本文详细介绍CAS单点登录系统的安装配置步骤,包括服务器端Tomcat的设置与客户端Spring MVC项目的整合。涵盖证书生成、Tomcat配置修改、客户端依赖及过滤器配置等内容。
下载 cas-server 4.4.0 http://download.youkuaiyun.com/download/knight_black_bob/9698176
cas-server & tomcat http://download.youkuaiyun.com/download/knight_black_bob/9698717
cas client springmvc http://download.youkuaiyun.com/download/knight_black_bob/9698720
代码已上传 ,
其中 springmvc +hibernate 封装的非常好用,大家可以学习下
1.生成 钥匙串
keytool -genkey -alias tomcat -keypass changeit -keyalg RSA -keystore server.keystore 
2.生成证书
keytool -export -alias tomcat -keypass changeit -file server.crt -keystore server.keystore 
3.生成服务器 认证
keytool -import -alias tomcat -file server.crt -keypass changeit -keystore cacerts 
4.生成 jre 客户端认证 (切换到 jre 目录,最好在 jdk 和jre 目录下 都执行这样 eclipse 跑的 项目可以 运行)
keytool -import -alias tomcat -file server.crt -keypass changeit -keystore cacerts 
5.查看客户端认证
keytool -list -keystore cacerts
6.修改 服务器端tomcat 配置
部署服务器端:
下载 http://developer.jasig.org/cas/ 下载 cas-server-4.0.0-release.zip
或者 http://download.youkuaiyun.com/download/knight_black_bob/9698176
解压 后选择 modules /cas-server-webapp-4.0.0.war 修改成 cas.war 放到 tomcat 中 修改 server.xml
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="I:/software/tomcat-cas/server.keystore" keystorePass="changeit"
truststoreFile="I:/software/Java/jdk1.7.0_72/jre/lib/security/cacerts" truststorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
7. 在 host (C:\Windows\System32\drivers\etc) 中添加 host (有代理的项目去掉该代理)
127.0.0.1 sso.baoyou.com
8.验证 服务端 部署
https://sso.baoyou.com:8443/
9. 验证 客户端
客户端 部署:
1. 添加pom
<cas.version>3.1.12</cas.version>
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>${cas.version}</version>
</dependency>2.添加 web.xml
<!-- ======================== 单点登录开始 ======================== -->
<!-- CAS退出url -->
<context-param>
<param-name>casServerLogoutUrl</param-name>
<param-value>https://sso.baoyou.com:8443/cas/logout</param-value>
</context-param>
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置-->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- 该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<servlet-name>springmvc</servlet-name>
</filter-mapping>
<!-- 该过滤器负责用户的认证工作,必须启用它 ,CAS 客户端配置 这个filter负责对请求进行登录验证拦截 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://sso.baoyou.com:8443/cas/login</param-value>
<!--这里的server是服务端的IP-->
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8083</param-value>
</init-param>
<init-param>
<param-name>renew</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>gateway</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<servlet-name>springmvc</servlet-name>
</filter-mapping>
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://sso.baoyou.com:8443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8083</param-value>
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<servlet-name>springmvc</servlet-name>
</filter-mapping>
<!-- 该过滤器负责实现HttpServletRequest请求的包裹,
比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。 -->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<servlet-name>springmvc</servlet-name>
</filter-mapping>
<!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
比如AssertionHolder.getAssertion().getPrincipal().getName()。 -->
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<servlet-name>springmvc</servlet-name>
</filter-mapping>
<!-- ======================== 单点登录结束 ======================== -->
http://localhost:8083/springmvchibernate/web/user/new
在cas\WEB-INF\deployerConfigContext.xml
中添加 用户 登陆
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<property name="users">
<map>
<entry key="casuser" value="Mellon"/>
<entry key="baoyou" value="baoyou"/>
</map>
</property>
</bean>
捐助开发者
在兴趣的驱动下,写一个免费的东西,有欣喜,也还有汗水,希望你喜欢我的作品,同时也能支持一下。 当然,有钱捧个钱场(右上角的爱心标志,支持支付宝和PayPal捐助),没钱捧个人场,谢谢各位。
谢谢您的赞助,我会做的更好!
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
