术语介绍:CAS :中心认证服务器;SSO 单点登录
1.生成密钥库文件: tomcat.keystore 和密钥证书: tomcat.cer
此两个文件是有JDK生成,在生成前删除JDK安装目录下:C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts
生成证书:cmd 生成证书
注:证书生成这里就不作详细的说明了,可以再百度自行查看
2.配置本机的hosts文件:10.10.112.42 sso.hz5i5j.com
3.修改Tomcat 的安全访问接口:
<Connector SSLEnabled="true" URIEncoding="UTF-8" clientAuth="false" keystoreFile="D:\key\tomcat.keystore" keystorePass="hz5i5j" maxThreads="150" port="18443" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslProtocol="TLS"/>
4.配置CAS Server服务端:
4.1 CAS官网下载 cas-3.5.2工程源码cas-server-3.5.2-release.zip ,下载后解压找到cas-server-webapp-3.5.2.war
4.2新建web工程cassso,把cas-server-webapp-3.5.2.war工程导入到cassso工程
4.3新建WEB1工程作为登录成功后访问的工程,在index.jsp页面表明是“WEB 首页”字样的文字
再在web配置文件添加单点登陆的配置内容如下:
<!-- ======================== 单点登录开始 ======================== -->
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置 start-->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- 该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置 end-->
<!-- 用于单点登录,该过滤器用于实现单点登入功能 start-->
<!-- 该过滤器负责用户的认证工作,必须启用它 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://sso.hz5i5j.com:18443/cassso/login</param-value>
<!--这里的server是服务端的IP -->
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://sso.hz5i5j.com:8090</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 用于单点登录,该过滤器用于实现单点登入功能 end-->
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://sso.hz5i5j.com:18443/cassso</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://sso.hz5i5j.com:8090</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- ======================== 单点登录结束 ======================== -->
4.4 配置成功之后启动cassso和web1着两个工程
访问:https://sso.hz5i5j.com:18443/cassso/login 进入sso登录页面输入 admin登录跳转到web1首页(casGenericSuccess.jsp对这个页面进行重定向<script type="text/javascript">window.location.href="https://sso.hz5i5j.com:18443/web1"</script>
),此时cassso工程部署完成
5.cassso连接数据
5.1 deployerConfigContext.xml文件中注释掉cas默认的认证方式 用户名=密码
<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
添加数据库配置
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName"><value>net.sourceforge.jtds.jdbc.Driver</value></property>
<property name="url"><value>jdbc:jtds:sqlserver://10.10.112.49:1433/wawjoa</value></property>
<property name="username"><value>sa</value></property>
<property name="password"><value>Sa123456</value></property>
</bean>
在注释掉默认认证方式的地方添加此配置
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource" ></property>
<property name="sql" value="select password from sys_user where name=? and isDel = 0 and isOnjob=1" ></property>
</bean>
5.2 配置好后重启服务重新登录就要是数据库中存在的用户登录了
1.生成密钥库文件: tomcat.keystore 和密钥证书: tomcat.cer
此两个文件是有JDK生成,在生成前删除JDK安装目录下:C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts
生成证书:cmd 生成证书
注:证书生成这里就不作详细的说明了,可以再百度自行查看
2.配置本机的hosts文件:10.10.112.42 sso.hz5i5j.com
3.修改Tomcat 的安全访问接口:
<Connector SSLEnabled="true" URIEncoding="UTF-8" clientAuth="false" keystoreFile="D:\key\tomcat.keystore" keystorePass="hz5i5j" maxThreads="150" port="18443" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslProtocol="TLS"/>
4.配置CAS Server服务端:
4.1 CAS官网下载 cas-3.5.2工程源码cas-server-3.5.2-release.zip ,下载后解压找到cas-server-webapp-3.5.2.war
4.2新建web工程cassso,把cas-server-webapp-3.5.2.war工程导入到cassso工程
4.3新建WEB1工程作为登录成功后访问的工程,在index.jsp页面表明是“WEB 首页”字样的文字
再在web配置文件添加单点登陆的配置内容如下:
<!-- ======================== 单点登录开始 ======================== -->
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置 start-->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- 该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置 end-->
<!-- 用于单点登录,该过滤器用于实现单点登入功能 start-->
<!-- 该过滤器负责用户的认证工作,必须启用它 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://sso.hz5i5j.com:18443/cassso/login</param-value>
<!--这里的server是服务端的IP -->
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://sso.hz5i5j.com:8090</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 用于单点登录,该过滤器用于实现单点登入功能 end-->
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://sso.hz5i5j.com:18443/cassso</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://sso.hz5i5j.com:8090</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- ======================== 单点登录结束 ======================== -->
4.4 配置成功之后启动cassso和web1着两个工程
访问:https://sso.hz5i5j.com:18443/cassso/login 进入sso登录页面输入 admin登录跳转到web1首页(casGenericSuccess.jsp对这个页面进行重定向<script type="text/javascript">window.location.href="https://sso.hz5i5j.com:18443/web1"</script>
),此时cassso工程部署完成
5.cassso连接数据
5.1 deployerConfigContext.xml文件中注释掉cas默认的认证方式 用户名=密码
<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
添加数据库配置
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName"><value>net.sourceforge.jtds.jdbc.Driver</value></property>
<property name="url"><value>jdbc:jtds:sqlserver://10.10.112.49:1433/wawjoa</value></property>
<property name="username"><value>sa</value></property>
<property name="password"><value>Sa123456</value></property>
</bean>
在注释掉默认认证方式的地方添加此配置
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource" ></property>
<property name="sql" value="select password from sys_user where name=? and isDel = 0 and isOnjob=1" ></property>
</bean>
5.2 配置好后重启服务重新登录就要是数据库中存在的用户登录了