配置CAS基本步驟:
1、使用java自帶keytool創建本地密鑰庫
2、將創建過的證書導入到java證書庫
3、在tomcat配置文件中配置https證書訪問
4、導入cas-server到eclipse
5、創建並配置cas-client
完成
下面開始逐步介紹:
1、使用java自帶keytool創建本地密鑰庫
創建本地密鑰庫命令:
keytool -genkey -alias testkey -keyalg RSA -keystore "C:\Program Files\Java\Testkey"
-alias : 這里的testkey是別名,根據個人自定義
-keystore :這里是聲明生成key的位置(稍后會用到)
輸入上述命令后,會讓你輸入密鑰庫口令(記住密碼)
確認密碼之后,會讓你輸入一些證書信息(注意:紅框這里一定要輸入你的域名)如何創建域名請看此文章
把密鑰庫導出成證書文件,輸入命令:
keytool -export -file "C:\Program Files\Java\testkey.crt" -alias testkey -keystore "C:\Program Files\Java\Testkey"
-file:定義輸出文件的路徑和名稱
-alias:證書的別名(之前定義的)
-keystore:密鑰庫的存儲路徑
2、將創建過的證書導入到java證書庫
把上面的證書導入到客戶端JDK密鑰庫中(JDK證書密鑰庫默認密碼:changeit):
keytool -import -keystore "C:\Program Files\Java\jdk1.7.0_79\jre\lib\security\cacerts" -file "C:\Program Files\Java\testkey.crt" -alias testkey
3、在tomcat配置文件中配置https證書訪問
在你tomcat安裝路徑conf目錄下,修改server.xml配置文件中添加如下配置:
- <Connector SSLEnabled="true" clientAuth="false"
- keystoreFile="C:/Program Files/Java/Testkey" keystorePass="testkey"
- maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
- scheme="https" secure="true" sslProtocol="TLS"/>
<Connector SSLEnabled="true" clientAuth="false" keystoreFile="C:/Program Files/Java/Testkey" keystorePass="testkey" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslProtocol="TLS"/>
keystoreFile:剛剛創建的密鑰庫路徑
keystorePass : 密鑰庫口令
4、導入cas-server到eclipse
下載cas-server的zip包,解壓后在modules目錄下可以找到 cas-server-webapp-3.4.10.war
導入到eclipse中,改名為cas-server
啟動tomcat,測試一下訪問cas-server(在你第一次訪問的時候會出現一個攔截頁面,這是你只需要選擇繼續訪問即可)
輸入相同的帳號密碼即可,因為默認的cas校驗是允許帳號密碼相同的登錄成功
5、創建並配置cas-client
創建一個web project
在index.jsp中隨便寫點什么
修改web.xml
- <!-- ======================== 單點登錄開始 ======================== -->
- <!-- 用於單點退出,該過濾器用於實現單點登出功能,可選配置 -->
- <listener>
- <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
- </listener>
- <!-- 該過濾器用於實現單點登出功能,可選配置。 -->
- <filter>
- <filter-name>CAS Single Sign Out Filter</filter-name>
- <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>CAS Single Sign Out Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!-- 該過濾器負責對Ticket的校驗工作,必須啟用它 -->
- <filter>
- <filter-name>CAS Validation Filter</filter-name>
- <filter-class>
- org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
- <init-param>
- <param-name>casServerUrlPrefix</param-name>
- <param-value>https://diyagea.com:8443/cas-server</param-value>
- </init-param>
- <init-param>
- <param-name>serverName</param-name>
- <param-value>http://diyagea.com:8080/</param-value>
- </init-param>
- </filter>
- <filter-mapping>
- <filter-name>CAS Validation Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!-- 該過濾器負責用戶的認證工作,必須啟用它 -->
- <filter>
- <filter-name>CASFilter</filter-name>
- <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
- <init-param>
- <param-name>casServerLoginUrl</param-name>
- <param-value>https://diyagea.com:8443/cas-server/login</param-value>
- <!--這里的server是服務端的IP -->
- </init-param>
- <init-param>
- <param-name>serverName</param-name>
- <param-value>http://diyagea.com:8080/</param-value>
- </init-param>
- </filter>
- <filter-mapping>
- <filter-name>CASFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!-- 該過濾器負責實現HttpServletRequest請求的包裹, 比如允許開發者通過HttpServletRequest的getRemoteUser()方法獲得SSO登錄用戶的登錄名,可選配置。 -->
- <filter>
- <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
- <filter-class>
- org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!-- 該過濾器使得開發者可以通過org.jasig.cas.client.util.AssertionHolder來獲取用戶的登錄名。 比如AssertionHolder.getAssertion().getPrincipal().getName()。 -->
- <filter>
- <filter-name>CAS Assertion Thread Local Filter</filter-name>
- <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>CAS Assertion Thread Local Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!-- ======================== 單點登錄結束 ======================== -->
<!-- ======================== 單點登錄開始 ======================== -->
<!-- 用於單點退出,該過濾器用於實現單點登出功能,可選配置 -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- 該過濾器用於實現單點登出功能,可選配置。 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 該過濾器負責對Ticket的校驗工作,必須啟用它 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://diyagea.com:8443/cas-server</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://diyagea.com:8080/</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 該過濾器負責用戶的認證工作,必須啟用它 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://diyagea.com:8443/cas-server/login</param-value>
<!--這里的server是服務端的IP -->
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://diyagea.com:8080/</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 該過濾器負責實現HttpServletRequest請求的包裹, 比如允許開發者通過HttpServletRequest的getRemoteUser()方法獲得SSO登錄用戶的登錄名,可選配置。 -->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 該過濾器使得開發者可以通過org.jasig.cas.client.util.AssertionHolder來獲取用戶的登錄名。 比如AssertionHolder.getAssertion().getPrincipal().getName()。 -->
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- ======================== 單點登錄結束 ======================== -->
好了現在,copy一下,復制出另一個web project,修改一下index.jsp中內容,做一下對比
現在重啟tomcat可以訪問client的web project了
這時 訪問你的web project路徑時,會自動跳轉到剛才的頁面
登錄成功后:
這個時候在輸入第二個web project,已經不需要認證了,直接可以訪問到index.jsp
好了,現在已經配置成功了,之后我會發出使用數據庫認證方式,這樣就可以應用到我的項目中去了