SSO之CAS单点登录2

最新推荐文章于 2018-03-05 17:29:09 发布
最新推荐文章于 2018-03-05 17:29:09 发布
阅读量830 收藏
点赞数
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_19568599/article/details/52953726
版权

作者:许瑜钊


六、部署CAS-Client相关的Tomcat

6.1Cas-Client 下载

CAS-Client 下载地址:http://downloads.jasig.org/cas-clients/

以cas-client-3.2.1-release.zip 为例,解压提取cas-client-3.2.1/modules/cas-client-core-3.2.1.jar

借以tomcat默认自带的 webapps\examples 作为演示的简单web项目

6.2 安装配置 tomcat-app1

解压apache-tomcat-6.0.29.tar.gz并重命名后的路径为 G:\sso\tomcat-app1,修改tomcat的启动端口,在文件conf/server.xml文件找到如下内容:

1 <Connector port="8080" protocol="HTTP/1.1"
2                connectionTimeout="20000"
3                redirectPort="8443" />
4 <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

修改成如下:

1 <Connector port="18080" protocol="HTTP/1.1"
2                connectionTimeout="20000"
3                redirectPort="18443" />
4 <Connector port="18009" protocol="AJP/1.3" redirectPort="18443" />

启动tomcat-app1,浏览器输入 http://app1.micmiu.com:18080/examples/servlets/ 回车:



看到上述界面表示tomcat-app1的基本安装配置已经成功。

接下来复制 client的lib包cas-client-core-3.2.1.jar到 tomcat-app1\webapps\examples\WEB-INF\lib\目录下, 在tomcat-app1\webapps\examples\WEB-INF\web.xml 文件中增加如下内容:

1 <!-- ======================== 单点登录开始 ======================== -->
2         <!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置-->
3         <listener>
4             <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
5         </listener>
6  
7         <!-- 该过滤器用于实现单点登出功能,可选配置。 -->
8         <filter>
9             <filter-name>CAS Single Sign Out Filter</filter-name>
10             <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
11         </filter>
12         <filter-mapping>
13             <filter-name>CAS Single Sign Out Filter</filter-name>
14             <url-pattern>/*</url-pattern>
15         </filter-mapping>
16  
17         <filter>
18             <filter-name>CAS Filter</filter-name>
19             <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
20             <init-param>
21                 <param-name>casServerLoginUrl</param-name>
22                 <param-value>https://demo.micmiu.com:8443/cas/login</param-value>
23             </init-param>
24             <init-param>
25                 <param-name>serverName</param-name>
26                 <param-value>http://app1.micmiu.com:18080</param-value>
27             </init-param>
28         </filter>
29         <filter-mapping>
30             <filter-name>CAS Filter</filter-name>
31             <url-pattern>/*</url-pattern>
32         </filter-mapping>
33         <!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
34         <filter>
35             <filter-name>CAS Validation Filter</filter-name>
36             <filter-class>
37                 org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
38             <init-param>
39                 <param-name>casServerUrlPrefix</param-name>
40                 <param-value>https://demo.micmiu.com:8443/cas</param-value>
41             </init-param>
42             <init-param>
43                 <param-name>serverName</param-name>
44                 <param-value>http://app1.micmiu.com:18080</param-value>
45             </init-param>
46         </filter>
47         <filter-mapping>
48             <filter-name>CAS Validation Filter</filter-name>
49             <url-pattern>/*</url-pattern>
50         </filter-mapping>
51  
52         <!--
53             该过滤器负责实现HttpServletRequest请求的包裹,
54             比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。
55         -->
56         <filter>
57             <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
58             <filter-class>
59                 org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
60         </filter>
61         <filter-mapping>
62             <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
63             <url-pattern>/*</url-pattern>
64         </filter-mapping>
65  
66     <!--
67         该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
68         比如AssertionHolder.getAssertion().getPrincipal().getName()。
69         -->
70         <filter>
71             <filter-name>CAS Assertion Thread Local Filter</filter-name>
72             <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
73         </filter>
74         <filter-mapping>
75             <filter-name>CAS Assertion Thread Local Filter</filter-name>
76             <url-pattern>/*</url-pattern>
77         </filter-mapping>
78  
79         <!-- ======================== 单点登录结束 ======================== -->

有关cas-client的web.xml修改的详细说明见官网介绍:

https://wiki.jasig.org/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml

6.3 安装配置 tomcat-app2

解压apache-tomcat-6.0.29.tar.gz并重命名后的路径为 G:\sso\tomcat-app2,修改tomcat的启动端口,在文件 conf/server.xml文件找到如下内容:

1 <Connector port="8080" protocol="HTTP/1.1"
2                connectionTimeout="20000"
3                redirectPort="8443" />
4 <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

修改成如下:

1 <Connector port="28080" protocol="HTTP/1.1"
2                connectionTimeout="20000"
3                redirectPort="28443" />
4 <Connector port="28009" protocol="AJP/1.3" redirectPort="28443" />

启动tomcat-app2,浏览器输入 http://app2.micmiu.com:28080/examples/servlets/ 回车,按照上述6.2中的方法验证是否成功。

同6.2中的复制 client的lib包cas-client-core-3.2.1.jar到 tomcat-app2\webapps\examples\WEB-INF\lib\目录下, 在tomcat-app2\webapps\examples\WEB-INF\web.xml 文件中增加如下内容:

1 <!-- ======================== 单点登录开始 ======================== -->
2         <!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置-->
3         <listener>
4             <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
5         </listener>
6  
7         <!-- 该过滤器用于实现单点登出功能,可选配置。 -->
8         <filter>
9             <filter-name>CAS Single Sign Out Filter</filter-name>
10             <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
11         </filter>
12         <filter-mapping>
13             <filter-name>CAS Single Sign Out Filter</filter-name>
14             <url-pattern>/*</url-pattern>
15         </filter-mapping>
16  
17         <filter>
18             <filter-name>CAS Filter</filter-name>
19             <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
20             <init-param>
21                 <param-name>casServerLoginUrl</param-name>
22                 <param-value>https://demo.micmiu.com:8443/cas/login</param-value>
23             </init-param>
24             <init-param>
25                 <param-name>serverName</param-name>
26                 <param-value>http://app2.micmiu.com:28080</param-value>
27             </init-param>
28         </filter>
29         <filter-mapping>
30             <filter-name>CAS Filter</filter-name>
31             <url-pattern>/*</url-pattern>
32         </filter-mapping>
33         <!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
34         <filter>
35             <filter-name>CAS Validation Filter</filter-name>
36             <filter-class>
37                 org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
38             <init-param>
39                 <param-name>casServerUrlPrefix</param-name>
40                 <param-value>https://demo.micmiu.com:8443/cas</param-value>
41             </init-param>
42             <init-param>
43                 <param-name>serverName</param-name>
44                 <param-value>http://app2.micmiu.com:28080</param-value>
45             </init-param>
46         </filter>
47         <filter-mapping>
48             <filter-name>CAS Validation Filter</filter-name>
49             <url-pattern>/*</url-pattern>
50         </filter-mapping>
51  
52         <!--
53             该过滤器负责实现HttpServletRequest请求的包裹,
54             比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。
55         -->
56         <filter>
57             <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
58             <filter-class>
59                 org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
60         </filter>
61         <filter-mapping>
62             <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
63             <url-pattern>/*</url-pattern>
64         </filter-mapping>
65  
66         <!--
67             该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
68             比如AssertionHolder.getAssertion().getPrincipal().getName()。
69         -->
70         <filter>
71             <filter-name>CAS Assertion Thread Local Filter</filter-name>
72             <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
73         </filter>
74         <filter-mapping>
75             <filter-name>CAS Assertion Thread Local Filter</filter-name>
76             <url-pattern>/*</url-pattern>
77         </filter-mapping>
78  
79         <!-- ======================== 单点登录结束 ======================== -->

七、 测试验证SSO

启动之前配置好的三个tomcat分别为:tomcat-cas、tomcat-app1、tomcat-app2.

7.1  基本的测试

预期流程: 打开app1 url —-> 跳转cas server 验证 —-> 显示app1的应用 —-> 打开app2 url —-> 显示app2应用 —-> 注销cas server —-> 打开app1/app2 url —-> 重新跳转到cas server 验证.

打开浏览器地址栏中输入:http://app1.micmiu.com:18080/examples/servlets/servlet/HelloWorldExample,回车:






地址栏中输入:https://demo.micmiu.com:8443/cas/logout,回车显示:


地址栏中输入:https://demo.micmiu.com:8443/cas/logout,回车显示:

上述表示 认证注销成功,此时如果再访问 : http://app1.micmiu.com:18080/examples/servlets/servlet/HelloWorldExample 或 http://app2.micmiu.com:28080/examples/servlets/servlet/HelloWorldExample 需要重新进行认证。

7.2  获取登录用户的信息

修改HelloWorldExample.java,重新编译替换webapps\examples\WEB-INF\classes\HelloWorldExample.class文件,修改后的HelloWorldExample.java代码如下:

1 import java.io.*;
2 import java.util.*;
3 import java.util.Map.Entry;
4  
5 import javax.servlet.*;
6 import javax.servlet.http.*;
7  
8 import org.jasig.cas.client.authentication.AttributePrincipal;
9 import org.jasig.cas.client.util.AbstractCasFilter;
10 import org.jasig.cas.client.validation.Assertion;
11  
12 /**
13  * The simplest possible servlet.
14  *
15  * @author James Duncan Davidson
16  */
17  
18 public class HelloWorldExample extends HttpServlet {
19  
20     public void doGet(HttpServletRequest request, HttpServletResponse response)
21             throws IOException, ServletException {
22         ResourceBundle rb = ResourceBundle.getBundle("LocalStrings", request
23                 .getLocale());
24         response.setContentType("text/html");
25         PrintWriter out = response.getWriter();
26  
27         out.println("<html>");
28         out.println("<head>");
29  
30         String title = rb.getString("helloworld.title");
31  
32         out.println("<title>" + title + "</title>");
33         out.println("</head>");
34         out.println("<body bgcolor=\"white\">");
35  
36         out.println("<a href=\"../helloworld.html\">");
37         out.println("<img src=\"../images/code.gif\" height=24 "
38                 "width=24 align=right border=0 alt=\"view code\"></a>");
39         out.println("<a href=\"../index.html\">");
40         out.println("<img src=\"../images/return.gif\" height=24 "
41                 "width=24 align=right border=0 alt=\"return\"></a>");
42         out.println("<h1>" + title + "</h1>");
43  
44         Assertion assertion = (Assertion) request.getSession().getAttribute(
45                 AbstractCasFilter.CONST_CAS_ASSERTION);
46  
47         if (null != assertion) {
48             out.println(" Log | ValidFromDate =:"
49                     + assertion.getValidFromDate() + "<br>");
50             out.println(" Log | ValidUntilDate =:"
51                     + assertion.getValidUntilDate() + "<br>");
52             Map<Object, Object> attMap = assertion.getAttributes();
53             out.println(" Log | getAttributes Map size = " + attMap.size()
54                     "<br>");
55             for (Entry<Object, Object> entry : attMap.entrySet()) {
56                 out.println("     | " + entry.getKey() + "=:"
57                         + entry.getValue() + "<br>");
58             }
59  
60         }
61         AttributePrincipal principal = assertion.getPrincipal();
62  
63         // AttributePrincipal principal = (AttributePrincipal) request
64         // .getUserPrincipal();
65  
66         String username = null;
67         out.print(" Log | UserName:");
68         if (null != principal) {
69             username = principal.getName();
70             out.println("<span style='color:red;'>" + username + "</span><br>");
71         }
72  
73         out.println("</body>");
74         out.println("</html>");
75     }
76 }

再进行上述测试显示结果如下:

http://app1.micmiu.com:18080/examples/servlets/servlet/HelloWorldExample :



地址栏中输入: https://demo.micmiu.com:8443/cas/logout ,回车显示:
qq_19568599
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
CAS实现单点登录SSO)经典完整教程
LiaoHongHB的博客
11-19 1159
转载自:https://blog.csdn.net/small_love/article/details/6664831 &nbsp;&nbsp; &nbsp;一、简介 &nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;1、cas是有耶鲁大学研发的单点登录服务器 &nb...
单点登入配置
一步一个脚印
02-28 1000
JA-SIG CAS(Central Authentication Service)为Web应用系统提供了单点登录服务。 1.实际配置:  下载cas-client-3.2.1-release.zip  cas-server-3.4.10-release.zip  和 apache-tomcat-6.0.33 (我的测试环境)  配置Tomcat服务器 打开Tomcat根目录下的/
cas-server-3.4.10-release和cas-client-3.2.1-release
05-31
cas的jar包,包括: 服务器端:cas-server-3.4.10-release.zip 客户端:cas-client-3.2.1-release.zip
cas-client-core-3.2.1-sources.jar
09-07
CAS单点登录使用客户端jar包,简单,安全易用.
SSOCAS单点登录详细教程.docx
01-04
SSOCAS单点登录详细教程.docx
SSOCAS单点登录详细教程
11-07
花费几个小时的时间,给需要学习的人员学习使用,希望能帮助到你们。
SSOCAS单点登录详细图文教程.zip
01-04
内容图片附文字很详细的教大家如何部署
sso/cas单点登录Java maven版 含服务端客服端
02-26
sso/cas单点登录Java maven版 含服务端客服端
cas-client-core-3.2.1.jar
10-15
cas 客户端的jar包 版本:3.2.1
CAS jasig SSO单点登录解决方案完整版
04-14
cas-client-core-3.2.1.jar LoginImpl.java LoginServlet.java SSOClientFilter.java web.xml 电子政务平台单点登录集成手册v4.0-2017年2月9日.docx
CAS--SSO单点用到的jar包
10-18
cas-client-core.jar commons-lang-2.4.jar slf4j-api-1.7.25.jar
jasig CAS客户端配置
态度决定思路,思路决定出路!!!
04-13 4404
cas客户的配置及出现org.xml.sax.SAXParseException; lineNumber: 64; columnNumber: 23; 元素类型 "label" 必须由匹配的结束标记 "</label>" 终止,错误处理!
cas client 3.2.1 环境搭建
dongdong_java的专栏
02-28 1万+
接着上一节内容继续搭建客户端,搭建客户端新建一个web project ,需要的包,我截图上来吧,我是结合spring+hibernate 注解配置 如果不配置 spring hibernate ,只有mysql-connector-java.jar,cas-client-core.jar就可以了 <web-app version="2.5" xmlns="http://ja
OSS单点登录cas-client-core-3.2.1
emailscott的博客
03-05 7764
1. 添加 cas-client-core-3.2.1.jar 包 &lt;dependency&gt;     &lt;groupId&gt;org.jasig.cas.client&lt;/groupId&gt;     &lt;artifactId&gt;cas-client-core&lt;/artifactId&gt;     &lt;version&gt;3.2.1&lt;/versi...
CAS 实现单点登录SSO)简单实例demo(二)
何静媛
04-07 1万+
本文目的很明确,并不是要逐步讲清楚每一步的操作,具体的步骤网上有很多,那么整理本文的目的只是要梳理一下自己的知识点,帮助自己加深理解。   小知识点积累:   域名地址的修改:   根据演示需求,用修改hosts文件的方法添加域名最简单方便(这个非常重要),在文件 C:\Windows\System32\drivers\etc\hosts 文件中添加三条   127.0.0.1
单点登录(三)-----实战-----cas server 源码下载和部署
热门推荐
直到世界的尽头
01-24 2万+
我们在上一篇文章中使用的是4.0版本的cas,4.0版本的有发布好的war包可以直接使用,那如果我们要使用更新的版本怎么办呢?就需要下载源码自己编辑打包了。步骤如下:版本选择我们在cas的github项目中可以看到版本的发布情况,我们可以自己根据特性来选择版本。https://github.com/apereo/cas/releases点击DOCS然后查看Getting Started中的Inst
cas单点登录和jwt登录
最新发布
09-14
CAS单点登录适合于企业内部系统或者具有多个相关性强的应用,CAS作为中心认证服务器,可以实现在多个应用之间共享登录状态,用户只需登录一次即可访问所有受信任的应用。CAS提供了集中管理用户身份认证和授权的能力...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值