软件版本:cas-overlay-template-5.3,centOS7,idea2019.3.1,Mysql8.0.11
0、什么是单点登录:理解:单指的是用户只需要登录一次就可以访问所有相互信任的应用系统。
1、上传tomcat压缩包到文件夹/usr/local/cas目录下
2、解压tomcat服务器,删除压缩包,修改文件夹名称,修改端口号
tar -zxvf apache-tomcat-8.5.32.tar.gz
rm -rf apache-tomcat-8.5.32.tar.gz
mv apache-tomcat-8.5.32/ tomcat
3、启动tomcat,测试一下,浏览器进行访问
/usr/local/cas/tomcat/bin/startup.sh
注:如果不能访问,检查下防火墙是否关闭防火墙关闭命令
systemctl stop firewalld.service
4、关闭Tomcat
/usr/local/cas/tomcat/bin/shutdown.sh
将cas.war上传到Tomcat的webapp文件夹下
再次启动Tomcat,cas.war自动被解压
/usr/local/cas/tomcat/bin/startup.sh
再次关闭Tomcat,删除cas.war文件
/usr/local/cas/tomcat/bin/shutdown.sh
rm -rf cas.war
5、启动Tomcat
/usr/local/cas/tomcat/bin/startup.sh
可以监听CAS服务器是否启动成功,再次打开一个终端
tail -f /usr/local/cas/tomcat/logs/catalina.out
6、访问CAS服务器:http://192.168.1.9:9100/cas/login
注:用户名casuser 密码:Mellon
7、创建项目测试,创建两个项目,我这里创建两个maven项目,引入依赖,配置Tomcat
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.3.3</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
</dependency>
配置Tomcat服务器
配置web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置 -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- 该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责用户的认证工作,必须启用它 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<!--如果没有登录,会重定向到cas服务器当中 server是服务端的IP-->
<param-value>http://192.168.1.9:9100/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<!--登录完成之后, 跳回自己的业务系统, 这里是业务系统的ip和商口,注意这里不能使用localhost-->
<param-value>http://127.0.0.1:9001</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<!--登录之后,校验令牌的地址 cas服务器的地址-->
<param-value>http://192.168.1.9:9100/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<!--校验完成之后跳回业务系统 业务系统的ip和端口,注意这里不能使用localhost-->
<param-value>http://127.0.0.1:9001</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责实现HttpServletRequest请求的包裹, 比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。 -->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 比如AssertionHolder.getAssertion().getPrincipal().getName()。 -->
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
去除https认证与设置cookie
修改/usr/local/cas/tomcat/webapps/cas/WEB-INF/classes/services/HTTPSandIMAPS-10000001.json文件
修改/usr/local/cas/tomcat/webapps/cas/WEB-INF/classes/ application.properties,追加配置
cas.tgc.secure=false
cas.serviceRegistry.initFromJson=true
#配置允许登出后跳转到指定页面
cas.logout.followServiceRedirects=true
#跳转到指定页面需要的参数名为 service
cas.logout.redirectParameter=service
8、启动项目测试,注:项目首页(index.jsp)文件代码
<html>
<body>
<h2>Hello World!</h2>
<a href="http://192.168.1.9:9100/cas/logout?service=http://www.baidu.com">logout</a>
</body>
</html>
url:http://192.168.1.9:9100/cas/login?service=http%3A%2F%2F127.0.0.1%3A9001%2Fcasone%2F
输入账号密码登陆成功之后
当我们再次使用http://192.168.1.9:9100/cas/login?service=http%3A%2F%2F127.0.0.1%3A9001%2Fcasone%2F
访问时无需再次登录
点击logout会跳转到百度页面,当我们再次使用http://192.168.1.9:9100/cas/login?service=http%3A%2F%2F127.0.0.1%3A9001%2Fcasone%2F 访问时需再次登录
====================如何让另一个项目知道已经登录了呢================================
9、再次创建一个maven项目,和前面类似,过程略
我们发现其中一个登录,另外一个就不需要登录了,当我们不换浏览器的情况下,使用另外一个项目配置同一个CAS服务器,访问之前浏览器会去向CAS服务器发出请求判断是否已经登录,利用的使用浏览器缓存,如果我们禁用浏览器缓存,这个功能就GG了,我们现在使用的是配置文件里面的数据源(linux需要访问windows的数据源),登录页面也是CAS服务器的,接下来我们将这两个点变得活跃起来
10、自定义数据源
修改Mysql远程访问权限
create user usercas identified with mysql_native_password by 'usercas';
grant all on *.* to 'usercas'@'%';
FLUSH PRIVILEGES;
修改application.properties文件,注释掉#cas.authn.accept.users=root::root
#cas.authn.accept.users=root::root
cas.authn.jdbc.query[0].url=jdbc:mysql://192.168.1.101:3306/test?useUnicode=true&characterEncoding=utf-8&serverTimezone=UTC&useSSL=false
cas.authn.jdbc.query[0].user=usercas
cas.authn.jdbc.query[0].password=usercas
cas.authn.jdbc.query[0].sql=select * from user where username= ?
cas.authn.jdbc.query[0].driverClass=com.mysql.cj.jdbc.Driver
cas.authn.jdbc.query[0].fieldPassword=password
cas.authn.jdbc.query[0].fieldExpired=expired
#cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5
创建test数据库,user表,插入两行数据
重启Tomcat,测试一下
如果windows拒绝访问数据库,关闭下防火墙,确保双方都能ping通
11、自定义登录页面
在service/HTTPSandIMAPS-10000001.json中添加主题名称
在classes目录当中创建mypage.properties文件(cas.theme.defaultThemeName=mypage两个属性名对应,需要保持一致)
#原cas默认的css样式,如果更改了,某些页面样式将丢失
cas.standard.css.file=/css/cas.css
#自己的样式
cas.page.login.css=/css/pages-login.css
cas.webbase.css=/css/webbase.css
cas.jquery.easing.min.js=/js/jquery.easing.min.js
cas.jquery.min.js=/js/jquery.min.js
cas.jquery.placeholder.min.js=/js/jquery.placeholder.min.js
cas.login.js=/js/login.js
cas.sui.min.js=/js/sui.min.js
cas.qq.png = /images/img/qq.png
cas.weixin.png = /images/img/weixin.png
放入静态资源文件,将js,css,images上传到指定文件夹下,对号入座
"theme" : "mypage"
在templates中创建文件mypage,将casLoginView.html放进去
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=9; IE=8; IE=7; IE=EDGE">
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7"/>
<title>欢迎登录</title>
<link rel="stylesheet" type="text/css" href="css/webbase.css" th:href="@{${#themes.code('cas.webbase.css')}}"/>
<link rel="stylesheet" type="text/css" href="css/pages-login.css"
th:href="@{${#themes.code('cas.page.login.css')}}"/>
</head>
<body>
<div class="login-box">
<div style="height: 90px; padding-top: 10px; padding-left: 390px;">
<img src="img/logo.png" th:src="@{${#themes.code('cas.logo.png')}}" alt="" width="80" height="80" style="float:left; ">
<img src="img/welcome.png" th:src="@{${#themes.code('cas.welcome.png')}}" alt="" width="120" height="50" style="float:left;margin-top: 20px; margin-left: 10px;">
</div>
<!--loginArea-->
<div class="loginArea">
<div class="py-container login">
<div class="loginform">
<ul class="sui-nav nav-tabs tab-wraped">
<li>
<a href="#index" data-toggle="tab">
<h3>扫描登录</h3>
</a>
</li>
<li class="active">
<a href="#profile" data-toggle="tab">
<h3>账户登录</h3>
</a>
</li>
</ul>
<div class="tab-content tab-wraped">
<div id="index" class="tab-pane">
<p>二维码登录,暂为官网二维码</p>
<img src="img/wx_cz.jpg" />
</div>
<div id="profile" class="tab-pane active">
<form method="post" class="sui-form" id="fm1" th:object="${credential}" action="login">
<div class="alert alert-danger" th:if="${#fields.hasErrors('*')}">
<span th:each="err : ${#fields.errors('*')}" th:utext="${err}">Example error</span>
</div>
<div th:if="${openIdLocalId}">
<strong>
<span th:utext="${openIdLocalId}"/>
</strong>
<input type="hidden"
id="username"
name="username"
th:value="${openIdLocalId}"/>
</div>
<div class="input-prepend"><span class="add-on loginname"></span>
<input id="username"
type="text"
placeholder="邮箱/用户名/手机号"
th:disabled="${guaEnabled}"
th:field="*{username}"
th:accesskey="#{screen.welcome.label.netid.accesskey}"
class="span2 input-xfat form-control required">
</div>
<div class="input-prepend">
<span class="add-on loginpwd"></span>
<input id="password"
type="password"
placeholder="请输入密码"
th:accesskey="#{screen.welcome.label.password.accesskey}"
th:field="*{password}"
class="span2 input-xfat form-control required">
</div>
<div class="setting">
<label class="checkbox inline">
<input name="m1" type="checkbox" value="2" checked="">
自动登录
</label>
<span class="forget">忘记密码?</span>
</div>
<div class="logined">
<!--<a class="sui-btn btn-block btn-xlarge btn-danger" href="home-index.html" >登 录</a>-->
<input type="hidden" name="execution" th:value="${flowExecutionKey}"/>
<input type="hidden" name="_eventId" value="submit"/>
<input type="hidden" name="geolocation"/>
<input class="sui-btn btn-block btn-xlarge btn-danger btn-submit"
th:unless="${recaptchaSiteKey != null AND recaptchaInvisible != null AND recaptchaSiteKey != null AND recaptchaInvisible}"
name="submit"
accesskey="l"
th:value="登录"
tabindex="6"
type="submit"
value="登录"
/>
<button class="btn btn-block btn-submit g-recaptcha"
th:if="${recaptchaSiteKey != null AND recaptchaInvisible != null AND recaptchaSiteKey != null AND recaptchaInvisible}"
th:attr="data-sitekey=${recaptchaSiteKey}, data-badge=${recaptchaPosition}"
data-callback="onSubmit"
name="submitBtn"
accesskey="l"
th:text="#{screen.welcome.button.login}"
tabindex="6"
/>
</div>
</form>
<div class="otherlogin">
<div class="types">
<ul>
<li><img src="img/qq.png" th:src="@{${#themes.code('cas.qq.png')}}" width="35px" height="35px" /></li>
<li><img rc="img/weixin.png" th:src="@{${#themes.code('cas.weixin.png')}}" s /></li>
</ul>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<!--foot-->
<div class="py-container copyright">
<ul class="helpLink">
<li>关于我们<span class="space"></span></li>
<li>联系我们<span class="space"></span></li>
<li>联系客服<span class="space"></span></li>
<li>合作招商<span class="space"></span></li>
<li>商家帮助<span class="space"></span></li>
<li>营销中心<span class="space"></span></li>
<li>友情链接<span class="space"></span></li>
<li>销售联盟<span class="space"></span></li>
<li>友情链接<span class="space"></span></li>
<li>隐私政策</li>
</ul>
<p>京公网安备 1****002000088号|京ICP证0*****9号|互联网药品信息服务资格证编号(京)-经营性-2014-0008|新出发京零 字第大1*****2号</p>
<p>京ICP备0*****1号京公网安备1***********2</p>
</div>
</div>
<script type="text/javascript" th:inline="javascript">
var i = [[#{screen.welcome.button.loginwip}]]
$( document ).ready(function() {
$("#fm1").submit(function () {
$(":submit").attr("disabled", true);
$(":submit").attr("value", i);
console.log(i);
return true;
});
});
</script>
<script type="text/javascript" src="js/plugins/jquery/jquery.min.js"
th:src="@{${#themes.code('cas.jquery.min.js')}}"></script>
<script type="text/javascript" src="js/plugins/jquery.easing/jquery.easing.min.js"
th:src="@{${#themes.code('cas.jquery.easing.min.js')}}"></script>
<script type="text/javascript" src="js/plugins/sui/sui.min.js" th:src="@{${#themes.code('cas.sui.min.js')}}"></script>
<script type="text/javascript" src="js/plugins/jquery-placeholder/jquery.placeholder.min.js"
th:src="@{${#themes.code('cas.jquery.placeholder.min.js')}}"></script>
<script type="text/javascript" src="js/pages/login.js" th:src="@{${#themes.code('cas.login.js')}}"></script>
</body>
</html>
在application.properties当中添加主题
cas.theme.defaultThemeName=mypage
12、重启Tomcat 测试。。。
需要源码文件私聊即可!!!