springmvc cas maven sso 详解

 

下载 cas-server 4.4.0 http://download.youkuaiyun.com/download/knight_black_bob/9698176 

 cas-server & tomcat   http://download.youkuaiyun.com/download/knight_black_bob/9698717

cas client springmvc  http://download.youkuaiyun.com/download/knight_black_bob/9698720

 

代码已上传 ，

其中 springmvc +hibernate 封装的非常好用，大家可以学习下 

 

 

1.生成 钥匙串

Java代码  

1. keytool -genkey -alias tomcat -keypass changeit -keyalg RSA -keystore server.keystore  

 

 

2.生成证书

Java代码  

1. keytool -export -alias tomcat -keypass changeit -file server.crt -keystore server.keystore  

 

 

3.生成服务器 认证

Java代码  

1. keytool -import -alias tomcat -file server.crt -keypass changeit -keystore  cacerts  

 

 

 

4.生成 jre 客户端认证 (切换到 jre 目录，最好在 jdk  和jre 目录下 都执行这样 eclipse 跑的 项目可以 运行) 

Java代码  

1. keytool -import -alias tomcat -file server.crt -keypass changeit -keystore cacerts  

 

 

5.查看客户端认证

Java代码  

1. keytool -list -keystore cacerts  

 

6.修改 服务器端tomcat  配置

 

部署服务器端：

下载 http://developer.jasig.org/cas/    下载 cas-server-4.0.0-release.zip 

或者  http://download.youkuaiyun.com/download/knight_black_bob/9698176 

解压 后选择 modules /cas-server-webapp-4.0.0.war  修改成 cas.war 放到 tomcat  中 修改 server.xml 

 

 

Java代码  

1. <Connector protocol="org.apache.coyote.http11.Http11Protocol"   
2. port="8443" minSpareThreads="5" maxSpareThreads="75"   
3. enableLookups="true" disableUploadTimeout="true"   
4. acceptCount="100" maxThreads="200"   
5. scheme="https" secure="true" SSLEnabled="true"   
6. keystoreFile="I:/software/tomcat-cas/server.keystore" keystorePass="changeit"  
7. truststoreFile="I:/software/Java/jdk1.7.0_72/jre/lib/security/cacerts"   truststorePass="changeit"  
8. clientAuth="false" sslProtocol="TLS"/>  

 

7. 在 host （C:\Windows\System32\drivers\etc） 中添加 host （有代理的项目去掉该代理）

Java代码  

1. 127.0.0.1 sso.baoyou.com   

 

 

8.验证 服务端 部署 

 https://sso.baoyou.com:8443/

 

 

 9. 验证 客户端 

 

客户端 部署：

1. 添加pom 

Java代码  

1. <cas.version>3.1.12</cas.version>  
2. <dependency>  
3.             <groupId>org.jasig.cas.client</groupId>  
4.             <artifactId>cas-client-core</artifactId>  
5.             <version>${cas.version}</version>  
6.         </dependency>  

 2.添加 web.xml

Java代码  

1. <!-- ======================== 单点登录开始 ======================== -->  
2.         <!-- CAS退出url -->  
3.           <context-param>  
4.               <param-name>casServerLogoutUrl</param-name>  
5.               <param-value>https://sso.baoyou.com:8443/cas/logout</param-value>  
6.           </context-param>  
7.         <!-- 用于单点退出，该过滤器用于实现单点登出功能，可选配置-->  
8.         <listener>  
9.         　　<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>  
10.         </listener>  
11.           
12.         <!-- 该过滤器用于实现单点登出功能，可选配置。 -->  
13.         <filter>  
14.         　　<filter-name>CAS Single Sign Out Filter</filter-name>  
15.         　　<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>  
16.         </filter>  
17.         <filter-mapping>  
18.         　　<filter-name>CAS Single Sign Out Filter</filter-name>  
19.         　　<servlet-name>springmvc</servlet-name>  
20.         </filter-mapping>  
21.           
22.         <!-- 该过滤器负责用户的认证工作，必须启用它   ,CAS 客户端配置 这个filter负责对请求进行登录验证拦截 -->  
23.         <filter>  
24.         　　<filter-name>CASFilter</filter-name>  
25.         　　<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>  
26.         　　<init-param>  
27.         　　　　<param-name>casServerLoginUrl</param-name>  
28.         　　　　<param-value>https://sso.baoyou.com:8443/cas/login</param-value>  
29.         　　　　<!--这里的server是服务端的IP-->  
30.         　　</init-param>  
31.         　　<init-param>  
32.         　　　　<param-name>serverName</param-name>  
33.         　　　　<param-value>http://localhost:8083</param-value>  
34.         　　</init-param>  
35.             <init-param>  
36.               <param-name>renew</param-name>  
37.               <param-value>false</param-value>  
38.             </init-param>  
39.             <init-param>  
40.               <param-name>gateway</param-name>  
41.               <param-value>false</param-value>  
42.             </init-param>  
43.         </filter>  
44.         <filter-mapping>  
45.         　　<filter-name>CASFilter</filter-name>  
46.         　　<servlet-name>springmvc</servlet-name>  
47.         </filter-mapping>  
48.           
49.         <!-- 该过滤器负责对Ticket的校验工作，必须启用它 -->  
50.         <filter>  
51.         　　<filter-name>CAS Validation Filter</filter-name>  
52.         　　<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>  
53.         　　<init-param>  
54.         　　　　<param-name>casServerUrlPrefix</param-name>  
55.         　　　　<param-value>https://sso.baoyou.com:8443/cas</param-value>  
56.         　　</init-param>  
57.         　　<init-param>  
58.         　　　　<param-name>serverName</param-name>  
59.         　　　　<param-value>http://localhost:8083</param-value>  
60.         　　</init-param>  
61.             <init-param>  
62.               <param-name>useSession</param-name>  
63.               <param-value>true</param-value>  
64.             </init-param>  
65.             <init-param>  
66.               <param-name>redirectAfterValidation</param-name>  
67.               <param-value>true</param-value>  
68.             </init-param>  
69.         </filter>  
70.         <filter-mapping>  
71.         　　<filter-name>CAS Validation Filter</filter-name>  
72.         　　<servlet-name>springmvc</servlet-name>  
73.         </filter-mapping>  
74.   
75.         <!-- 该过滤器负责实现HttpServletRequest请求的包裹，   
76.            比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名，可选配置。 -->  
77.         <filter>  
78.             <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>  
79.             <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>  
80.         </filter>  
81.         <filter-mapping>  
82.             <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>  
83.             <servlet-name>springmvc</servlet-name>  
84.         </filter-mapping>  
85.   
86.         <!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。  
87.             比如AssertionHolder.getAssertion().getPrincipal().getName()。 -->  
88.         <filter>  
89.             <filter-name>CAS Assertion Thread Local Filter</filter-name>  
90.             <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>  
91.         </filter>  
92.         <filter-mapping>  
93.             <filter-name>CAS Assertion Thread Local Filter</filter-name>  
94.             <servlet-name>springmvc</servlet-name>  
95.         </filter-mapping>  
96.   
97.         <!-- ======================== 单点登录结束 ======================== -->  

  

 

 

 

http://localhost:8083/springmvchibernate/web/user/new

 

 

在cas\WEB-INF\deployerConfigContext.xml

中添加  用户 登陆

Java代码  

1. <bean id="primaryAuthenticationHandler"  
2.          class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">  
3.        <property name="users">  
4.            <map>  
5.                <entry key="casuser" value="Mellon"/>  
6.     <entry key="baoyou" value="baoyou"/>  
7.            </map>  
8.        </property>  
9.    </bean>