最近公司有項目需要做單點登錄,根據要求就寫下這篇從github上下載的包到項目編譯通過,再到修改原代碼實現自己的特殊邏輯。
前提:
java環境
tomcat環境
maven環境
MyEclipse開發環境
一、cas項目構建方式匯總
cas-4.2.0以后(包括4.2.0)使用gradle構建
二、怎樣構建一個自定義的cas源碼項目
2.1 資源地址
官網:https://www.apereo.org/projects/cas
源碼:https://github.com/Jasig/cas
https://github.com/Jasig/java-cas-client(后面要用到)
PS: 我這里演示的cas-server版本是Maven版的4.0.5
2.2 下載源碼並轉成項目代碼
從https://github.com/apereo/cas/releases?after=v4.1.0下載cas-4.0.5的源碼Source code (zip),然后解壓放至你的workspace中。打開命令窗口,進入cas項目的根目錄(E:\me_workspace2\cas-4.0.5>),鍵入命令mvn eclipse:eclipse,回車,讓它飛一會,結束后你就可以。然后你可以使用MyEclipse導入項目了,如下圖:
2.3 將源碼編譯成war包
在命令窗口執行E:\me_workspace2\cas-4.0.5>mvn install -DskipTests,等待若干分鍾后\cas-4.0.5\cas-server-webapp\target\目錄下未發現生成cas.war 文件,並且發現下文的問題1,並且在問題1中得到你想要的war包。
2.4 怎樣將構建一個帶有源碼的cas項目
將cas.war包修改擴展名,cas.zip,解壓。得到一堆文件。
新建一個Web項目,並將解壓好的文件放入項目中,\WEB-INF\classes目錄下文件統統放入src目錄下,其他的文件根據下圖自行拷貝。
這樣的話,你就可以部署到Tomcat中運行了,localhost:8080/項目名。
2.5 新增數據庫
這里使用SQLserver數據庫,配置文件在WEB-INF目錄下的deployerConfigContext.xml文件,內容如下:
1 <?xml version="1.0" encoding="UTF-8"?> 2 <!-- 3 4 Licensed to Jasig under one or more contributor license 5 agreements. See the NOTICE file distributed with this work 6 for additional information regarding copyright ownership. 7 Jasig licenses this file to you under the Apache License, 8 Version 2.0 (the "License"); you may not use this file 9 except in compliance with the License. You may obtain a 10 copy of the License at the following location: 11 12 http://www.apache.org/licenses/LICENSE-2.0 13 14 Unless required by applicable law or agreed to in writing, 15 software distributed under the License is distributed on an 16 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 17 KIND, either express or implied. See the License for the 18 specific language governing permissions and limitations 19 under the License. 20 21 --> 22 <!-- 23 | deployerConfigContext.xml centralizes into one file some of the declarative configuration that 24 | all CAS deployers will need to modify. 25 | 26 | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment. 27 | The beans declared in this file are instantiated at context initialization time by the Spring 28 | ContextLoaderListener declared in web.xml. It finds this file because this 29 | file is among those declared in the context parameter "contextConfigLocation". 30 | 31 | By far the most common change you will need to make in this file is to change the last bean 32 | declaration to replace the default authentication handler with 33 | one implementing your approach for authenticating usernames and passwords. 34 +--> 35 36 <beans xmlns="http://www.springframework.org/schema/beans" 37 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 38 xmlns:p="http://www.springframework.org/schema/p" 39 xmlns:c="http://www.springframework.org/schema/c" 40 xmlns:tx="http://www.springframework.org/schema/tx" 41 xmlns:util="http://www.springframework.org/schema/util" 42 xmlns:sec="http://www.springframework.org/schema/security" 43 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd 44 http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd 45 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd 46 http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"> 47 48 <!-- 49 | The authentication manager defines security policy for authentication by specifying at a minimum 50 | the authentication handlers that will be used to authenticate credential. While the AuthenticationManager 51 | interface supports plugging in another implementation, the default PolicyBasedAuthenticationManager should 52 | be sufficient in most cases. 53 +--> 54 <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> 55 <constructor-arg> 56 <map> 57 <!-- 58 | IMPORTANT 59 | Every handler requires a unique name. 60 | If more than one instance of the same handler class is configured, you must explicitly 61 | set its name to something other than its default name (typically the simple class name). 62 --> 63 <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> 64 <!--原始配置--> 65 <!--<entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />--> 66 <!--接入自定義數據庫--> 67 <entry key-ref="dbAuthenticationHandler" value-ref="primaryPrincipalResolver" /> 68 69 </map> 70 </constructor-arg> 71 72 <!-- Uncomment the metadata populator to allow clearpass to capture and cache the password 73 This switch effectively will turn on clearpass. 74 <property name="authenticationMetaDataPopulators"> 75 <util:list> 76 <bean class="org.jasig.cas.extension.clearpass.CacheCredentialsMetaDataPopulator" 77 c:credentialCache-ref="encryptedMap" /> 78 </util:list> 79 </property> 80 --> 81 82 <!-- 83 | Defines the security policy around authentication. Some alternative policies that ship with CAS: 84 | 85 | * NotPreventedAuthenticationPolicy - all credential must either pass or fail authentication 86 | * AllAuthenticationPolicy - all presented credential must be authenticated successfully 87 | * RequiredHandlerAuthenticationPolicy - specifies a handler that must authenticate its credential to pass 88 --> 89 <property name="authenticationPolicy"> 90 <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" /> 91 </property> 92 </bean> 93 94 <!-- Required for proxy ticket mechanism. --> 95 <!--默認配置:開啟SSL--> 96 <bean id="proxyAuthenticationHandler" 97 class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" 98 p:httpClient-ref="httpClient" /> 99 <!--新配置關閉SSL 100 <bean id="proxyAuthenticationHandler" 101 class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" 102 p:httpClient-ref="httpClient" p:requireSecure="false"/> 103 --> 104 105 <!-- 106 | TODO: Replace this component with one suitable for your enviroment. 107 | 108 | This component provides authentication for the kind of credential used in your environment. In most cases 109 | credential is a username/password pair that lives in a system of record like an LDAP directory. 110 | The most common authentication handler beans: 111 | 112 | * org.jasig.cas.authentication.LdapAuthenticationHandler 113 | * org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler 114 | * org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler 115 | * org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler 116 --> 117 <!--默認配置:直接配置賬號密碼--> 118 <!-- 119 <bean id="primaryAuthenticationHandler" 120 class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler"> 121 <property name="users"> 122 <map> 123 <entry key="casuser" value="Mellon"/> 124 <entry key="castest" value="castest"/> 125 </map> 126 </property> 127 </bean> 128 --> 129 130 <bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"> 131 <property name="sql" value="select password from ucenter_user where username=? " /> 132 <property name="dataSource" ref="dataSource" /> 133 </bean> 134 135 136 <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> 137 <!--MySql數據庫認證--> 138 <!-- 139 <property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property> 140 <property name="url"><value>jdbc:mysql://192.168.0.58:3306/cassso</value></property> 141 <property name="username"><value>metro_monitor</value></property> 142 <property name="password"><value>123456</value></property> 143 --> 144 <!--MsSql數據庫認證--> 145 <property name="driverClassName"><value>com.microsoft.sqlserver.jdbc.SQLServerDriver</value></property> 146 <property name="url"><value>jdbc:sqlserver://192.168.0.58:1433;DatabaseName=CasSso</value></property> 147 <property name="username"><value>sa</value></property> 148 <property name="password"><value>123456</value></property> 149 </bean> 150 151 <!--Mysql密碼加密--> 152 <bean id="passwordEncoder" 153 class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" 154 c:encodingAlgorithm="MD5" 155 p:characterEncoding="UTF-8" /> 156 157 <!--驗證處理--> 158 <bean id="dbAuthenticationHandler" 159 class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"> 160 <property name="dataSource" ref="dataSource"></property> 161 <property name="sql" value="select LoginPassword as password from ssoaccount where LoginAccount=? "></property> 162 <property name="passwordEncoder" ref="passwordEncoder"></property> 163 </bean> 164 165 <!-- Required for proxy ticket mechanism --> 166 <bean id="proxyPrincipalResolver" 167 class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" /> 168 169 <!-- 170 | Resolves a principal from a credential using an attribute repository that is configured to resolve 171 | against a deployer-specific store (e.g. LDAP). 172 --> 173 <bean id="primaryPrincipalResolver" 174 class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" > 175 <property name="attributeRepository" ref="attributeRepository" /> 176 </bean> 177 178 <!-- 179 Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation 180 may go against a database or LDAP server. The id should remain "attributeRepository" though. 181 +--> 182 <!--注釋掉默認配置 183 <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao" 184 p:backingMap-ref="attrRepoBackingMap" /> 185 186 <util:map id="attrRepoBackingMap"> 187 <entry key="uid" value="uid" /> 188 <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> 189 <entry key="groupMembership" value="groupMembership" /> 190 </util:map> 191 --> 192 <!-- 此處為增加部分 start --> 193 <bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao" > 194 <constructor-arg index="0" ref="dataSource"/> 195 <constructor-arg index="1" value="SELECT * FROM ssoaccount WHERE {0}"/> 196 <property name="queryAttributeMapping"> 197 <map> 198 <!-- key對應登錄信息, vlaue對應數據庫字段 --> 199 <entry key="username" value="LoginAccount"/> 200 </map> 201 </property> 202 <property name="resultAttributeMapping"> 203 <map> 204 <!-- key對應數據庫字段 value對應attribute中的key --> 205 <entry key="Sex" value="Sex"/> 206 <entry key="Address" value="Address"/> 207 </map> 208 </property> 209 </bean> 210 <!-- 此處為增加部分 end --> 211 <!-- 212 Sample, in-memory data store for the ServiceRegistry. A real implementation 213 would probably want to replace this with the JPA-backed ServiceRegistry DAO 214 The name of this bean should remain "serviceRegistryDao". 215 +--> 216 <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" 217 p:registeredServices-ref="registeredServicesList" /> 218 219 <util:list id="registeredServicesList"> 220 <bean class="org.jasig.cas.services.RegexRegisteredService" 221 p:id="0" p:name="HTTP and IMAP" p:description="Allows HTTP(S) and IMAP(S) protocols" 222 p:serviceId="^(https?|imaps?)://.*" p:evaluationOrder="10000001" /> 223 <!-- 224 Use the following definition instead of the above to further restrict access 225 to services within your domain (including sub domains). 226 Note that example.com must be replaced with the domain you wish to permit. 227 This example also demonstrates the configuration of an attribute filter 228 that only allows for attributes whose length is 3. 229 --> 230 <!-- 231 <bean class="org.jasig.cas.services.RegexRegisteredService"> 232 <property name="id" value="1" /> 233 <property name="name" value="HTTP and IMAP on example.com" /> 234 <property name="description" value="Allows HTTP(S) and IMAP(S) protocols on example.com" /> 235 <property name="serviceId" value="^(https?|imaps?)://([A-Za-z0-9_-]+\.)*example\.com/.*" /> 236 <property name="evaluationOrder" value="0" /> 237 <property name="attributeFilter"> 238 <bean class="org.jasig.cas.services.support.RegisteredServiceRegexAttributeFilter" c:regex="^\w{3}$" /> 239 </property> 240 </bean> 241 --> 242 </util:list> 243 244 <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> 245 246 <bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" /> 247 248 <util:list id="monitorsList"> 249 <bean class="org.jasig.cas.monitor.MemoryMonitor" p:freeMemoryWarnThreshold="10" /> 250 <!-- 251 NOTE 252 The following ticket registries support SessionMonitor: 253 * DefaultTicketRegistry 254 * JpaTicketRegistry 255 Remove this monitor if you use an unsupported registry. 256 --> 257 <bean class="org.jasig.cas.monitor.SessionMonitor" 258 p:ticketRegistry-ref="ticketRegistry" 259 p:serviceTicketCountWarnThreshold="5000" 260 p:sessionCountWarnThreshold="100000" /> 261 </util:list> 262 </beans>
但是配置好后,編譯出現了問題,Error creating bean with name 'centralAuthenticationService' defined in .
這個問題是因為少了cas中jdbc的源碼,將上述mvn eclipse:eclipse編譯好的cas-server-support-jdbc項目導入Myeclipse中,並將項目中的代碼按現有目錄拷貝到Web項目中,
現項目圖片
最后編譯項目,打開項目地址,並輸入數據庫中的賬號與密碼,即可變廢為寶了。
再次就是其他4個jar的代碼,你可以通過拷貝的方式考入當前項目中。
問題1:
Failed to execute goal org.apache.maven.plugins:maven-checkstyle-plugin
該問題是因為你想在源碼的根目錄直接運行編譯命令 C:\Users\Jadyer\Desktop\cas-4.0.5>mvn install -DskipTests 但最終沒發現\cas-4.0.5\cas-server-webapp\target\目錄下生成cas.war 文件
其實,是需要在 C:\Users\Jadyer\Desktop\cas-4.0.5\cas-server-webapp>目錄下執行該命令,才會生成war文件。如圖:
、
最后編譯了30分鍾
最終是生成了一大堆文件
查閱資料
http://blog.csdn.net/jadyer/article/details/46875393
http://blog.csdn.net/yanjunlu/article/details/45498509
http://blog.csdn.net/shadowsick/article/details/42191273
http://blog.csdn.net/small_love/article/details/6664831