从github上下载cas最新的server和client相关代码,这里就不多说了
1、项目导入与部署
首先将server代码导入到myeclipse下,项目部署到tomcat中。启动项目后尝试登入,登入配置默认在WEB-INF的deployerConfigContext.xml文件下有如下代码
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<property name="users">
<map>
<entry key="root" value="root"/>
</map>
</property>
</bean>
因为我是自己新建的maven项目再把server相关的代码拷贝过来,因此pom.xml的配置不一样,配置如下,其他文件和源码提供的一样
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>template</artifactId>
<groupId>com.xxx</groupId>
<version>1.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<packaging>war</packaging>
<artifactId>web-sso</artifactId>
<dependencies>
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-webapp-support</artifactId>
<version>${cas.version}</version>
<scope>compile</scope>
<exclusions>
<exclusion>
<artifactId>commons-logging</artifactId>
<groupId>commons-logging</groupId>
</exclusion>
<exclusion>
<artifactId>c3p0</artifactId>
<groupId>c3p0</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-support-jdbc</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>com.rjsoft</groupId>
<artifactId>template-ums</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
<version>${spring.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<type>jar</type>
<version>${jstl.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>taglibs</groupId>
<artifactId>standard</artifactId>
<version>1.1.2</version>
<type>jar</type>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-security-filter</artifactId>
<version>${cas-server-security-filter.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>com.ryantenney.metrics</groupId>
<artifactId>metrics-spring</artifactId>
<version>${metrics.spring.version}</version>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-jvm</artifactId>
<version>${metrics.version}</version>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-servlets</artifactId>
<version>${metrics.version}</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
<exclusion>
<artifactId>jackson-databind</artifactId>
<groupId>com.fasterxml.jackson.core</groupId>
</exclusion>
</exclusions>
</dependency>
<!--parent-->
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>${mockito.version}</version>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-core</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>${servlet.api.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<version>${aspectj.version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<version>${aspectj.version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>${javax.validation.version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>javax.el</groupId>
<artifactId>javax.el-api</artifactId>
<version>${javax.el-api.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.glassfish.web</groupId>
<artifactId>javax.el</artifactId>
<version>${javax.el-impl.version}</version>
<scope>runtime</scope>
<exclusions>
<exclusion>
<groupId>javax.el</groupId>
<artifactId>javax.el-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${slf4j.version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jul-to-slf4j</artifactId>
<version>${slf4j.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>${log4j.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>${log4j.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-slf4j-impl</artifactId>
<version>${log4j.version}</version>
<scope>runtime</scope>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-jcl</artifactId>
<version>${log4j.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.jasig.inspektr</groupId>
<artifactId>inspektr-aspects</artifactId>
<version>${inspektr.version}</version>
<scope>compile</scope>
<exclusions>
<exclusion>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<properties>
<!-- Dependency Versions -->
<cas.version>4.1.8</cas.version>
<spring.webflow.version>2.4.1.RELEASE</spring.webflow.version>
<spring.version>4.1.8.RELEASE</spring.version>
<spring.webflow.client.repo.version>1.0.0</spring.webflow.client.repo.version>
<ldaptive.version>1.0.7</ldaptive.version>
<spring.security.version>4.0.1.RELEASE</spring.security.version>
<javax.validation.version>1.1.0.Final</javax.validation.version>
<commons.jexl.version>1.1</commons.jexl.version>
<hibernate.validator.version>5.2.4.Final</hibernate.validator.version>
<hibernate.core.version>5.1.0.Final</hibernate.core.version>
<slf4j.version>1.7.21</slf4j.version>
<person.directory.version>1.7.0</person.directory.version>
<servlet.api.version>3.0.1</servlet.api.version>
<jpa.version>2.0-cr-1</jpa.version>
<metrics.version>3.1.2</metrics.version>
<commons.codec.version>1.10</commons.codec.version>
<metrics.spring.version>3.1.0</metrics.spring.version>
<log4j.version>2.3</log4j.version>
<junit.version>4.12</junit.version>
<checkstyle.version>6.7</checkstyle.version>
<commons.lang.version>3.4</commons.lang.version>
<commons.collections.version>4.0</commons.collections.version>
<inspektr.version>1.3.GA</inspektr.version>
<commons.io.version>2.4</commons.io.version>
<mockito.version>1.10.19</mockito.version>
<ehcache.version>2.10.0</ehcache.version>
<hsqldb.version>2.3.2</hsqldb.version>
<apache.httpclient.version>4.4.1</apache.httpclient.version>
<joda-time.version>2.8.1</joda-time.version>
<cas.client.version>3.4.1</cas.client.version>
<quartz.version>2.2.1</quartz.version>
<reflections.version>0.9.10</reflections.version>
<apache.shiro.version>1.2.3</apache.shiro.version>
<jackson.databind.version>2.5.3</jackson.databind.version>
<uboundid.ldapsdk.version>2.3.8</uboundid.ldapsdk.version>
<opensaml.version>3.1.1</opensaml.version>
<xml.apis.version>1.4.01</xml.apis.version>
<jstl.version>1.2</jstl.version>
<openid4java.version>0.9.8</openid4java.version>
<cas-server-security-filter.version>2.0.4</cas-server-security-filter.version>
<google.guava.version>18.0</google.guava.version>
<jcache.version>1.0.0</jcache.version>
<jcache.ri.version>1.0.0</jcache.ri.version>
<javax.el-api.version>3.0.0</javax.el-api.version>
<javax.el-impl.version>2.2.6</javax.el-impl.version>
<jersey.version>1.19</jersey.version>
<jose.version>0.4.1</jose.version>
<c3p0.version>0.9.5.1</c3p0.version>
<woodstox.version>4.4.1</woodstox.version>
<pac4j.version>1.7.1</pac4j.version>
<bouncycastle.version>1.51</bouncycastle.version>
<dbcp.version>2.1</dbcp.version>
<hazelcast.version>3.5</hazelcast.version>
<cryptacular.version>1.0</cryptacular.version>
<!-- Plugin Versions -->
<maven-javadoc-plugin.version>2.10.3</maven-javadoc-plugin.version>
<maven-versions-plugin.version>2.2</maven-versions-plugin.version>
<maven-source-plugin.version>2.4</maven-source-plugin.version>
<maven-pmd-plugin.version>3.4</maven-pmd-plugin.version>
<maven-jxr-plugin.version>2.5</maven-jxr-plugin.version>
<maven-projectinfo-reports-plugin.version>2.8</maven-projectinfo-reports-plugin.version>
<maven-taglist-plugin.version>2.4</maven-taglist-plugin.version>
<maven-surefire-plugin.version>2.18.1</maven-surefire-plugin.version>
<maven-checkstyle-plugin.version>2.15</maven-checkstyle-plugin.version>
<maven-enforcer-plugin.version>1.4</maven-enforcer-plugin.version>
<maven-assembly-plugin.version>2.5.5</maven-assembly-plugin.version>
<maven-aspectj-plugin.version>1.7</maven-aspectj-plugin.version>
<maven-antrun-plugin.version>1.8</maven-antrun-plugin.version>
<maven-findbugs-plugin.version>3.0.1</maven-findbugs-plugin.version>
<maven-findbugs-contrib-plugin.version>6.2.1</maven-findbugs-contrib-plugin.version>
<maven-findbugs-security-plugin.version>1.4.1</maven-findbugs-security-plugin.version>
<maven-buildnumber-plugin-version>1.3</maven-buildnumber-plugin-version>
<maven-resources-plugin.version>2.7</maven-resources-plugin.version>
<maven-jetty-plugin.version>9.3.0.v20150612</maven-jetty-plugin.version>
<!-- Project configuration -->
<project.build.sourceVersion>1.7</project.build.sourceVersion>
<project.build.targetVersion>1.7</project.build.targetVersion>
<maven.compiler.aspectj.skip>false</maven.compiler.aspectj.skip>
<maven.build.timestamp.format>yyyy-MM-dd HH:mm:ssa</maven.build.timestamp.format>
<cs.dir>${project.basedir}</cs.dir>
<issues.projectKey>CAS</issues.projectKey>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<project.site.deployDirectory>/tmp/cas-deploy-site</project.site.deployDirectory>
</properties>
</project>
尝试使用配置的账户登入成功说明部署成功了。
2、服务端数据库校验方式的修改deployerConfigContext.xml
首先注释掉配置文件中一下bean的配置
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<property name="users">
<map>
<entry key="root" value="root"/>
</map>
</property>
</bean>
新增数据库连接池和相关校验的配置
<!-- 数据源 -->
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="init" destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<property name="url" value="jdbc:mysql://127.0.0.1:3306/cas?useUnicode=true&characterEncoding=UTF-8"/>
<property name="username" value="root"/>
<property name="password" value="root"/>
<property name="filters" value="stat"/>
<property name="maxActive" value="20"/>
<property name="initialSize" value="1"/>
<property name="maxWait" value="60000"/>
<property name="minIdle" value="1"/>
<property name="timeBetweenEvictionRunsMillis" value="60000"/>
<property name="minEvictableIdleTimeMillis" value="300000"/>
<property name="validationQuery" value="SELECT 'x'"/>
<property name="testWhileIdle" value="true"/>
<property name="testOnBorrow" value="false"/>
<property name="testOnReturn" value="false"/>
</bean>
<!-- 密码加密方式-->
<bean id="passwordEncoder"
class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
c:encodingAlgorithm="MD5"
p:characterEncoding="UTF-8" />
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
p:dataSource-ref="dataSource"
p:sql="select password from t_user where username=? "
/>
3、配置登入后获取用户属性放回给客户端
服务器通过bean名称为primaryPrincipalResolver的类来获取登入用户相关信息
默认具体实现类是org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver
<bean id="primaryPrincipalResolver"
class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" >
<property name="attributeRepository" ref="attributeRepository" />
</bean>
通过查看源码关键是如下代码
final IPersonAttributes personAttributes = this.attributeRepository.getPerson(principalId);
因此关键是attributeRepository的实现类
默认配置
<bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"
p:backingMap-ref="attrRepoBackingMap" />
<util:map id="attrRepoBackingMap">
<entry key="uid" value="uid" />
<entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
<entry key="groupMembership" value="groupMembership" />
</util:map>
修改具体实现即可自定义返回的属性
上述修改后还需要修改如下配置
<bean class="org.jasig.cas.services.RegexRegisteredService"
p:id="0" p:name="HTTP and IMAP" p:description="Allows HTTP(S) and IMAP(S) protocols"
p:serviceId="^(https?|imaps?)://.*" p:evaluationOrder="10000001" />
加上属性
p:ignoreAttributes="true"
才可生效,这种方式是返回所有属性,也可根据正则表达式来过滤,具体代码可以看
org.jasig.cas.CentralAuthenticationServiceImpl.validateServiceTicket(String, Service)这个方法中处理
服务器回传的信息是回传xml信息,页面在
/server Maven Webapp/src/main/webapp/WEB-INF/view/jsp/protocol/3.0/casServiceValidationSuccess.jsp
或
/server Maven Webapp/src/main/webapp/WEB-INF/view/jsp/protocol/2.0/casServiceValidationSuccess.jsp
具体页面看客户端的校验配置
使用3.0下的页面才会回传属性
修改
WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml
下的配置文件主要是修改cookie存活时间,默认是-1
3、客户端配置
就不多说配置文件中每个类的作用了,github都有说明,直接上配置
源码地址https://github.com/UniconLabs/cas-sample-java-webapp.git
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<!--
CAS Authentication Filter
校验流程:
1、先校验本地session中是否有CONST_CAS_ASSERTION属性,有则通过
2、如果不存在CONST_CAS_ASSERTION属性则向单点登入服务器获取ticket,有则通过
3、如果没有ticket则重定向到单点登入页面
-->
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<!-- <filter-class>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class> -->
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://localhost:8080/cas-server/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080/cas-webClient</param-value>
</init-param>
</filter>
<!--
CAS Validation Filter
校验流程:
1、先尝试从单点登入服务器获取ticket
2、存在ticket则校验是否合法,合法则通过,不合法重定向到登入页面
3、没有ticket则直接通过
-->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<!-- <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class> -->
<filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://localhost:8080/cas-server</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080/cas-webClient</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>true</param-value>
</init-param>
<!-- <init-param>
<param-name>acceptAnyProxy</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>proxyReceptorUrl</param-name>
<param-value>/cas-sample-java-webapp/proxyUrl</param-value>
</init-param>
<init-param>
<param-name>proxyCallbackUrl</param-name>
<param-value>http://localhost:8080/cas-server</param-value>
</init-param> -->
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>
index.jsp
</welcome-file>
</welcome-file-list>
</web-app>
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>iamlabs.unicon.net</groupId>
<artifactId>cas-sample-java-webapp</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<name>CAS Example Java Web App</name>
<description>A sample web application that exercises the CAS protocol features via the Java CAS Client.</description>
<build>
<finalName>cas-sample-java-webapp</finalName>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.5.1</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.1</version>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.16</version>
</dependency>
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>opensaml1</artifactId>
<version>1.1</version>
</dependency>
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.4.0</version>
<exclusions>
<exclusion>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.6</version>
</dependency>
<dependency>
<groupId>org.apache.santuario</groupId>
<artifactId>xmlsec</artifactId>
<version>1.4.3</version>
</dependency>
</dependencies>
</project>
自行修改下web.xml自己的服务器地址和客户端地址
运行项目后访问客户端直接跳转到对应的服务器,登入成功后再跳回客户端
成功登入后页面
其他细节:
修改cas server 默认语言为中文:
修改文件cas-server.xml
<!-- Locale Resolver -->
<bean id="localeResolver" class="org.springframework.web.servlet.i18n.CookieLocaleResolver" p:defaultLocale="zh_CN" />