JA-SIG CAS(Central Authentication Service)为Web应用系统提供了单点登录服务。
1.实际配置:
下载cas-client-3.2.1-release.zip cas-server-3.4.10-release.zip 和 apache-tomcat-6.0.33 (我的测试环境)
配置Tomcat服务器
打开Tomcat根目录下的/conf/server.xml,找到Connector port=”8443″配置段,修改为如下:
<Connector port=”8443″ protocol=”org.apache.coyote.http11.Http11NioProtocol”
SSLEnabled=”true” maxThreads=”150″ scheme=”https”
secure=”true” clientAuth=”配置Tomcat服务器
打开Tomcat根目录下的/conf/server.xml,找到Connector port=”8443″配置段,修改为如下:
<Connector port=”8443″ protocol=”org.apache.coyote.http11.Http11NioProtocol”
SSLEnabled=”true” maxThreads=”150″ scheme=”https”
secure=”true” clientAuth=”false” sslProtocol=”TLS”
keystoreFile=”D:\\home\\tomcat.keystore” keystorePass=”123456″ />
(tomcat要与生成的服务端证书名一致)
属性说明:
clientAuth:设置是否双向验证,默认为false,设置为true代表双向验证
keystoreFile:服务器证书文件路径
keystorePass:服务器证书密码
keystoreFile=”D:\\home\\tomcat.keystore” keystorePass=”123456″ />
属性说明:
clientAuth:设置是否双向验证,默认为false,设置为true代表双向验证
keystoreFile:服务器证书文件路径
keystorePass:服务器证书密码
证书生成:这个网上例子太多(注:证书导入 jdk 环境中 (假如jdk默认安装的路径即C:\Program Files 下)时,需要有管理员身份进行,不然会出错);
server 配置(我这里介绍的是跟mysql 进行登入密码验证):
解压cas-server-3.4.10.zip \modules 取出cas-server-webapp-3.4.10.war ,cas-server-support-jdbc-3.4.10.jar(这个数据库访问 用到的)
把 cas-server-webapp-3.4.10.war 放入tomcat 修改为cas ,在cas\WEB-INF\deployerConfigContext.xml 修改如下:
把上面的cas-server-support-jdbc-3.4.10.jar 放入lib中,
<bean
class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
-->//注销掉
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="sql" value="select password from app_user where username=?" />
<property name="dataSource">
<ref local="dataSource"/>
</property>
</bean> //这个需要增加
//因为我用到了连接池 所以需要放入c3p0-0.9.1.1.jar 这个jar包
<bean id="dataSource"
class="com.mchange.v2.c3p0.ComboPooledDataSource"
destroy-method="close">
<property name="driverClass" value="com.mysql.jdbc.Driver" />
<property name="jdbcUrl" value="jdbc:mysql://localhost:3306/cas" />
<property name="user" value="root"></property>
<property name="password" value="java"></property>
<property name="minPoolSize" value="5" />
<property name="maxPoolSize" value="10" />
<property name="initialPoolSize" value="10" />
<property name="maxIdleTime" value="60" />
<property name="acquireIncrement" value="5" />
<property name="maxStatements" value="0" />
<property name="idleConnectionTestPeriod" value="60" />
<property name="acquireRetryAttempts" value="30" />
<property name="breakAfterAcquireFailure" value="true" />
<property name="testConnectionOnCheckout" value="false" />
</bean> //这个也需要增加,这里我用到了数据连接池c3p0 需要c3p0-0.9.1.1.jar支持
或者
<bean id="dataSource"class="org.springframework.jdbc.datasource.DriverManagerDataSource"destroy-method="close"
<propertyname="driverClassName"><value>com.mysql.jdbc.Driver</value></property
<propertyname="url"><value>jdbc:mysql://localhost:3306/cas</value></property>
<propertyname="username"><value>root</value></property>
<propertyname="password"><value>java</value></property>
</bean>//用这个配置,我试了不成功,提示 这个bean初始化不成功(应该缺少什么jar包,哪位找出来,告诉我),不过网上很多教程都用这个,我也不知道
client 配置
随便新建一个项目 ,cas-client-3.2.1 \modules\cas-client-core-3.2.1.jar 放入刚才新建的项目中
web.xml 中加入
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- 该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责用户的认证工作,必须启用它 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://192.68.69.28:8443/cas/login</param-value>
<!--这里的server是服务端的IP -->
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://192.68.69.28:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://192.68.69.28:8443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://192.68.69.28:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责实现HttpServletRequest请求的包裹, 比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。 -->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 比如AssertionHolder.getAssertion().getPrincipal().getName()。 -->
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这样子一个demo好了