cas 部署及添加oauth认证

版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/lipingping951462/article/details/52879633

1.cas部署

分别部署cas-server及cas-service(cas的管理系统)及cas-client

使用cas-service 进行cas-client的接入配置


2.添加证书,使其支持https协议

添加证书到jdk
keytool -import -keystore "/home/hwt/profile/jdk1.8.0_25/jre/lib/security/cacerts" -alias sso.qdais.com -file 2_sso.qdais.com.crt 
从jdk中删除证书
keytool -delete -alias sso.qdais.com -keystore "/home/hwt/profile/jdk1.8.0_25/jre/lib/security/cacerts" -storepass changeit


产生证书
keytool -genkeypair -alias "tomcat" -keyalg "RSA" -keystore "/home/hwt/resource/cas/caskeystore/tomcat.keystore" 
将证书放到默认证书库位置
cd /home/hwt/resource/cas/caskeystore/
cp tomcat.keystore /home/hwt/.keystore
提取出csr证书
keytool -export -alias tomcat -file tomcat.csr
将csr证书导入到jdk中
keytool -import -keystore "/home/hwt/profile/jdk1.8.0_25/jre/lib/security/cacerts" -alias tomcat -file tomcat.csr
密码:changeit
如果提示:证书未导入, 别名 <tomcat> 已经存在,则先运行
keytool -delete -alias tomcat -keystore "/home/hwt/profile/jdk1.8.0_25/jre/lib/security/cacerts" -storepass changeit


3. cas设置接入为oauth协议

访问流程:

进入鉴权页面:
https://localhost:8443/cas/oauth2.0/authorize?client_id=123456&redirect_uri=http://localhost:8080/qnit-base&response_type=code
重跳转:
https://localhost:8443/cas/login?service=https%3A%2F%2Flocalhost%3A8443%2Fcas%2Foauth2.0%2FcallbackAuthorize
https://localhost:8443/cas/oauth2.0/callbackAuthorize?ticket=ST-1-RsdihpQoLG0jP6XbCOly-hwt-Veriton-D430
展示是否授权信息
点击允许
http://localhost:8080/qnit-base/cas?code=ST-2-nLeObnHZvdYrw1hxxmHj-hwt-Veriton-D430
根据code获取accesstoken
https://localhost:8443/cas/oauth2.0/accessToken?client_id=123456&redirect_uri=http://localhost:8080/qnit-base&client_secret=123456&code=ST-4-awd7rCcdXRRUqRRSC0gO-hwt-Veriton-D430

返回
access_token=VEdULTctQWZEdnhWSkFCVGNjdGNZcUxJZ2FnOWlYNVdvb1ZqcUtTeElYTWdhbWJuWXBtaWpmT2QtY2FzMDEuZXhhbXBsZS5vcmcjMTAwMDAwMDU=&expires_in=7191

根据accesstoken 获取用户信息
https://localhost:8443/cas/oauth2.0/profile?access_token=VEdULTctQWZEdnhWSkFCVGNjdGNZcUxJZ2FnOWlYNVdvb1ZqcUtTeElYTWdhbWJuWXBtaWpmT2QtY2FzMDEuZXhhbXBsZS5vcmcjMTAwMDAwMDU=&expires_in=7191

{"id":"admin","attributes":[]}


常见问题:

严重: Servlet.service() for servlet [cas] in context with path [/cas] threw exception [Request processing failed; nested exception is java.lang.NullPointerException] with root cause
java.lang.NullPointerException
at org.jasig.cas.support.oauth.web.OAuth20WrapperController.internalHandleRequest(OAuth20WrapperController.java:43)
at org.jasig.cas.support.oauth.web.BaseOAuthWrapperController.handleRequestInternal(BaseOAuthWrapperController.java:60)
at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:147)
at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:50)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:618)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:238)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

查看cas源码,


 @Override
    protected ModelAndView internalHandleRequest(final String method, final HttpServletRequest request,
            final HttpServletResponse response) throws Exception {


        // authorize
        if (OAuthConstants.AUTHORIZE_URL.equals(method)) {
            return authorizeController.handleRequest(request, response);
        }

authorizeController 注入为空

解决办法: 注释下面这段代码.

<!-- oauth  -->
<!-- <bean id="oauth20WrapperController" -->
<!-- class="org.jasig.cas.support.oauth.web.OAuth20WrapperController" -->
<!-- p:loginUrl="${server.name}/cas/login" -->
<!-- p:servicesManager-ref="servicesManager" p:ticketRegistry-ref="ticketRegistry" -->
<!-- p:timeout="7200" /> -->

展开阅读全文

没有更多推荐了,返回首页