版權聲明:本文為博主原創文章,未經博主允許不得轉載。
1,安全證書配置
CAS默認使用HTTPS協議,如果對安全要求不高,可使用HTTP協議。
修改為HTTP協議的步驟如下:
修改deployerConfigContext.xml 增加參數p:requireSecure="false",意為:不需要安全驗證。
- <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"p:httpClient-ref="httpClient"
- p:requireSecure="false"/>
修改 ticketGrantingTicketCookieGenerator.xml (路徑:cas/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml)中ticketGrantingTicketCookieGeneratorp:cookieSecure 屬性的值改為 false。
- <bean id="ticketGrantingTicketCookieGenerator"class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
- p:cookieSecure="false"p:cookieMaxAge="-1" p:cookieName="CASTGC"p:cookiePath="/cas" />
2,部署服務端CAS-Server
CAS-Server下載地址:http://www.jasig.org/cas/download
解壓cas-server-3.4.11-release.zip提取cas-server-3.4.11/modules/cas-server-webapp-3.4.11.war文件,把改文件copy到Tomcat下,如,D:\tomacat-casServer\webapps\目下,並重命名為:cas.war.
啟動tomacat-casServer,在瀏覽器地址欄輸入:http://localhost:8080/cas/login ,回車
CAS-server的默認驗證規則:只要用戶名和密碼相同就認證通過(僅僅用於測試,生成環境需要根據實際情況修改),輸入admin/admin點擊登錄,就可以看到登錄成功的頁面:
CAS-Server部署成功。
3,部署CAS-Client
CAS-Client下載地址:http://downloads.jasig.org/cas-clients/
(1)解壓cas-client-3.2.1-release.zip提取cas-client-3.2.1/modules/cas-client-core-3.2.1.jar
(2)以tomcat默認自帶的 webapps\examples項目作為客戶端
(3)安裝配置 tomcat-client1
解壓apache-tomcat-7.0.6並重命名為tomcat-client1
,修改tomcat的啟動端口(共計5處),在文件conf/server.xml文件找到如下內容:
- <Server port="8005" shutdown="SHUTDOWN">
- <Connector port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" />
- <Connector port="8009" protocol="AJP/1.3"redirectPort="8443" />
修改成如下:
- <Server port="18005" shutdown="SHUTDOWN">
- <Connector port="18080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="18443" />
- <Connector port="18009" protocol="AJP/1.3"redirectPort="18443" />
(4)啟動tomcat-app1,瀏覽器輸入http://localhost:18080/examples/servlets/回車:
tomcat-client的配置成功。
(5)復制 client的lib包cas-client-core-3.2.1.jar和commons-logging-1.1.jar到tomcat-client\webapps\examples\WEB-INF\lib\目錄下,在tomcat-client\webapps\examples\WEB-INF\web.xml 文件中添加如下配置:
- <!-----------------單點登錄開始---------------------------->
- <!--用於單點退出,該過濾器用於實現單點登出功能,可選配置-->
- <listener>
- <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
- </listener>
- <!--該過濾器用於實現單點登出功能,可選配置。 -->
- <filter>
- <filter-name>CASSingle Sign Out Filter</filter-name>
- <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>CASSingle Sign Out Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <filter>
- <filter-name>CASFilter</filter-name>
- <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
- <init-param>
- <param-name>casServerLoginUrl</param-name>
- <param-value>https://demo.micmiu.com:8443/cas/login</param-value>
- </init-param>
- <init-param>
- <param-name>serverName</param-name>
- <param-value>http://app1.micmiu.com:18080</param-value>
- </init-param>
- </filter>
- <filter-mapping>
- <filter-name>CASFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!--該過濾器負責對Ticket的校驗工作,必須啟用它 -->
- <filter>
- <filter-name>CASValidation Filter</filter-name>
- <filter-class>
- org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
- <init-param>
- <param-name>casServerUrlPrefix</param-name>
- <param-value>https://demo.micmiu.com:8443/cas</param-value>
- </init-param>
- <init-param>
- <param-name>serverName</param-name>
- <param-value>http://app1.micmiu.com:18080</param-value>
- </init-param>
- </filter>
- <filter-mapping>
- <filter-name>CASValidation Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!--
- 該過濾器負責實現HttpServletRequest請求的包裹,
- 比如允許開發者通過HttpServletRequest的getRemoteUser()方法獲得SSO登錄用戶的登錄名,可選配置。
- -->
- <filter>
- <filter-name>CASHttpServletRequest Wrapper Filter</filter-name>
- <filter-class>
- org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>CASHttpServletRequest Wrapper Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!--
- 該過濾器使得開發者可以通過org.jasig.cas.client.util.AssertionHolder來獲取用戶的登錄名。
- 比如AssertionHolder.getAssertion().getPrincipal().getName()。
- -->
- <filter>
- <filter-name>CASAssertion Thread Local Filter</filter-name>
- <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>CASAssertion Thread Local Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!--------------------------------單點登錄結束 ------------------------------->
(6)
安裝配置 tomcat-client2
解壓apache-tomcat-7.0.6並重命名為tomcat-client2
,修改tomcat的啟動端口(共計5處),在文件conf/server.xml文件找到如下內容:
- <Server port="8005" shutdown="SHUTDOWN">
- <Connector port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" />
- <Connector port="8009" protocol="AJP/1.3"redirectPort="8443" />
修改成如下:
- <Server port="28005" shutdown="SHUTDOWN">
- <Connector port="28080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="28443" />
- <Connector port="28009" protocol="AJP/1.3"redirectPort="28443" />
以下其他步驟同配置tomcat-client1
4,測試SSO
分別啟動tomcat-casServer、tomcat-client1、tomcat-client2
測試流程:打開client1 url —->跳轉cas server 驗證 —->顯示client1 的應用 —->打開client2 url —-> 顯示client2應用 —->注銷cas server —->打開client1/client2 url—->重新跳轉到cas server驗證.
動手操作,觀察單點登錄效果。