Liferay5.2.3基于CAS实现单点登录

一、开发环境:

JDK Sun JDK 1.6

Tomcat Apache Tomcat 6.0.18

CAS Server cas-server-3.4.2

CAS Clientcas-client-3.1.3

 

二开发步骤:

1、创建Java数字证书

C:/>keytool -genkey -alias tomcat -keystore c:/mykeystore

输入keystore密码:computer

再次输入新密码:computer

您的名字与姓氏是什么?

  [Unknown]  sinosoft-liuyu  说明:必须为当前机器名

您的组织单位名称是什么?

  [Unknown]  中科软

您的组织名称是什么?

  [Unknown]  中科软

您所在的城市或区域名称是什么?

  [Unknown]  北京

您所在的州或省份名称是什么?

  [Unknown]  北京

该单位的两字母国家代码是什么

  [Unknown]  CN

CN=sinosoft-liuyu, OU=中科软, O=中科软, L=北京, ST=北京, C=CN 正确吗?

  []  y

 

输入<tomcat>的主密码

        (如果和 keystore 密码相同,按回车):

 

C:/>

 

说明:

-genkey         创建一个证书

-alias            证书的别名

-keystore       指定生成此证书的路径(可不写,默认存在系统的Home目录下.keystore文件中

-storepass      指定密钥库的密码

-keypass        指定别名条目的密码

-dname          指定证书拥有者信息(可不写,但,系统会提示你依次输入这些信息,特别要注意“CN”的值是你想做为CAS服务器的这台机器的域名或机器名,但就是不能是IP)

-keyalg          指定密钥的算法(可不写

-validity        指定创建的证书有效期多少天(可不写,默认为90)

 

2导出数字证书

C:/>keytool -export -alias tomcat -keystore c:/mykeystore -file c:/mycerts.cer -storepass computer

保存在文件中的认证 <c:/mycerts.cer>

 

C:/>

 

说明:

-export         将别名指定的证书导出到文件

-keystore      指定生成此证书的路径(上一步中写的什么这就写什么,如果没写,这也不写)

-file             指定导出到文件的文件名

 

3、把导出的证书导入到客户端服务器

C:/>keytool -import -trustcacerts -alias tomcat -keystore C:/Java/jdk1.6.0_05/jre/lib/security/cacerts -file c:/mycerts.cer

输入keystore密码:changeit (默认密码)

keytool错误: java.lang.Exception: 认证未输入,别名 <tomcat> 已经存在

如果提示以上错误,需要先将客户端服务器上已存在的认证删除,再执行此步骤。

 

说明:

-import         将已签名数字证书导入密钥库
-file            
指定要导入到密钥库的文件名(也就是上一步导出的那个文件)

 

4、删除客户端存在的证书

C:/>keytool -delete -keystore C:/Java/jdk1.6.0_05/jre/lib/security/cacerts -alias tomcat

输入keystore密码:changeit

 

C:/>

 

-delete      将已签名数字证书删除

 

5、执行步骤3成功后显示结果

C:/>keytool -import -trustcacerts -alias tomcat -keystore C:/Java/jdk1.6.0_05/jre/lib/security/cacerts -file c:/mycerts.cer

输入keystore密码:

所有者:CN=sinosoft-liuyu, OU=sino, O=sino, L=bj, ST=bj, C=CN

签发人:CN=sinosoft-liuyu, OU=sino, O=sino, L=bj, ST=bj, C=CN

序列号:4c316aa8

有效期: Mon Jul 05 13:16:24 CST 2010 Sun Oct 03 13:16:24 CST 2010

证书指纹:

         MD5:44:59:34:E1:11:32:CF:31:1F:7B:80:7C:E2:A5:6C:B1

         SHA1:6B:DA:48:44:EF:24:96:AE:5E:0D:3E:AB:D5:4E:EC:92:75:F1:7F:DB

         签名算法名称:SHA1withDSA

         版本: 3

信任这个认证? []  y

认证已添加至keystore

 

C:/>

 

6、修改Tomcat目录/conf/server.xml文件,将注释的代码取消注释:

<Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"  keystorePass="computer" keyAlias="tomcat" keystoreFile="c:/mykeystore" />

 

说明:

keystorePass:指定密钥库密码

keyAlias:指定别名

keystoreFile:指定密钥库所有文件

 

7、下载cas-server-3.4.2文件,进行解压缩,将CAS Server WAR包复制到Tomcat所在的 webapps目录下,启动Tomcat服务。

2010-7-5 13:28:51 org.apache.catalina.core.AprLifecycleListener init

信息: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:/Java/jdk1.6.0_05/bin;D:/LiferayPortal/service/Tomcat6/bin

2010-7-5 13:28:51 org.apache.coyote.http11.Http11Protocol init

信息: Initializing Coyote HTTP/1.1 on http-8080

2010-7-5 13:28:51 org.apache.coyote.http11.Http11Protocol init

信息: Initializing Coyote HTTP/1.1 on http-8443

2010-7-5 13:28:51 org.apache.catalina.startup.Catalina load

信息: Initialization processed in 996 ms

2010-7-5 13:28:51 org.apache.catalina.core.StandardService start

信息: Starting service Catalina

2010-7-5 13:28:51 org.apache.catalina.core.StandardEngine start

信息: Starting Servlet Engine: Apache Tomcat/6.0.18

Loading jar:file:/D:/LiferayPortal/service/Tomcat6/webapps/ROOT/WEB-INF/lib/portal-impl.jar!/system.properties

Loading file:/D:/LiferayPortal/service/Tomcat6/webapps/ROOT/WEB-INF/classes/system-ext.properties

2010-7-5 13:28:55 org.apache.catalina.core.ApplicationContext log

信息: Initializing Spring root WebApplicationContext

Loading jar:file:/D:/LiferayPortal/service/Tomcat6/webapps/ROOT/WEB-INF/lib/portal-impl.jar!/portal.properties

Loading file:/D:/LiferayPortal/service/Tomcat6/webapps/ROOT/WEB-INF/classes/portal-ext.properties

Loading jar:file:/D:/LiferayPortal/service/Tomcat6/webapps/ROOT/WEB-INF/lib/portal-impl.jar!/captcha.properties

13:29:19,843 INFO  [PortalImpl:252] Portal lib directory /D:/LiferayPortal/service/Tomcat6/webapps/ROOT/WEB-INF/lib/

13:29:36,000 INFO  [DBUtil:119] Using dialect org.hibernate.dialect.Oracle9Dialect

13:29:36,562 INFO  [ServerDetector:104] Detected server tomcat

2010-7-5 13:29:41 com.sun.portal.container.service.ServiceManagerContextListenerImpl contextInitialized

信息: PSC_CSPCS001 : Started initializing ServiceManager

2010-7-5 13:29:41 com.sun.portal.container.service.ServiceManager addService

信息: PSC_CSPCS004 : Service added, Name: com.sun.portal.container.service.CoordinationService, Implementation: com.sun.portal.container.service.coordination.impl.CoordinationServiceImpl

2010-7-5 13:29:41 com.sun.portal.container.service.ServiceManager addService

信息: PSC_CSPCS004 : Service added, Name: com.sun.portal.container.service.CachingService, Implementation: com.sun.portal.container.service.caching.impl.CachingServiceImpl

2010-7-5 13:29:41 com.sun.portal.container.service.ServiceManager addService

信息: PSC_CSPCS004 : Service added, Name: com.sun.portal.container.service.ClientCachingService, Implementation: com.sun.portal.container.service.caching.impl.ClientCachingServiceImpl

2010-7-5 13:29:41 com.sun.portal.container.service.ServiceManager addService

信息: PSC_CSPCS004 : Service added, Name: com.sun.portal.container.service.DeploymentService_Local, Implementation: com.sun.portal.container.service.deployment.impl.DeploymentServiceLocalImpl

2010-7-5 13:29:41 com.sun.portal.container.service.ServiceManager addService

信息: PSC_CSPCS004 : Service added, Name: com.sun.portal.container.service.ContainerEventService, Implementation: com.sun.portal.container.service.coordination.impl.ContainerEventServiceImpl

2010-7-5 13:29:41 com.sun.portal.container.service.ServiceManager addService

信息: PSC_CSPCS004 : Service added, Name: com.sun.portal.container.service.PolicyService, Implementation: com.liferay.portal.portletcontainer.PolicyServiceImpl

2010-7-5 13:29:41 com.sun.portal.container.service.ServiceManagerContextListenerImpl contextInitialized

信息: PSC_CSPCS002 : Finished initializing ServiceManager

2010-7-5 13:29:41 com.sun.portal.portletcontainer.impl.PortletContainerContextListenerImpl contextInitialized

信息: PSPL_PCCSPCPCI0003 : Starting PortletContainer 2.1

Starting Liferay Portal Standard Edition 5.2.3 (Augustine / Build 5203 / May 20, 2009)

13:29:43,671 INFO  [DBUtil:498] Database supports case sensitive queries

13:29:57,015 INFO  [HotDeployUtil:64] Initializing hot deploy manager 9091511

13:29:57,328 INFO  [AutoDeployDir:108] Auto deploy scanner started for D:/LiferayPortal/service/deploy

2010-7-5 13:29:58 org.apache.catalina.startup.HostConfig deployWAR

信息: Deploying web application archive cas-web.war

2010-7-5 13:30:00 org.apache.catalina.core.ApplicationContext log

信息: Initializing log4j from [classpath:log4j.xml]

2010-7-5 13:30:00 org.apache.catalina.core.ApplicationContext log

信息: Initializing Spring root WebApplicationContext

2010-07-05 13:30:07,140 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 0 services.>

2010-07-05 13:30:07,546 WARN [org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler] - <org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler is only to be used in a testing environment.  NEVER enable this in a production environment.>

2010-07-05 13:30:09,781 INFO [org.jasig.cas.util.AutowiringSchedulerFactoryBean] - <Starting Quartz Scheduler now>

2010-7-5 13:30:09 org.apache.catalina.core.ApplicationContext log

信息: Initializing Spring FrameworkServlet 'cas'

2010-7-5 13:30:17 org.apache.catalina.core.ApplicationContext log

信息: Initializing Spring FrameworkServlet 'Spring Servlet'

2010-7-5 13:30:18 org.apache.coyote.http11.Http11Protocol start

信息: Starting Coyote HTTP/1.1 on http-8080

2010-7-5 13:30:18 org.apache.coyote.http11.Http11Protocol start

信息: Starting Coyote HTTP/1.1 on http-8443

2010-7-5 13:30:18 org.apache.jk.common.ChannelSocket init

信息: JK: ajp13 listening on /0.0.0.0:8009

2010-7-5 13:30:18 org.apache.jk.server.JkMain start

信息: Jk running ID=0 time=0/78  config=null

2010-7-5 13:30:18 org.apache.catalina.startup.Catalina start

信息: Server startup in 86838 ms

2010-07-05 13:30:27,000 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Beginning ticket cleanup.>

2010-07-05 13:30:27,000 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <0 tickets found to be removed.>

2010-07-05 13:30:27,000 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Finished ticket cleanup.>

Loading jar:file:/D:/LiferayPortal/service/Tomcat6/webapps/ROOT/WEB-INF/lib/portal-impl.jar!/content-types.properties

13:30:56,765 INFO  [PluginPackageUtil:1153] Reloading repositories

没有出现任何错误,则表示启动成功,说明,cas-server-3.3版本,会出现错误,笔者认为是一个BUG,没有好的解决方案,请使用3.4版。

 

8、启动CAS-Server应用,在地址栏中输入:https://sinosoft-liuyu:8443/cas-web/login后,如下图显示界面:

输入用户名test密码test,进行验证,CAS默认情况下,只要用户名与密码相同即可登录成功,如下图所示:

 

9、解压CAS-Client文件,找到casclient.jar文件,复制到Liferay应用发布的相应Lib目录下:D:/LiferayPortal/service/Tomcat6/webapps/ROOT/WEB-INF/lib,按实际情况进行复制,一般Liferay中已经默认自带了这个Jar文件。

10、启动Liferay,如果CASLiferay集成,则需要以用户名:test@liferay.com;密码test登录,切换到【我的账户】,选择设置->认证-CAS页签下,如图所示:

 

设置完毕后,点击退出,即可看到CAS的注销页面。

再一次输入:http://sinosoft-liuyu:8080/后,点击登录菜单,将转到至CAS Server登录页面,输入用户名和密码(同用户名)即可登录到Liferay首页面。

 

 

                                                                                                                      

                                                                                                  刘羽

                                                                                                  2010-7-5 15:40

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值