cas 单点登录服务搭建+示例demo

最新推荐文章于 2020-04-01 21:35:06 发布
最新推荐文章于 2020-04-01 21:35:06 发布
阅读量1k 收藏 2
点赞数
分类专栏: java 文章标签: cas  sso cas server搭建 cas client配置 cas 单点登录
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_14926283/article/details/89224782
版权

都知道分布式是由一个个小模块组装到一起的一种架构,搭建在多台服务器上,

那么问题来了-------》既然是很多个小模块组装的,那我们登录的seesion怎么办?我在服务器1上登录了,其它服务器怎么知道?那么我从功能1--进入功能2,我就不是我了?功能2后续操作是不是就丢了?

解决办法自然也就来了

 

CAS是Central Authentication Service的缩写,中央认证服务,一种独立开放指令协议。CAS 是 Yale 大学发起的一个开源项目,旨在为 Web 应用系统提供一种可靠的单点登录方法

1、开源的企业级单点登录解决方案。

CAS分为两部分,CAS Server和CAS Client。

CAS Server用来负责用户的认证工作,就像是把第一次登录用户的一个标识

存在这里,以便此用户在其他系统登录时验证其需不需要再次登录。(我的理解:就像是你去旅游区,首先得去,你先到窗口去买票,你去旅游区具体景点的时候凭票据进入,别人就知道你买票了,CAS Server就是售票窗

CAS Client就是我们自己开发的应用程序,需要接入CAS Server端。当用户

访问我们的应用时,首先需要重定向到CAS Server端进行验证,要是原来登陆过,就免去登录,重定向到下游系统,否则进行用户名密码登陆操作。(我的理解:这里就是旅游区具体景点,游客进来,CAS Client这边就是检查票据的检票员,你没买票,把游客挡住让他去买票,有票的放行让他进景点游玩

好了咱们动真格的

首先得去下载Cas Server    地址: https://pan.baidu.com/s/1T-qC1vjXkmoMdpPhBismLQ  
提取码:9ap0 
 (那就直接用我的吧,当然也可以自己去https://github.com/apereo/cas/releases/那边下载,自己打成war)

好我这边是打好的war,直接放入tomcat  webapp下,启动tomcat就好了, 

还需要下载三个包

 

 也可以自己选择数据库,及数据库连接池,这边以c3p0和mysql数据库为例

把这三个包放入war包的WEB-INF\lib下

然后修改配置

WEB-INF下面的deployerConfigContext.xml

找到   <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />

修改为  <entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver" />

新增

<bean id="dataSource"
     class="com.mchange.v2.c3p0.ComboPooledDataSource"
     p:driverClass="com.mysql.jdbc.Driver"
     p:jdbcUrl="jdbc:mysql://localhost:3306/zb-shiro?autoReconnect=true&amp;useUnicode=true&amp;characterEncoding=UTF-8"
     p:user="root"
     p:password="root" />
 
    <!-- Define the encode method-->
    <bean id="passwordEncoder"
      class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
      c:encodingAlgorithm="MD5"
      p:characterEncoding="UTF-8" />
 
    <bean id="dbAuthHandler"
      class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
      p:dataSource-ref="dataSource"
      p:sql="select password from user where username=?"/>
	 <!--
	 <bean id="dbAuthHandler"
      class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
      p:dataSource-ref="dataSource"
      p:sql="select password from user where username=?"
     p:passwordEncoder-ref="passwordEncoder"/>
	 -->

具体修改完成之后为:

<?xml version="1.0" encoding="UTF-8"?>
<!--

    Licensed to Apereo under one or more contributor license
    agreements. See the NOTICE file distributed with this work
    for additional information regarding copyright ownership.
    Apereo licenses this file to you under the Apache License,
    Version 2.0 (the "License"); you may not use this file
    except in compliance with the License.  You may obtain a
    copy of the License at the following location:

      http://www.apache.org/licenses/LICENSE-2.0

    Unless required by applicable law or agreed to in writing,
    software distributed under the License is distributed on an
    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    KIND, either express or implied.  See the License for the
    specific language governing permissions and limitations
    under the License.

-->
<!--
| deployerConfigContext.xml centralizes into one file some of the declarative configuration that
| all CAS deployers will need to modify.
|
| This file declares some of the Spring-managed JavaBeans that make up a CAS deployment.
| The beans declared in this file are instantiated at context initialization time by the Spring
| ContextLoaderListener declared in web.xml.  It finds this file because this
| file is among those declared in the context parameter "contextConfigLocation".
|
| By far the most common change you will need to make in this file is to change the last bean
| declaration to replace the default authentication handler with
| one implementing your approach for authenticating usernames and passwords.
+-->

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:c="http://www.springframework.org/schema/c"
       xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:util="http://www.springframework.org/schema/util"
       xmlns:sec="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">

    <!--
       | The authentication manager defines security policy for authentication by specifying at a minimum
       | the authentication handlers that will be used to authenticate credential. While the AuthenticationManager
       | interface supports plugging in another implementation, the default PolicyBasedAuthenticationManager should
       | be sufficient in most cases.
       +-->
    <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
        <constructor-arg>
            <map>
                <!--
                   | IMPORTANT
                   | Every handler requires a unique name.
                   | If more than one instance of the same handler class is configured, you must explicitly
                   | set its name to something other than its default name (typically the simple class name).
                   -->
                <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
                 <!-- 注销此项
                  <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />
                  -->
                <!-- 添加此项 -->
				<entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver" />
            </map>
        </constructor-arg>

        <!-- Uncomment the metadata populator to capture the password.
        <property name="authenticationMetaDataPopulators">
           <util:list>
               <bean class="org.jasig.cas.authentication.CacheCredentialsMetaDataPopulator"/>
           </util:list>
        </property>
        -->

        <!--
           | Defines the security policy around authentication. Some alternative policies that ship with CAS:
           |
           | * NotPreventedAuthenticationPolicy - all credential must either pass or fail authentication
           | * AllAuthenticationPolicy - all presented credential must be authenticated successfully
           | * RequiredHandlerAuthenticationPolicy - specifies a handler that must authenticate its credential to pass
           -->
        <property name="authenticationPolicy">
            <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
        </property>
    </bean>

    <!-- Required for proxy ticket mechanism. -->
    <bean id="proxyAuthenticationHandler"
          class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
          p:httpClient-ref="supportsTrustStoreSslSocketFactoryHttpClient" p:requireSecure="false"/>

    <!--
       | TODO: Replace this component with one suitable for your enviroment.
       |
       | This component provides authentication for the kind of credential used in your environment. In most cases
       | credential is a username/password pair that lives in a system of record like an LDAP directory.
       | The most common authentication handler beans:
       |
       | * org.jasig.cas.authentication.LdapAuthenticationHandler
       | * org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler
       | * org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler
       | * org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler
       -->
    <bean id="primaryAuthenticationHandler"
          class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
        <property name="users">
            <map>
                <entry key="casuser" value="Mellon"/>
            </map>
        </property>
    </bean>

<bean id="dataSource"
     class="com.mchange.v2.c3p0.ComboPooledDataSource"
     p:driverClass="com.mysql.jdbc.Driver"
     p:jdbcUrl="jdbc:mysql://localhost:3306/zb-shiro?autoReconnect=true&amp;useUnicode=true&amp;characterEncoding=UTF-8"
     p:user="root"
     p:password="root" />
 
    <!-- Define the encode method-->
    <bean id="passwordEncoder"
      class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
      c:encodingAlgorithm="MD5"
      p:characterEncoding="UTF-8" />
 
    <bean id="dbAuthHandler"
      class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
      p:dataSource-ref="dataSource"
      p:sql="select password from user where username=?"/>
	 <!--
	 <bean id="dbAuthHandler"
      class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
      p:dataSource-ref="dataSource"
      p:sql="select password from user where username=?"
     p:passwordEncoder-ref="passwordEncoder"/>
	 -->
    <!-- Required for proxy ticket mechanism -->
    <bean id="proxyPrincipalResolver"
          class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />

    <!--
       | Resolves a principal from a credential using an attribute repository that is configured to resolve
       | against a deployer-specific store (e.g. LDAP).
       -->
    <bean id="primaryPrincipalResolver"
          class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver"
          p:principalFactory-ref="principalFactory"
          p:attributeRepository-ref="attributeRepository" />

    <!--
    Bean that defines the attributes that a service may return.  This example uses the Stub/Mock version.  A real implementation
    may go against a database or LDAP server.  The id should remain "attributeRepository" though.
    +-->
    <bean id="attributeRepository" class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao"
          p:backingMap-ref="attrRepoBackingMap" />

    <util:map id="attrRepoBackingMap">
        <entry key="uid" value="uid" />
        <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
        <entry key="groupMembership" value="groupMembership" />
        <entry>
            <key><value>memberOf</value></key>
            <list>
                <value>faculty</value>
                <value>staff</value>
                <value>org</value>
            </list>
        </entry>
    </util:map>

    <bean id="serviceRegistryDao" class="org.jasig.cas.services.JsonServiceRegistryDao"
          c:configDirectory="${service.registry.config.location:classpath:services}" />

    <bean id="auditTrailManager" class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />

    <bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" />

    <util:list id="monitorsList">
        <bean class="org.jasig.cas.monitor.MemoryMonitor" p:freeMemoryWarnThreshold="10" />
        <!--
          NOTE
          The following ticket registries support SessionMonitor:
            * DefaultTicketRegistry
            * JpaTicketRegistry
          Remove this monitor if you use an unsupported registry.
        -->
        <bean class="org.jasig.cas.monitor.SessionMonitor"
              p:ticketRegistry-ref="ticketRegistry"
              p:serviceTicketCountWarnThreshold="5000"
              p:sessionCountWarnThreshold="100000" />
    </util:list>
</beans>

这样CAS Server服务端就搭建好了,启动tomcat就OK了

当然现在是不允许http协议的

WEB-INF\classes\services把HTTPSandIMAPS-10000001.json改一下

"serviceId" : "^(https|imaps|http)://.*",

带上http就好了

 

 

 

那再来来CAS Client端的实现吧

我这里就直接贴代码了    Spring boot实现

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.1.4.RELEASE</version>
		<relativePath/> <!-- lookup parent from repository -->
	</parent>
	<groupId>com.example</groupId>
	<artifactId>demo4</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<name>demo4</name>
	<description>Demo project for Spring Boot</description>

	<properties>
		<java.version>1.8</java.version>
	</properties>

	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>

		<dependency>
			<groupId>net.unicon.cas</groupId>
			<artifactId>cas-client-autoconfig-support</artifactId>
			<version>1.4.0-GA</version>
		</dependency>
		<dependency>
			<groupId>mysql</groupId>
			<artifactId>mysql-connector-java</artifactId>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>org.projectlombok</groupId>
			<artifactId>lombok</artifactId>
			<optional>true</optional>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>

</project>

cas:
    client-host-url: http://127.0.0.1:8084
    server-login-url: http://127.0.0.1:9090/cas/login
    server-url-prefix: http://127.0.0.1:9090/cas
    validation-type: CAS
server:
    port: 8084

package com.example.demo.controller;

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;


@RestController
public class IndexController {
    
    @RequestMapping("/login")
    public String auth() {
        return "login success";
    }
}
package com.example.demo;

import net.unicon.cas.client.configuration.EnableCasClient;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@EnableCasClient
@SpringBootApplication
public class Demo4Application {

	public static void main(String[] args) {
		SpringApplication.run(Demo4Application.class, args);
	}

}

 

启动一下项目就可以来看看效果了

访问 http://127.0.0.1:8084/login

 发现要到cas那边去登录

登录成功后返回回来了

 有fiddler的你们可以抓一下包,就清楚了

斗码士
关注
专栏目录
cas单点登录sso)简单Demo
小人物
06-11 3518
本文目录: 一、概述 二、演示环境及host文件配置,tomcat端口号修改。 三、JDK安装配置 四、安全证书配置 五、部署CAS-Server相关的Tomcat 六、部署CAS-Client相关的Tomcat 七、 测试验证SSO 一、概述 公司要求做一个单点登录,所以在网上学习制作了一个cas的小例子,方便以后查看。 CAS的官网:http://www
搭建CAS单点登录Demo
下半夜的风
11-08 1110
现在很多系统并不是单一的,而是几个系统可以共同运作,相辅相成,这时,如果让用户一个系统一个系统的登录再一个一个地注销,显然体验感是不好的。如此便有了单点登录,实现一次登录,可以访问所有相关系统,访问完之后只需要一次注销。 搜了比较多的资料,将单点登录的原理的很多,这里可以放一篇了解一下原理:https://www.cnblogs.com/gy19920604/p/6029210.html 本篇...
CAS 实现单点登录SSO)简单实例demo(二)
热门推荐
何静媛
04-07 1万+
本文目的很明确,并不是要逐步讲清楚每一步的操作,具体的步骤网上有很多,那么整理本文的目的只是要梳理一下自己的知识点,帮助自己加深理解。   小知识点积累:   域名地址的修改:   根据演示需求,用修改hosts文件的方法添加域名最简单方便(这个非常重要),在文件 C:\Windows\System32\drivers\etc\hosts 文件中添加三条   127.0.0.1
cas单点登录demo
03-02
cas单点登录的例子程序,运行见说明
单点登录CAS-Demo
weixin_34026276的博客
03-20 109
版权声明:本文为博主原创文章,未经博主允许不得转载。   目录(?)[-] 1安全证书配置 2部署服务CAS-Server 3部署CAS-Client 4测试SSO   1,安全证书配置 CAS默认使用HTTPS协议,如果对安全要求不高,可使用HTTP协议。 修改为HTTP协议的步骤如下: 修改deployerConfigContext.xml 增加参数p:requireSecure...
cas单点登录服务端+客户端demo
05-08
在"cas单点登录服务端+客户端demo"中,我们可以看到以下几个关键知识点: 1. **单点登录SSO)**:SSO允许用户在一次登录后,能够无感知地在各个关联应用间切换,无需重新验证身份。它简化了用户的登录流程,提高...
单点登录cas综述之cas4.2.7服务端+cas客户端+示例程序+环境搭建说明-陈杰
pucao_cug的专栏
04-15 1万+
      1环境搭建以及把示例程序跑起来          1.1  安装jdk1.8          1.2 下载tomcat8+cas4.2.7服务端war+cas客户端war                   1.2.1下载经过配置的Tomcat8和本教程配套文件                   1.2.2下载配置好的cas4.2.7服务端的war包        ...
单点登录cas服务demo及springboot客户端demo
06-24
总结起来,这个"单点登录cas服务demo及springboot客户端demo"项目提供了一个实践单点登录概念的实例,涵盖了CAS服务器的搭建、Spring Boot应用的CAS客户端集成,以及Shiro或Pac4j的使用。对于想要学习和理解SSO...
cas单点登陆demo包含cas服务器和2个客户端代码
09-27
CAS(Central Authentication Service)是Java开发的一个开源身份验证框架,主要功能是实现Web应用的单点登录(Single Sign-On,SSO)。这个压缩包提供的是一个完整的CAS SSO演示项目,包括一个CAS服务器和两个...
cas tomcat整合单点登录demo
09-21
【标题】"CAS Tomcat整合单点登录Demo"是一个示例项目,展示了如何将CAS(Central Authentication Service)与Tomcat应用程序服务器集成,实现单点登录(Single Sign-On, SSO)的功能。CAS是一种开放源码的身份验证...
CAS单点登录Demo
11-08
对应的博客:https://blog.csdn.net/fancheng614/article/details/83867787
CAS单点登录demo
05-10
CAS单点登录的详细讲解文档,所需jar包和tomcat6,CAS ServerCAS Client
cas单点登录服务器端和客户端的demo
05-19
cas单点登录服务器端和客户端配置说明,以及源码解析,实例演示。
CAS 单点登录 SSO SpringMVC demo 例子 带tomact 非https的,不需要证书。
01-11
根据别人的demo改的CAS单点登录的小例子,非https的,不需要证书。 压缩包里自带的tomact可直接使用, 两个客户端是采用用Maven,对于会用的朋友应该很简单
单点登录CAS
05-31
CASdemo,里面有hosts文件,配置好的tomcat,CAS服务端和客户端,并有相应的说明文件
CASDemo
chirendan6562的博客
06-20 80
1、CAS登陆demo源码.zip 2、CASdemo在tomcat7测试打包.zip 3、CASDemo在tomcat8的测试打包.zip 还是说明一下吧,1都能看懂,主要说测试打包 测试打包分两部分,tomcat7和tomcat8,都是分别配置好的,主要是测试跨域的验证 ...
CAS测试Demo
眼神多像云朵
04-01 299
** 一、导入pom.xml** <packaging>war</packaging> <properties> <webVersion>3.0</webVersion> </properties> <dependencies> <!-- cas --> <dependency&...
SSOCAS单点登录实例演示
weixin_34318326的博客
07-16 267
SSOCAS单点登录实例演示 作者: Michael 日期: 2012 年 5 月 16 日发表评论 (0)查看评论   本文目录: 一、概述 二、演示环境 三、JDK安装配置 四、安全证书配置 五、部署CAS-Server相关的Tomcat 六、部署CAS-Client相关的Tomcat 七、 测试验证SSO 一、概述 此文的目的就是为了帮助初步接触SSO和...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

斗码士

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值