0
点赞
收藏
分享

微信扫一扫

java+maven CAS单点登录服务端和客户端的搭建

南柯Taylor 2021-09-28 阅读 36

1、服务端(http)

  • 部署

    • 下载地址cas4.0.0服务端
    • 解压并进入目录cas-server-4.0.0-release.zip\cas-server-4.0.0\modules,找到war包cas-server-webapp-4.0.0.war
    • 将war包改名为cas,放到tomcat的webapps下发布项目
    • 打开浏览器输入http://localhost:8080/cas,成功如下图
  • 配置mysql连接

    • 打开cas\WEB-INF\deployerConfigContext.xml
    • 找到id为primaryAuthenticationHandler的bean,修改为
      <bean id="primaryAuthenticationHandler"
            class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
          <property name="dataSource" ref="dataSource"></property>
          <property name="sql" value="select password from user where user_name=?"></property>
      </bean>
      
    • 添加数据源
      <!-- 数据源配置 -->
      <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
         <property name="driverClassName" value="com.mysql.jdbc.Driver"></property>
         <property name="url" value="jdbc:mysql://localhost:3306/ossm"></property>
         <property name="username" value="root"></property>
         <property name="password" value="123456"></property>
       </bean>
      
    • 添加jar包:
      • 打开cas\cas-server-4.0.0\modules
      • 复制cas-server-support-jdbc-4.0.0到项目的cas\WEB-INF\lib目录下
      • 下载mysql驱动mysql-connector-java-5.0.2.jar,添加到cas\WEB-INF\lib目录下
      • 重启tomcat
  • 去掉https验证

    1. 打开cas/WEB-INF/deployerConfigContext.xml
      <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
      p:httpClient-ref="httpClient"/>
      
      增加参数p:requireSecure="false",是否需要安全验证,即HTTPS,false为不采用。修改后为:
      <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
       p:httpClient-ref="httpClient"  p:requireSecure="false"/>
      
    2. 打开cas/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml
      <bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
      
            p:cookieSecure="true"
      
            p:cookieMaxAge="-1"
      
            p:cookieName="CASTGC"
      
            p:cookiePath="/cas" />
      
      p:cookieSecure="true"改成p:cookieSecure="false"
    3. 打开WEB-INF\spring-configuration\warnCookieGenerator.xml
      <bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
        p:cookieSecure="true"
      
        p:cookieMaxAge="-1"
        p:cookieName="CASPRIVACY"
        p:cookiePath="/cas" />
      
      将p:cookieSecure="true" 改成false

2、客户端

  • 在maven配置文件添加依赖
    <!--cas客户端-->
    <dependency>
     <groupId>org.jasig.cas.client</groupId>
     <artifactId>cas-client-core</artifactId>
     <version>3.3.3</version>
    </dependency>
    <dependency>
     <groupId>xml-apis</groupId>
     <artifactId>xml-apis</artifactId>
     <version>1.4.01</version>
    </dependency>
    
  • 配置web.xml文件
    <!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置-->
        <listener>
            <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
        </listener>
        <!-- 该过滤器用于实现单点登出功能,可选配置 -->
        <filter>
            <filter-name>CAS Single Sign Out Filter</filter-name>
            <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
        </filter>
        <filter-mapping>
            <filter-name>CAS Single Sign Out Filter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
        <filter>
            <filter-name>CAS Filter</filter-name>
            <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
            <!--casServer的登录访问路径-->
            <init-param>
                <param-name>casServerLoginUrl</param-name>
                <param-value>http://localhost:8080/cas/login</param-value>
            </init-param>
            <!--casServer的根访问路径-->
            <!--需要将serverName的参数设置为本地登录系统使用的ip:port参数,登录后跳转的url(此项目)-->
            <init-param>
                <param-name>serverName</param-name>
                <param-value>http://localhost:8090</param-value>
            </init-param>
        </filter>
        <filter-mapping>
            <filter-name>CAS Filter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
        <!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
        <filter>
            <filter-name>CAS Validation Filter</filter-name>
            <filter-class>
                org.jasig.cas.client.validation.Cas10TicketValidationFilter
            </filter-class>
            <init-param>
                <param-name>casServerUrlPrefix</param-name>
                <param-value>http://localhost:8080/cas</param-value>
            </init-param>
            <init-param>
                <param-name>serverName</param-name>
                <param-value>http://localhost:8090</param-value>
            </init-param>
        </filter>
        <filter-mapping>
            <filter-name>CAS Validation Filter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
        <!--
            该过滤器负责实现HttpServletRequest请求的包裹,比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。
        -->
        <filter>
            <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
            <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
        </filter>
        <filter-mapping>
            <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
        <!--
            该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。比如AssertionHolder.getAssertion().getPrincipal().getName()。
        -->
        <filter>
            <filter-name>CAS Assertion Thread Local Filter</filter-name>
            <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
        </filter>
        <filter-mapping>
            <filter-name>CAS Assertion Thread Local Filter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
    

3、报错

unable to find valid certification path to requested target

https证书问题,将证书导入到起作用的jdk里面

java.security.cert.CertificateException: No name match

生成证书的时候,“您的名字与姓氏是什么”应填写项目域名,比如localhost

java.lang.IllegalArgumentException: casServerUrlPrefix cannot be null.

客户端使用的cas-client-core版本不对,4.0.0的服务端应使用3.3

java.lang.NoClassDefFoundError: org/w3c/dom/ElementTraversal

添加依赖xml-apis

  ````
  <dependency>
    <groupId>xml-apis</groupId>
    <artifactId>xml-apis</artifactId>
    <version>1.4.01</version>
  </dependency>
  ````
举报

相关推荐

0 条评论