1.引言
在多服務統一帳號的應用集中,單點登錄是必不可少的。CAS就是成熟的單點登錄框架之一。
Github地址:https://github.com/apereo/cas。
現在我們就通過一系列快速簡單的構建方式實現一個簡單的單點登錄系統集。
首先下載cas-overlay-template:https://github.com/apereo/cas-overlay-template ,這里我們使用5.3.x版本
# 拉去代碼 git clone https://github.com/apereo/cas-overlay-template.git # 進入文件夾 cd cas-overlay-template # 切換分支 git checkout 5.3
2.准備工作
2.1.配置域名映射
打開host文件,配置cas域名映射。
windows:C:\Windows\System32\drivers\etc,linux:/etc/host
2.2.配置Keystore
配置keystore的目的是讓tomcat支持https。
生成Keystore
keytool -genkey -alias tomcat -keyalg RSA -validity 3650 -keystore D:/keystore/tomcat.keystore
-alias tomcat :表示秘鑰庫的別名是tomcat,實際操作都用別名識別,所以這個參數很重要。你也可以去其他的別名。
-validity 3650:表示證書有效期10年。
-keystore D:/keystore/tomcat.keystore:指定keystore的存儲路徑為D:/keystore,名稱為tomcat.keystore
秘鑰庫口令: changeit,這里建議輸入changeit,因為證書庫cacerts的缺省口令為changeit,這里方便統一。
名字與姓氏輸入服務器域名。
其它回車,最后如果顯示正確 輸入 ‘y’ 就行了。
tomcat秘鑰口令采用與秘鑰庫相同,因此也回車。
查看密匙庫文件內容
keytool -list -keystore D:/keystore/tomcat.keystore
根據keystore生成crt文件
keytool -export -alias tomcat -file D:/keystore/tomcat.cer -keystore D:/keystore/tomcat.keystore -validity 3650
信任授權文件到jdk
keytool -import -keystore D:/java/jdk1.8/jre/lib/security/cacerts -file D:/keystore/tomcat.cer -alias tomcat -storepass changeit
證書庫cacerts的缺省口令為changeit ,這也是為什么我上面的密碼都是用的它,防止混淆,直接都設成一樣的。
刪除授權文件
keytool -delete -alias tomcat -keystore D:/java/jdk1.8/jre/lib/security/cacerts
查看cacerts中證書
keytool -list -v -keystore D:/java/jdk1.8/jre/lib/security/cacerts
2.3.修改tomcat的配置文件server.xml
打開tomcat安裝目錄的/conf/server.xml,添加以下內容
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="200" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="D:\keystore\tomcat.keystore" keystorePass="changeit"/>
2.4.讓瀏覽器信任證書
3.使用Overlay自定義服務端
overlay可以把多個項目war合並成為一個項目,並且如果項目存在同名文件,那么主項目中的文件將覆蓋掉其他項目的同名文件。使用maven 的Overlay配置實現無侵入的改造cas。
3.1.打包Overlay
mvn clean package
執行完成后,在target下會生成cas.war
將war包進行解壓
3.2.新建項目cas-server
pom.xml
在解壓的war包中,拷貝pom.xml,路徑:/cas/META-INF/maven/org.apereo.cas/cas-overlay
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.fdzang</groupId> <artifactId>cas-server</artifactId> <version>1.0-SNAPSHOT</version> <build> <plugins> <plugin> <groupId>com.rimerosolutions.maven.plugins</groupId> <artifactId>wrapper-maven-plugin</artifactId> <version>0.0.5</version> <configuration> <verifyDownload>true</verifyDownload> <checksumAlgorithm>MD5</checksumAlgorithm> </configuration> </plugin> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> <version>${springboot.version}</version> <configuration> <mainClass>${mainClassName}</mainClass> <addResources>true</addResources> <executable>${isExecutable}</executable> <layout>WAR</layout> </configuration> <executions> <execution> <goals> <goal>repackage</goal> </goals> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <version>2.6</version> <configuration> <warName>cas</warName> <failOnMissingWebXml>false</failOnMissingWebXml> <recompressZippedFiles>false</recompressZippedFiles> <archive> <compress>false</compress> <manifestFile>${manifestFileToUse}</manifestFile> </archive> <overlays> <overlay> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-webapp${app.server}</artifactId> </overlay> </overlays> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>3.3</version> </plugin> </plugins> <finalName>cas</finalName> </build> <properties> <cas.version>5.3.14</cas.version> <springboot.version>1.5.18.RELEASE</springboot.version> <!-- app.server could be -jetty, -undertow, -tomcat, or blank if you plan to provide appserver --> <app.server>-tomcat</app.server> <mainClassName>org.springframework.boot.loader.WarLauncher</mainClassName> <isExecutable>false</isExecutable> <manifestFileToUse> ${project.build.directory}/war/work/org.apereo.cas/cas-server-webapp${app.server}/META-INF/MANIFEST.MF </manifestFileToUse> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <repositories> <repository> <id>sonatype-releases</id> <url>http://oss.sonatype.org/content/repositories/releases/</url> <snapshots> <enabled>false</enabled> </snapshots> <releases> <enabled>true</enabled> </releases> </repository> <repository> <id>sonatype-snapshots</id> <url>https://oss.sonatype.org/content/repositories/snapshots/</url> <snapshots> <enabled>true</enabled> </snapshots> <releases> <enabled>false</enabled> </releases> </repository> <repository> <id>shibboleth-releases</id> <url>https://build.shibboleth.net/nexus/content/repositories/releases</url> </repository> </repositories> <profiles> <profile> <activation> <activeByDefault>true</activeByDefault> </activation> <id>default</id> <dependencies> <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-webapp${app.server}</artifactId> <version>${cas.version}</version> <type>war</type> <scope>runtime</scope> </dependency> <!-- ...Additional dependencies may be placed here... --> </dependencies> </profile> <profile> <activation> <activeByDefault>false</activeByDefault> </activation> <id>exec</id> <properties> <mainClassName>org.apereo.cas.web.CasWebApplication</mainClassName> <isExecutable>true</isExecutable> <manifestFileToUse></manifestFileToUse> </properties> <build> <plugins> <plugin> <groupId>com.soebes.maven.plugins</groupId> <artifactId>echo-maven-plugin</artifactId> <version>0.3.0</version> <executions> <execution> <phase>prepare-package</phase> <goals> <goal>echo</goal> </goals> </execution> </executions> <configuration> <echos> <echo>Executable profile to make the generated CAS web application executable.</echo> </echos> </configuration> </plugin> </plugins> </build> </profile> <profile> <activation> <activeByDefault>false</activeByDefault> </activation> <id>bootiful</id> <properties> <app.server>-tomcat</app.server> <isExecutable>false</isExecutable> </properties> <dependencies> <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-webapp${app.server}</artifactId> <version>${cas.version}</version> <type>war</type> <scope>runtime</scope> </dependency> </dependencies> </profile> <profile> <activation> <activeByDefault>false</activeByDefault> </activation> <id>pgp</id> <build> <plugins> <plugin> <groupId>com.github.s4u.plugins</groupId> <artifactId>pgpverify-maven-plugin</artifactId> <version>1.1.0</version> <executions> <execution> <goals> <goal>check</goal> </goals> </execution> </executions> <configuration> <pgpKeyServer>hkp://pool.sks-keyservers.net</pgpKeyServer> <pgpKeysCachePath>${settings.localRepository}/pgpkeys-cache</pgpKeysCachePath> <scope>test</scope> <verifyPomFiles>true</verifyPomFiles> <failNoSignature>false</failNoSignature> </configuration> </plugin> </plugins> </build> </profile> </profiles> </project>
其他文件
META-INF/spring.factories、application.properties、log4j2.xml,路徑:cas\WEB-INF\classes
最終項目目錄:
修改application.properties
server.ssl.enabled=true
server.ssl.key-store=file:D:/keystore/tomcat.keystore
server.ssl.key-store-password=changeit
server.ssl.key-password=changeit
server.ssl.keyAlias=tomcat
4.在IDEA配置Tomcat
點擊Run-Edit Configurations…,添加tomcat,配置如下:
點擊運行,第一次會出現如下情況,點擊accept即可:
運行效果如下:
參考:https://blog.csdn.net/qq_34021712/article/details/80871015