CAS實現SSO(單點登錄)
概述
CAS的官網:http://www.jasig.org/cas
演示環境
CentOS 6.5 JDK 1.6 Tomcat 7 CAS-server-3.5.2、CAS-client-3.2.1-release
JDK安裝配置
http://hunng.com/2014/04/18/jdk-install-and-config/
keytool安全證書配置
1.生成證書 keytool -genkey -alias ssommall -keyalg RSA -keysize 1024 -keypass mmallcom -validity 365 -keystore /usr/local/src/sso/ssommall.keystore -storepass mmallcom 2.導出證書 keytool -export -alias ssommall -keystore /usr/local/src/sso/ssommall.keystore -file /usr/local/src/sso/ssommall.crt -storepass mmallcom 3.客戶端導入證書 keytool -import -keystore %JAVA_HOME%\jre\lib\security\cacerts -file /usr/local/src/sso/ssommall.crt -alias ssommall
部署CAS-Server的Tomcat
在文件 conf/server.xml文件找到:
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
修改成如下:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="g:/sso/ssodemo.keystore" keystorePass="michaelpwd"
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"
參數說明:
keystoreFile 就是創建證書的路徑
keystorePass 就是創建證書的密碼部署CAS-Server
本文以cas-server-3.5.2-release.zip 為例,解壓提取cas-server-3.5.2/modules/cas-server-webapp-3.5.2.war文件,并重命名為:cas.war.
CAS-server的默認驗證規則:只要用戶名和密碼相同就認證通過(僅僅用于測試,生成環境需要根據實際情況修改),輸入admin/admin 點擊登錄,就可以看到登錄成功的頁面。
部署CAS-Client的Tomcat
以cas-client-3.2.1-release.zip 為例,解壓提取cas-client-3.2.1/modules/cas-client-core-3.2.1.jar 借以tomcat默認自帶的webapps\examples作為演示的簡單web項目
安裝配置tomcat-demo1
接下來復制 client的lib包cas-client-core-3.2.1.jar到 tomcat-app1\webapps\examples\WEB-INF\lib\目錄下, 在tomcat-app1\webapps\examples\WEB-INF\web.xml 文件中增加如下內容:
<!-- ======================== 單點登錄開始 ======================== -->
<!-- 用于單點退出,該過濾器用于實現單點登出功能,可選配置-->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- 該過濾器用于實現單點登出功能,可選配置。 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://passport.hunng.com:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://demo1.hunng.com:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 該過濾器負責對Ticket的校驗工作,必須啟用它 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://passport.hunng.com:8443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://demo1.hunng.com:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
該過濾器負責實現HttpServletRequest請求的包裹,
比如允許開發者通過HttpServletRequest的getRemoteUser()方法獲得SSO登錄用戶的登錄名,可選配置。
-->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
該過濾器使得開發者可以通過org.jasig.cas.client.util.AssertionHolder來獲取用戶的登錄名。
比如AssertionHolder.getAssertion().getPrincipal().getName()。
-->
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- ======================== 單點登錄結束 ======================== -->有關cas-client的web.xml修改的詳細說明見官網介紹: https://wiki.jasig.org/display/CASC/Configuring+the+Jasig+CAS+Client+for+Java+in+the+web.xml
安裝配置tomcat-demo2
和tomcat-demo1一樣,在這就不啰唆啦。。。
獲取登錄用戶的信息
修改類:webapps\examples\WEB-INF\classes\HelloWorldExample.java 后重新編譯并替換 webapps\examples\WEB-INF\classes\HelloWorldExample.class文件。
HelloWorldExample.java 修改后的代碼如下:
import java.io.*;
import java.util.*;
import java.util.Map.Entry;
import javax.servlet.*;
import javax.servlet.http.*;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.util.AbstractCasFilter;
import org.jasig.cas.client.validation.Assertion;
/**
* CAS simple Servlet
*
* @author <a >Hunng</a>
*/
public class HelloWorldExample extends HttpServlet {
private static final long serialVersionUID = -1L;
@SuppressWarnings("unchecked")
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
ResourceBundle rb = ResourceBundle.getBundle("LocalStrings",
request.getLocale());
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head>");
String title = rb.getString("helloworld.title");
out.println("<title>" + title + "</title>");
out.println("</head>");
out.println("<body bgcolor=\"white\">");
out.println("<a href=\"../helloworld.html\">");
out.println("<img src=\"../images/code.gif\" height=24 "
+ "width=24 align=right border=0 alt=\"view code\"></a>");
out.println("<a href=\"../index.html\">");
out.println("<img src=\"../images/return.gif\" height=24 "
+ "width=24 align=right border=0 alt=\"return\"></a>");
out.println("<h1>" + title + "</h1>");
Assertion assertion = (Assertion) request.getSession().getAttribute(
AbstractCasFilter.CONST_CAS_ASSERTION);
if (null != assertion) {
out.println(" Log | ValidFromDate =:"
+ assertion.getValidFromDate() + "<br>");
out.println(" Log | ValidUntilDate =:"
+ assertion.getValidUntilDate() + "<br>");
Map<Object, Object> attMap = assertion.getAttributes();
out.println(" Log | getAttributes Map size = " + attMap.size()
+ "<br>");
for (Entry<Object, Object> entry : attMap.entrySet()) {
out.println(" | " + entry.getKey() + "=:"
+ entry.getValue() + "<br>");
}
AttributePrincipal principal = assertion.getPrincipal();
// AttributePrincipal principal = (AttributePrincipal) request
// .getUserPrincipal();
String username = null;
out.print(" Log | UserName:");
if (null != principal) {
username = principal.getName();
out.println("<span style='color:red;'>" + username
+ "</span><br>");
}
}
out.println("</body>");
out.println("</html>");
}
}CAS服務端-配置數據庫查詢認證機制
在%tomcatcas%/webapps/cas/WEBINF/deployerConfigContext.xml 找到如下信息:
<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
修改成如下:
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource" ></property>
<property name="sql" value="select password from sso_t_user where login_name=?" ></property>
<property name="passwordEncoder" ref="MD5PasswordEncoder" ></property>
</bean>同時增加datasource和加密處理兩個bean的定義:
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost/test" />
<property name="username" value="root" />
<property name="password" value="" />
</bean>
<bean id="MD5PasswordEncoder"
class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
<constructor-arg index="0" value="MD5" />
</bean>添加相關的jar包
需要在web項目的lib下添加兩個包:cas-server-support-jdbc-x.x.x.jar 和 mysql-connector-java-x.x.x-bin.jar
本文由用戶 ymc4 自行上傳分享,僅供網友學習交流。所有權歸原作者,若您的權利被侵害,請聯系管理員。
轉載本站原創文章,請注明出處,并保留原始鏈接、圖片水印。
本站是一個以用戶分享為主的開源技術平臺,歡迎各類分享!