一、开发环境:
JDK: Sun JDK 1.6
Tomcat: Apache Tomcat 6.0.18
CAS Server: cas-server-3.4.2
CAS Client:cas-client-3.1.3
二开发步骤:
1、创建Java数字证书
C:/>keytool -genkey -alias tomcat -keystore c:/mykeystore
输入keystore密码:computer
再次输入新密码:computer
您的名字与姓氏是什么?
[Unknown]: sinosoft-liuyu 说明:必须为当前机器名
您的组织单位名称是什么?
[Unknown]: 中科软
您的组织名称是什么?
[Unknown]: 中科软
您所在的城市或区域名称是什么?
[Unknown]: 北京
您所在的州或省份名称是什么?
[Unknown]: 北京
该单位的两字母国家代码是什么
[Unknown]: CN
CN=sinosoft-liuyu, OU=中科软, O=中科软, L=北京, ST=北京, C=CN 正确吗?
[否]: y
输入<tomcat>的主密码
(如果和 keystore 密码相同,按回车):
C:/>
说明:
-genkey 创建一个证书
-alias 证书的别名
-keystore 指定生成此证书的路径(可不写,默认存在系统的Home目录下.keystore文件中
-storepass 指定密钥库的密码
-keypass 指定别名条目的密码
-dname 指定证书拥有者信息(可不写,但,系统会提示你依次输入这些信息,特别要注意“CN”的值是你想做为CAS服务器的这台机器的域名或机器名,但就是不能是IP)
-keyalg 指定密钥的算法(可不写)
-validity 指定创建的证书有效期多少天(可不写,默认为90天)
2、导出数字证书
C:/>keytool -export -alias tomcat -keystore c:/mykeystore -file c:/mycerts.cer -storepass computer
保存在文件中的认证 <c:/mycerts.cer>
C:/>
说明:
-export 将别名指定的证书导出到文件
-keystore 指定生成此证书的路径(上一步中写的什么这就写什么,如果没写,这也不写)
-file 指定导出到文件的文件名
3、把导出的证书导入到客户端服务器
C:/>keytool -import -trustcacerts -alias tomcat -keystore C:/Java/jdk1.6.0_05/jre/lib/security/cacerts -file c:/mycerts.cer
输入keystore密码:changeit (默认密码)
keytool错误: java.lang.Exception: 认证未输入,别名 <tomcat> 已经存在
如果提示以上错误,需要先将客户端服务器上已存在的认证删除,再执行此步骤。
说明:
-import 将已签名数字证书导入密钥库
-file 指定要导入到密钥库的文件名(也就是上一步导出的那个文件)
4、删除客户端存在的证书
C:/>keytool -delete -keystore C:/Java/jdk1.6.0_05/jre/lib/security/cacerts -alias tomcat
输入keystore密码:changeit
C:/>
-delete 将已签名数字证书删除
5、执行步骤3成功后显示结果
C:/>keytool -import -trustcacerts -alias tomcat -keystore C:/Java/jdk1.6.0_05/jre/lib/security/cacerts -file c:/mycerts.cer
输入keystore密码:
所有者:CN=sinosoft-liuyu, OU=sino, O=sino, L=bj, ST=bj, C=CN
签发人:CN=sinosoft-liuyu, OU=sino, O=sino, L=bj, ST=bj, C=CN
序列号:4c316aa8
有效期: Mon Jul 05 13:16:24 CST 2010 至Sun Oct 03 13:16:24 CST 2010
证书指纹:
MD5:44:59:34:E1:11:32:CF:31:1F:7B:80:7C:E2:A5:6C:B1
SHA1:6B:DA:48:44:EF:24:96:AE:5E:0D:3E:AB:D5:4E:EC:92:75:F1:7F:DB
签名算法名称:SHA1withDSA
版本: 3
信任这个认证? [否]: y
认证已添加至keystore中
C:/>
6、修改Tomcat目录/conf/server.xml文件,将注释的代码取消注释:
<Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8" keystorePass="computer" keyAlias="tomcat" keystoreFile="c:/mykeystore" />
说明:
keystorePass:指定密钥库密码
keyAlias:指定别名
keystoreFile:指定密钥库所有文件
7、下载cas-server-3.4.2文件,进行解压缩,将CAS Server的 WAR包复制到Tomcat所在的 webapps目录下,启动Tomcat服务。
2010-7-5 13:28:51 org.apache.catalina.core.AprLifecycleListener init
信息: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:/Java/jdk1.6.0_05/bin;D:/LiferayPortal/service/Tomcat6/bin
2010-7-5 13:28:51 org.apache.coyote.http11.Http11Protocol init
信息: Initializing Coyote HTTP/1.1 on http-8080
2010-7-5 13:28:51 org.apache.coyote.http11.Http11Protocol init
信息: Initializing Coyote HTTP/1.1 on http-8443
2010-7-5 13:28:51 org.apache.catalina.startup.Catalina load
信息: Initialization processed in 996 ms
2010-7-5 13:28:51 org.apache.catalina.core.StandardService start
信息: Starting service Catalina
2010-7-5 13:28:51 org.apache.catalina.core.StandardEngine start
信息: Starting Servlet Engine: Apache Tomcat/6.0.18
Loading jar:file:/D:/LiferayPortal/service/Tomcat6/webapps/ROOT/WEB-INF/lib/portal-impl.jar!/system.properties
Loading file:/D:/LiferayPortal/service/Tomcat6/webapps/ROOT/WEB-INF/classes/system-ext.properties
2010-7-5 13:28:55 org.apache.catalina.core.ApplicationContext log
信息: Initializing Spring root WebApplicationContext
Loading jar:file:/D:/LiferayPortal/service/Tomcat6/webapps/ROOT/WEB-INF/lib/portal-impl.jar!/portal.properties
Loading file:/D:/LiferayPortal/service/Tomcat6/webapps/ROOT/WEB-INF/classes/portal-ext.properties
Loading jar:file:/D:/LiferayPortal/service/Tomcat6/webapps/ROOT/WEB-INF/lib/portal-impl.jar!/captcha.properties
13:29:19,843 INFO [PortalImpl:252] Portal lib directory /D:/LiferayPortal/service/Tomcat6/webapps/ROOT/WEB-INF/lib/
13:29:36,000 INFO [DBUtil:119] Using dialect org.hibernate.dialect.Oracle9Dialect
13:29:36,562 INFO [ServerDetector:104] Detected server tomcat
2010-7-5 13:29:41 com.sun.portal.container.service.ServiceManagerContextListenerImpl contextInitialized
信息: PSC_CSPCS001 : Started initializing ServiceManager
2010-7-5 13:29:41 com.sun.portal.container.service.ServiceManager addService
信息: PSC_CSPCS004 : Service added, Name: com.sun.portal.container.service.CoordinationService, Implementation: com.sun.portal.container.service.coordination.impl.CoordinationServiceImpl
2010-7-5 13:29:41 com.sun.portal.container.service.ServiceManager addService
信息: PSC_CSPCS004 : Service added, Name: com.sun.portal.container.service.CachingService, Implementation: com.sun.portal.container.service.caching.impl.CachingServiceImpl
2010-7-5 13:29:41 com.sun.portal.container.service.ServiceManager addService
信息: PSC_CSPCS004 : Service added, Name: com.sun.portal.container.service.ClientCachingService, Implementation: com.sun.portal.container.service.caching.impl.ClientCachingServiceImpl
2010-7-5 13:29:41 com.sun.portal.container.service.ServiceManager addService
信息: PSC_CSPCS004 : Service added, Name: com.sun.portal.container.service.DeploymentService_Local, Implementation: com.sun.portal.container.service.deployment.impl.DeploymentServiceLocalImpl
2010-7-5 13:29:41 com.sun.portal.container.service.ServiceManager addService
信息: PSC_CSPCS004 : Service added, Name: com.sun.portal.container.service.ContainerEventService, Implementation: com.sun.portal.container.service.coordination.impl.ContainerEventServiceImpl
2010-7-5 13:29:41 com.sun.portal.container.service.ServiceManager addService
信息: PSC_CSPCS004 : Service added, Name: com.sun.portal.container.service.PolicyService, Implementation: com.liferay.portal.portletcontainer.PolicyServiceImpl
2010-7-5 13:29:41 com.sun.portal.container.service.ServiceManagerContextListenerImpl contextInitialized
信息: PSC_CSPCS002 : Finished initializing ServiceManager
2010-7-5 13:29:41 com.sun.portal.portletcontainer.impl.PortletContainerContextListenerImpl contextInitialized
信息: PSPL_PCCSPCPCI0003 : Starting PortletContainer 2.1
Starting Liferay Portal Standard Edition 5.2.3 (Augustine / Build 5203 / May 20, 2009)
13:29:43,671 INFO [DBUtil:498] Database supports case sensitive queries
13:29:57,015 INFO [HotDeployUtil:64] Initializing hot deploy manager 9091511
13:29:57,328 INFO [AutoDeployDir:108] Auto deploy scanner started for D:/LiferayPortal/service/deploy
2010-7-5 13:29:58 org.apache.catalina.startup.HostConfig deployWAR
信息: Deploying web application archive cas-web.war
2010-7-5 13:30:00 org.apache.catalina.core.ApplicationContext log
信息: Initializing log4j from [classpath:log4j.xml]
2010-7-5 13:30:00 org.apache.catalina.core.ApplicationContext log
信息: Initializing Spring root WebApplicationContext
2010-07-05 13:30:07,140 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 0 services.>
2010-07-05 13:30:07,546 WARN [org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler] - <org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler is only to be used in a testing environment. NEVER enable this in a production environment.>
2010-07-05 13:30:09,781 INFO [org.jasig.cas.util.AutowiringSchedulerFactoryBean] - <Starting Quartz Scheduler now>
2010-7-5 13:30:09 org.apache.catalina.core.ApplicationContext log
信息: Initializing Spring FrameworkServlet 'cas'
2010-7-5 13:30:17 org.apache.catalina.core.ApplicationContext log
信息: Initializing Spring FrameworkServlet 'Spring Servlet'
2010-7-5 13:30:18 org.apache.coyote.http11.Http11Protocol start
信息: Starting Coyote HTTP/1.1 on http-8080
2010-7-5 13:30:18 org.apache.coyote.http11.Http11Protocol start
信息: Starting Coyote HTTP/1.1 on http-8443
2010-7-5 13:30:18 org.apache.jk.common.ChannelSocket init
信息: JK: ajp13 listening on /0.0.0.0:8009
2010-7-5 13:30:18 org.apache.jk.server.JkMain start
信息: Jk running ID=0 time=0/78 config=null
2010-7-5 13:30:18 org.apache.catalina.startup.Catalina start
信息: Server startup in 86838 ms
2010-07-05 13:30:27,000 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Beginning ticket cleanup.>
2010-07-05 13:30:27,000 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <0 tickets found to be removed.>
2010-07-05 13:30:27,000 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Finished ticket cleanup.>
Loading jar:file:/D:/LiferayPortal/service/Tomcat6/webapps/ROOT/WEB-INF/lib/portal-impl.jar!/content-types.properties
13:30:56,765 INFO [PluginPackageUtil:1153] Reloading repositories
没有出现任何错误,则表示启动成功,说明,cas-server-3.3版本,会出现错误,笔者认为是一个BUG,没有好的解决方案,请使用3.4版。
8、启动CAS-Server应用,在地址栏中输入:https://sinosoft-liuyu:8443/cas-web/login后,如下图显示界面:
输入用户名test密码test,进行验证,CAS默认情况下,只要用户名与密码相同即可登录成功,如下图所示:
9、解压CAS-Client文件,找到casclient.jar文件,复制到Liferay应用发布的相应Lib目录下:D:/LiferayPortal/service/Tomcat6/webapps/ROOT/WEB-INF/lib,按实际情况进行复制,一般Liferay中已经默认自带了这个Jar文件。
10、启动Liferay,如果CAS与Liferay集成,则需要以用户名:test@liferay.com;密码test登录,切换到【我的账户】,选择设置->认证-CAS页签下,如图所示:
设置完毕后,点击退出,即可看到CAS的注销页面。
再一次输入:http://sinosoft-liuyu:8080/后,点击登录菜单,将转到至CAS Server登录页面,输入用户名和密码(同用户名)即可登录到Liferay首页面。
刘羽
2010-7-5 15:40