-util-concurrent.jar
c3p0-0.9.1.2.jar
commonj-twm.jar
commons-logging-1.1.jar
ehcache-1.4.1.jar
freemarker.jar
ibatis-2.3.2.715.jar
jamon-2.7.jar
jdo2-api.jar
jstl.jar
jxl.jar
mail.jar
portlet-api.jar
quartz-all-1.6.1-RC1.jar
spring.jar
standard.jar
xapool.jar
xmlsec-1.3.0.jar
[color=red][b][注:我引用了以上这些包,在客户端启动时都没有报错][/b][/color]
[b]在web.xml配置增加如下:[/b]
<!--单点登录验证开始,这些监听器的东东最好放在最前面.-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/config/casContext.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- 负责用户认证 -->
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<!-- CAS login 服务地址-->
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://bellone:8443/cas-server/login</param-value>
</init-param>
<init-param>
<param-name>renew</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>gateway</param-name>
<param-value>false</param-value>
</init-param>
<!-- 客户端应用服务地址-->
<init-param>
<param-name>serverName</param-name>
<param-value>http://bellone:8080</param-value>
</init-param>
</filter>
<!--负责Ticket校验-->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>cas.validationfilter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 单点登录结束 -->
[b]用casContext.xml(这种写法也是网上找了)[/b]
<?xml version="1.0" encoding="gb2312"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-2.5.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd"
default-autowire="byName" default-lazy-init="true"
>
<bean id="cas.validationfilter" class="org.jasig.cas.client.validation.Cas10TicketValidationFilter">
<property name="ticketValidator">
<ref bean="cas10TicketValidator"/>
</property>
<property name="useSession">
<value>true</value>
</property>
<!-- 客户端应用服务地址-->
<property name="serverName">
<value>http://bellone:8080</value>
</property>
<property name="redirectAfterValidation">
<value>true</value>
</property>
</bean>
<bean id="cas10TicketValidator" class="org.jasig.cas.client.validation.Cas10TicketValidator">
<!-- 这里参数是cas服务器的地址-->
<constructor-arg index="0" value="https://bellone:8443/cas-server" />
</bean>
</beans>
[b]8.运行测试[/b]step1:我启动tomcat6.0.18没有出错,如下:
2009-3-28 15:41:33 org.apache.catalina.core.AprLifecycleListener init
信息: The APR based Apache Tomcat Native library which allows optimal performanc
e in production environments was not found on the java.library.path: C:\Program
Files\Java\jdk1.6.0_11\bin;.;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WIND
OWS;C:\Program Files\Java\jdk1.6.0_11\bin;C:\Program Files\Java\jre6\bin;D:\orac
le\wull\product\11.1.0\db_1\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System
32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Com
mon Files\Thunder Network\KanKan\Codecs;C:\Program Files\ThinkPad\ConnectUtiliti
es;C:\Program Files\Intel\Wireless\Bin\;;;C:\Program Files\SSH Communications Se
curity\SSH Secure Shell;C:\Program Files\IDM Computer Solutions\UltraEdit\
2009-3-28 15:41:34 org.apache.coyote.http11.Http11Protocol init
信息: Initializing Coyote HTTP/1.1 on http-8080
2009-3-28 15:41:34 org.apache.coyote.http11.Http11Protocol init
信息: Initializing Coyote HTTP/1.1 on http-8443
2009-3-28 15:41:34 org.apache.catalina.startup.Catalina load
信息: Initialization processed in 1163 ms
2009-3-28 15:41:34 org.apache.catalina.core.StandardService start
信息: Starting service Catalina
2009-3-28 15:41:34 org.apache.catalina.core.StandardEngine start
信息: Starting Servlet Engine: Apache Tomcat/6.0.18
2009-03-28 15:41:36,959 WARN [org.jasig.cas.authentication.handler.support.Simpl
eTestUsernamePasswordAuthenticationHandler] - <org.jasig.cas.authentication.hand
ler.support.SimpleTestUsernamePasswordAuthenticationHandler is only to be used i
n a testing environment. NEVER enable this in a production environment.>
2009-03-28 15:41:37,881 INFO [org.jasig.cas.web.flow.AuthenticationViaFormAction
] - <FormObjectClass not set. Using default class of org.jasig.cas.authenticati
on.principal.UsernamePasswordCredentials with formObjectName credentials and val
idator org.jasig.cas.validation.UsernamePasswordCredentialsValidator.>
2009-3-28 15:41:38 org.springframework.web.context.ContextLoader initWebApplicat
ionContext
信息: Root WebApplicationContext: initialization started
2009-3-28 15:41:38 org.springframework.context.support.AbstractApplicationContex
t prepareRefresh
信息: Refreshing org.springframework.web.context.support.XmlWebApplicationContex
t@1c4a5ec: display name ; startup date [Sat Mar 28 1
5:41:38 CST 2009]; root of context hierarchy
2009-3-28 15:41:38 org.springframework.beans.factory.xml.XmlBeanDefinitionReader
loadBeanDefinitions
信息: Loading XML bean definitions from ServletContext resource [/WEB-INF/config
/casContext.xml]
2009-3-28 15:41:38 org.springframework.context.support.AbstractApplicationContex
t obtainFreshBeanFactory
信息: Bean factory for application context [org.springframework.web.context.supp
ort.XmlWebApplicationContext@1c4a5ec]: org.springframework.beans.factory.support
.DefaultListableBeanFactory@771eb1
2009-3-28 15:41:38 org.springframework.beans.factory.support.DefaultListableBean
Factory preInstantiateSingletons
信息: Pre-instantiating singletons in org.springframework.beans.factory.support.
DefaultListableBeanFactory@771eb1: defining beans [cas.validationfilter,cas10Tic
ketValidator]; root of factory hierarchy
ContextListener: attributeAdded('org.springframework.web.context.WebApplicationC
ontext.ROOT', 'org.springframework.web.context.support.XmlWebApplicationContext@
1c4a5ec: display name ; startup date [Sat Mar 28 15:
41:38 CST 2009]; root of context hierarchy')
2009-3-28 15:41:38 org.springframework.web.context.ContextLoader initWebApplicat
ionContext
信息: Root WebApplicationContext: initialization completed in 301 ms
2009-3-28 15:41:39 org.apache.coyote.http11.Http11Protocol start
信息: Starting Coyote HTTP/1.1 on http-8080
2009-3-28 15:41:39 org.apache.coyote.http11.Http11Protocol start
信息: Starting Coyote HTTP/1.1 on http-8443
2009-3-28 15:41:39 org.apache.jk.common.ChannelSocket init
信息: JK: ajp13 listening on /0.0.0.0:8009
2009-3-28 15:41:39 org.apache.jk.server.JkMain start
信息: Jk running ID=0 time=0/40 config=null
2009-3-28 15:41:39 org.apache.catalina.startup.Catalina start
信息: Server startup in 4728 ms
[b]step2:输入:http://bellone:8080/examples/servlets/servlet/HelloWorldExample[/b]
弹出一个[安全警报]框,选择[是].就可以跳转的地址如:
https://bellone:8443/cas-server/login?service=http%3A%2F%2Fbellone%3A8080%2Fexamples%2Fservlets%2Fservlet%2FHelloWorldExample
这里可以发现service所带的参数就是你的目标地址,只是这里配置的过滤器,全部转到https://bellone:8443/cas-server/login
控制多显示了如下所示:
2009-03-28 15:50:01,915 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - <
Setting path for cookies to: /cas-server>
2009-03-28 15:50:02,857 INFO [org.jasig.cas.ticket.registry.support.DefaultTicke
tRegistryCleaner] - <Starting cleaning of expired tickets from ticket registry a
t [Sat Mar 28 15:50:02 CST 2009]>
2009-03-28 15:50:02,857 INFO [org.jasig.cas.ticket.registry.support.DefaultTicke
tRegistryCleaner] - <0 found to be removed. Removing now.>
2009-03-28 15:50:02,867 INFO [org.jasig.cas.ticket.registry.support.DefaultTicke
tRegistryCleaner] - <Finished cleaning of expired tickets from ticket registry a
t [Sat Mar 28 15:50:02 CST 2009]>
[b]step3:随便输入密码与用户名一样的都可以重定向到目标地址.[/b]控制台继续显示如下信息:
2009-03-28 15:51:02,412 INFO [org.jasig.cas.authentication.AuthenticationManager
Impl] - <AuthenticationHandler: org.jasig.cas.authentication.handler.support.Sim
pleTestUsernamePasswordAuthenticationHandler successfully authenticated the user
which provided the following credentials: [username: a]>
2009-03-28 15:51:02,422 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] -
<Granted service ticket [ST-1-mdkitoYRRrIDPqvzpdyk-cas] for service [http://bell
one:8080/examples/servlets/servlet/HelloWorldExample] for user [a]>
这里出现了与网上的提示不一样了信息,即地址栏上是:
http://bellone:8080/examples/servlets/servlet/HelloWorldExample;jsessionid=E5DBFDEA6E38EACE9AC126AB2A7A4968
[color=red][b]是jsessionid,而不是ticket,也不知为什么?????难道3.3.1版就是这样.[/b][/color]
扫一扫
2285
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
