Cas单点登录(6)Cas Client配置

最新推荐文章于 2023-09-15 16:54:17 发布
最新推荐文章于 2023-09-15 16:54:17 发布
阅读量640 收藏 1
点赞数
分类专栏: cas单点登录 Cas单点登录 文章标签: sso单点登录
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/sz85850597/article/details/78469836
版权

1、新建项目

新建javaEE项目CasClient,添加jar包cas-client-core-3.2.1.jar

2、修改web.xml

向javaEE项目的WEB-INF/web.xml添加以下代码

<!-- ======================== 单点登录开始 ======================== -->
<!-- 该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>

    <!-- 该过滤器负责用户的认证工作,必须启用它 -->
<filter>
        <filter-name>CAS Authentication Filter</filter-name>
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <param-value>http://Cas Server的ip:端口号/cas/login</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://client服务器ip:端口号</param-value>
        </init-param>
</filter>

    <!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
        <filter-name>CAS Validation Filter</filter-name>
        <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>http://Cas Server的ip:端口号/cas</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://client服务器ip:端口号</param-value>
        </init-param>
        <init-param>
            <param-name>redirectAfterValidation</param-name>
            <param-value>true</param-value>
        </init-param>
</filter>

<!-- 该过滤器负责实现HttpServletRequest请求的包裹, 比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。 -->
<filter>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>

<!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 比如AssertionHolder.getAssertion().getPrincipal().getName()。 -->
<filter>
        <filter-name>CAS Assertion Thread Local Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>

<filter-mapping>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
        <filter-name>CAS Authentication Filter</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
        <filter-name>CAS Validation Filter</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
        <filter-name>CAS Assertion Thread Local Filter</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>

<!-- ======================== 单点登录结束 ======================== -->

<!-- 所有 filter 结束后添加 logout 的 listener -->
<!-- 用于单点退出 -->
<listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>

3、测试

  1. 启动Cas Server所在Tomcat;
  2. 将项目CasClient放入各自对应的Client服务器中后,启动三个Client服务器所在Tomcat;
  3. 输入任意Client对应的网址:http://client服务器ip:端口号/CasClient,若自动跳转至Cas Server登录页面,账号密码输入成功后跳转回Client页面。再输入其他任意Client对应网址后,免登陆直接显示Client页面,则说明配置成功。
祈雨v
关注
专栏目录
cas 配置client 1.0 &2.0 及proxy DEMO 说明
12-16
cas 配置client 1.0 &2.0 及proxy DEMO 说明 1 cas server 搭建 1.1 资源准备 cas server 下载 http://www.ja-sig.org/downloads/cas/cas-server-3.3.1-release.zip 1.2 解压后打开cas-server-3.3.1-release\cas-server-3.3.1\modules ,将cas-server-webapp-3.3.1.war 重命名为cas.war,并将war包拷贝到tomcat5.5以上版本的webapps目录下(在此对server jdbc支持不做详细解读,测试使用CAS simaple提供的默认用户名 密码 cas/cas) 2 证书生成及导入 2.1 Server端证书配置 2.2 2.2.1 证书生成导入 2.2.1.1 keytool -delete -alias tomcatsso -keystore cacerts -storepass changeit 2.2.1.2 keytool -list -keystore cacerts -storepass changeit 2.2.1.3 keytool -genkey -keyalg RSA -alias tomcatsso -dname "cn=www.test.com" -keystore cacerts -storepass changeit 2.2.1.4 keytool -export -alias tomcatsso -file tomcatsso.crt -keystore cacerts -storepass changeit 2.2.1.5 keytool -import -alias tomcatsso -file tomcatsso.crt -keystore cacerts -storepass changeit 2.2.1.6 keytool -list -keystore cacerts -storepass changeit 说明:在生成key的过程,"cn=www.test.com" 中的www.test.com为Server端的域名(必填)。 2.2.2 TOMCAT 配置SSL支持 2.2.2.1 将cacerts文件复制到TOMCAT的conf目录下修改server.xml <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" /> <Connector port="443" minSpareThreads="5" maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keystoreFile="conf/cacerts" keystorePass="changeit" truststoreFile="conf/cacerts"/> 启动Tomcat,测试https://www.test.com:443 2.2.3 客户端证书导入 2.2.3.1 .\jre\lib\security>keytool -import -alias tomcatsso -file tomcatsso.crt -keystore cacerts -storepass changeit 3 cas client 1.0配置说明 <?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <description>cas1 demo</description> <!-- cas filter --> <filter> <filter-name>CAS Filter</filter-name> <filter-class> edu.yale.its.tp.cas.client.filter.CASFilter </filter-class> <!-- server login url --> <init-param> <param-name> edu.yale.its.tp.cas.client.filter.loginUrl </param-name> <param-value> https://www.test.com:8443/cas/login </param-value> </init-param> <!-- server validate url --> <init-param> <param-name> edu.yale.its.tp.cas.client.filter.validateUrl </param-name> <param-value> https://www.test.com:8443/cas/proxyValidate </param-value> </init-param> <!-- local web url --> <init-param> <param-name> edu.yale.its.tp.cas.client.filter.serverName </param-name> <param-value>www.teste.com:8080</param-value> </init-param> </filter> <!-- CAS Filter mapping --> <filter-mapping> <filter-name>CAS Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> </web-app> 4 cas client 2.0配置说明 <?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <description>cas client test</description> <!--CAS Authentication FILTER --> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class> org.jasig.cas.client.authentication.AuthenticationFilter </filter-class> <!-- cas server LOGIN URL --> <!-- https://www.test.com:8443/cas/login--> <init-param> <param-name>casServerLoginUrl</param-name> <param-value> https://www.test.com:8443/cas/login </param-value> </init-param> <!-- local web URL --> <init-param> <param-name>serverName</param-name> <param-value>http://www.testd.com:8080</param-value> </init-param> </filter> <!-- CAS Validation FILTER --> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter </filter-class> <!-- CAS SERVER URL --> <!-- https://www.test.com:8443/cas --> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://www.test.com:8443/cas</param-value> </init-param> <!-- LOCAL web URL --> <init-param> <param-name>serverName</param-name> <param-value>http://www.testd.com:8080</param-value> </init-param> <!-- if validation false throw exception ; default true--> <init-param> <param-name>exceptionOnValidationFailure</param-name> <param-value>false</param-value> </init-param> </filter> <!-- cas security username on request.getRemoteUser() --> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class> org.jasig.cas.client.util.HttpServletRequestWrapperFilter </filter-class> </filter> <!-- CAS SINGLE SIGN OUT FILTER --> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class> org.jasig.cas.client.session.SingleSignOutFilter </filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/index.jsp</url-pattern> </filter-mapping> <!-- SingleSignOutHttpSessionListener LISTENER --> <listener> <listener-class> org.jasig.cas.client.session.SingleSignOutHttpSessionListener </listener-class> </listener> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> </web-app> 5 cas client 2.0 proxy 配置说明 proxy web.xml <?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <description>cas client test</description> <!--CAS Authentication FILTER --> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class> org.jasig.cas.client.authentication.AuthenticationFilter </filter-class> <!-- cas server LOGIN URL --> <!-- http://www.test.com:8880 --> <init-param> <param-name>casServerLoginUrl</param-name> <param-value> https://www.test.com:8443/cas/login </param-value> </init-param> <!-- local web URL --> <init-param> <param-name>serverName</param-name> <param-value>http://www.teste.com:8080</param-value> </init-param> </filter> <!-- CAS Validation FILTER --> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter </filter-class> <!-- CAS SERVER URL --> <!-- http://www.test.com:8880 --> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://www.test.com:8443/cas</param-value> </init-param> <!-- LOCAL web URL --> <init-param> <param-name>serverName</param-name> <param-value>http://www.teste.com:8080</param-value> </init-param> <!-- if validation false throw exception ; default true--> <init-param> <param-name>exceptionOnValidationFailure</param-name> <param-value>false</param-value> </init-param> <!-- the URL to watch for PGTIOU/PGT responses from the CAS server --> <init-param> <param-name>allowedProxyChains</param-name> <param-value>http://www.testd.com:8080/testd</param-value> </init-param> </filter> <!-- cas security username on request.getRemoteUser() --> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class> org.jasig.cas.client.util.HttpServletRequestWrapperFilter </filter-class> </filter> <!-- CAS SINGLE SIGN OUT FILTER --> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class> org.jasig.cas.client.session.SingleSignOutFilter </filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/index.jsp</url-pattern> </filter-mapping> <!-- SingleSignOutHttpSessionListener LISTENER --> <listener> <listener-class> org.jasig.cas.client.session.SingleSignOutHttpSessionListener </listener-class> </listener> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> </web-app> non proxy web.xml <?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <description>cas client test</description> <!--CAS Authentication FILTER --> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class> org.jasig.cas.client.authentication.AuthenticationFilter </filter-class> <!-- cas server LOGIN URL --> <!-- https://www.test.com:8443/cas/login--> <init-param> <param-name>casServerLoginUrl</param-name> <param-value> https://www.test.com:8443/cas/login </param-value> </init-param> <!-- local web URL --> <init-param> <param-name>serverName</param-name> <param-value>http://www.testd.com:8080</param-value> </init-param> </filter> <!-- CAS Validation FILTER --> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter </filter-class> <!-- CAS SERVER URL --> <!-- https://www.test.com:8443/cas --> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://www.test.com:8443/cas</param-value> </init-param> <!-- LOCAL web URL --> <init-param> <param-name>serverName</param-name> <param-value>http://www.testd.com:8080</param-value> </init-param> <!-- if validation false throw exception ; default true--> <init-param> <param-name>exceptionOnValidationFailure</param-name> <param-value>false</param-value> </init-param> <!-- validation callback validate url --> <init-param> <param-name>proxyCallbackUrl</param-name> <param-value>http://www.teste.com:8080/teste</param-value> </init-param> <!-- proxyreceptor url --> <init-param> <param-name>proxyReceptorUrl</param-name> <param-value>/proxy/test.jsp</param-value> </init-param> </filter> <!-- cas security username on request.getRemoteUser() --> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class> org.jasig.cas.client.util.HttpServletRequestWrapperFilter </filter-class> </filter> <!-- CAS SINGLE SIGN OUT FILTER --> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class> org.jasig.cas.client.session.SingleSignOutFilter </filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/index.jsp</url-pattern> </filter-mapping> <!-- SingleSignOutHttpSessionListener LISTENER --> <listener> <listener-class> org.jasig.cas.client.session.SingleSignOutHttpSessionListener </listener-class> </listener> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> </web-app> 6 demo 部署及说明 拷贝demo目录下的文件到 相应的发布目录(tomcat/webapps)下,使用解压工具解压,打开对应demo的web.xml,将www.test.com 及 www.testd.com 、www.teste.com 修改为相应的路径 启动TOMCAT ,祝贺你CAS 部署成功了! 7 Cas 非HTTPS支持(不赞成使用) cas client 部分修改 打开edu.yale.its.tp.cas.client.filter类,注释此 if (!pv.isAuthenticationSuccesful()) // throw new ServletException( // "CAS authentication error: " + pv.getErrorCode() + ": " + pv.getErrorMessage()); Cas server 部分修改 打开 cas-server-webapp-3.3.1\WebRoot\WEB-INF\spring-configuration\ticketGrantingTicketCookieGenerator.xml 文件 将 p:cookieSecure="true" 值改为 p:cookieSecure="false" 备注:此文仅供参考,作者仅希望通过此文引导新手,相互交流,若有疑问或意见请与作者联系! 利剑 2008-12-16 QQ:349566018 E-mail:mygw@163.com
cas client配置
qian0021514578
04-24 378
http://blog.csdn.net/roadmap001/article/details/8147281   CASSSO常用的开源解决方案,可以适用多种语言实现的Web应用。前面介绍了CAS Server端的配置。下面结合本人的实际操作,详细说明下Java应用CAS Client配置。首先,说明下配置环境: 1. CAS Server 3.4.5,跑在tomcat 7上。 部署...
cas-client配置
weixin_30291791的博客
12-28 122
cas4.0 单点登录cas-client cas4.0 单点登录 之 https证书已经做好了证书的准备工作,现在结合cas-server来配置单点登录; 一、安装cas服务端(cas-server) cas服务端是一个war包,这里只做体验单点登录cas-server下载点这里cas-server-webapp-4.0.0.war,将war包放tomcat下运行即可,运行cas...
cas client 相关配置
04-19 349
一、组件: (1)核心功能,其中包括CAS身份验证/验证过滤器。 <dependency> <groupId>org.jasig.cas.client</groupId> <artifactId>cas-client-core</art...
cas6.0.4 单点登录
purplelineZD的博客
09-10 2106
sso单点登录cas6.0.4 单点登录原理(原来参考网上资料) 有一个独立的认证中心,只有认证中心才能接受用户的用户名和密码等信息进行认证,其他系统不提供登录入口,只接受认证中心的间接授权。间接授权通过令牌实现,当用户提供的用户名和密码通过认证中心认证后,认证中心会创建授权令牌,在接下来的跳转过程中,授权令牌作为参数发送给各个子系统,子系统拿到令牌即得到了授权,然后创建局部会话。 ...
Django集成CAS单点登录的方法示例
12-31
CAS 全称集中式认证服务(Central Authentication Service),是实现单点登录(SSO)的一中手段。 CAS 的通讯流程图如下(图片来自Google图库): 对于本文用户可感知的层面,认证过程如下: 前端访问后端登录接口 ...
CAS单点登录(SSO)服务端自定义认证+CAS客户端配置+CAS完整使用文档+CAS4.2.7 cas-serv服务端源码 cas-client客户端源码
06-27
CAS(Central Authentication Service)是Java开发的一个开源的单点登录(Single Sign-On,简称SSO)框架,主要用于解决网络应用中的身份验证问题。本压缩包提供了CAS服务端自定义认证的实现,以及CAS客户端的配置...
sso/cas单点登录Java maven版 含服务端客服端
02-26
SSO(Single Sign-On)是单点登录的缩写,是一种网络用户身份验证的机制,允许用户在一次登录后访问多个应用系统而无需再次验证。CAS(Central Authentication Service)是SSO的一种实现,由耶鲁大学开发并开源,它...
spring boot整合CAS Client实现单点登陆验证的示例
08-28
Spring Boot 整合 CAS Client 实现单点登录验证的示例 Spring Boot 整合 CAS Client 是一种流行的解决方案,用于实现单点登录(Single ...通过配置 CAS Client,我们可以轻松地实现单点登录,提高用户体验和安全性。
cas-client 使用(6)
weixin_34081595的博客
03-09 199
2019独角兽企业重金招聘Python工程师标准>>> ...
cas client cas server
01-05
cas服务器的原理以及介绍,CAS服务端总共对外暴露了7个接口,客户端通过访问这7个接口与服务端交互,
基于Tomcat6的CAS SSO配置
04-26
本文档主要根据自己的实际工作而编写的,部分来源于网络
cas-client-core-3.2.1.jar
01-27
cas-client-core-3.2.1
cas-client-core-3.3.3.jar
04-08
cas-client-core-3.3.3.jar放到客户端lib文件夹下就ok
cas-client基于CAS协议客户端搭建
最新发布
梧桐树的博客
09-15 840
前面介绍了cas服务端的搭建,今天来介绍一下基于cas协议客户端的搭建,下面是服务端搭建的介绍解决了服务端的问题,客户端的搭建就简单多了。
使用cas 6.03实现单点登录(二、实现mysql验证登录)
菜鸟的专栏
04-29 2151
1.在上一篇(使用cas 6.03实现单点登录(一、cas服务端搭建))中搭建好的cas-server的pom.xml文件中引入下面两个包 <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-...
使用cas单点登录,web.xml配置
zhuhengli的博客
12-18 5064
1、 添加maven依赖   dependency> groupId>org.jasig.cas.clientgroupId>      artifactId>cas-client-coreartifactId> version>3.3.3version> dependency>   2、 web.xml添加一下项,以tms为例   filter> filter-name>s
cas java cli,单点登录--CAS认证--web.xml配置详解
weixin_36081148的博客
04-01 338
CAS Single Sign Out Filterorg.jasig.cas.client.session.SingleSignOutFilterCAS Single Sign Out Filter/*org.jasig.cas.client.session.SingleSignOutHttpSessionListenerCASFilterorg.jasig.cas.client.authent...
cas java客户端配置_cas单点登录配置client配置(java)
weixin_33902056的博客
02-13 377
需要登录验证的所有应用都通过在web.xml里面配置filter:有需要jar包cas-client-core-3.3.3.jar及log相关的jar包以下filter的配置顺序是固定的不能改变AuthenticationFilterTicketValidationFilterHttpServletRequestWrapperFilterAssertionThreadLocalFilter用户验证...
CAS单点登录配置全攻略
以下将详细讲解配置CAS单点登录涉及的关键步骤: 1. 单点登录认证配置:首先,你需要下载CAS客户端库,例如cas-client-3.2.1,并将其核心库`cas-client-core-3.2.1.jar`放入你的Web应用的`WEB-INF/lib`目录,并将其...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值