SSO實作單點登入
- 環境概述
- cas server部署
- 配置cas client
- 登入測試
環境概述
- apache-tomcat-8.5.6
- cas-client-core-3.2.1.jar
- cas-server-3*.jar
| 機器ip | 端口 | 用途 |
|---|---|---|
| 192.168.0.71 | 8080 | 中央認證(cas server) |
| 192.168.0.65 | 8089 | 接入 |
cas server部署
- 解壓tomcat,并将cas-server.xx.war解壓到tomcat的webapps下,如CasWeb
[[email protected] webapps]# pwd
/opt/software/apache-tomcat-8.5.6/webapps
[[email protected] webapps]# ls
CasWeb docs examples host-manager manager ROOT
- 修改cas配置
[[email protected] WEB-INF]# cat cas.properties
cas.securityContext.serviceProperties.service=http://192.168.0.71:8080/CasWeb/services/j_acegi_cas_security_check
cas.securityContext.casProcessingFilterEntryPoint.loginUrl=http://192.168.0.71:8080/CasWeb/login
cas.securityContext.ticketValidator.casServerUrlPrefix=http://192.168.0.61:8080/CasWeb
cas.themeResolver.defaultThemeName=portal
cas.viewResolver.basename=portal_views
host.name=test
#database.hibernate.dialect=org.hibernate.dialect.OracleDialect
database.hibernate.dialect=org.hibernate.dialect.MySQLDialect
#database.hibernate.dialect=org.hibernate.dialect.HSQLDialect
- 資料庫配置deployerConfigContext.xml
<bean id="attributeRepository" class="com.avicit.cas.persondir.support.AvicitSingleRowJdbcPersonAttributeDao" >
<constructor-arg index="0" ref="oarcleDataSource"/>
<constructor-arg index="1" >
<list>
<value>username</value>
</list>
</constructor-arg>
<!--
<constructor-arg index="2" value="select * from SYS_USER_SSO_MAP where USERINTERNALID=?"/>
-->
<constructor-arg index="2" value="select t.service_name_zh as WEB_NAME,um.user_name as WEB_USERNAME from sys_service t,sys_user_service_map um where t.id=um.sys_service_id and USERINTERNALID=?"/>
<property name="columnsToAttributes">
<map>
<!--
<entry key="username" value="username"/>
<entry key="age" value="user_age"/>
-->
</map>
</property>
<!-- 對應使用者資訊格式“系統代碼$$登入使用者代碼@@系統代碼$$登入使用者代碼.....” 例如:[email protected]@cms$$k001-->
<property name="userInfo">
<value>appUserName</value>
</property>
</bean>
<bean id="oarcleDataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" >
<value>oracle.jdbc.driver.OracleDriver</value>
</property>
<property name="url">
<value>jdbc:oracle:thin:@192.168.0.53:1521:orcl</value>
</property>
<property name="username">
<value>pt6</value>
</property>
<property name="password">
<value>cape</value>
</property>
<property name="maxActive" value="6" />
<property name="maxIdle" value="4" />
<property name="initialSize" value="1"/>
</bean>
- 啟動tomcat,并在浏覽器中通路:http://192.168.0.71:8080/CasWeb
SSO實作單點登入環境概述cas server部署配置cas client登入測試 
SSO實作單點登入環境概述cas server部署配置cas client登入測試
配置cas client
為了不影響業務系統單獨通路,對CAS Client 進行了修改,隻有在位址中帶有【flag=capitalPortal】時,上面配置的web.xml的filter才會生效。
- 配置tomcat端口為8089(server.xml)
<Connector port="8089" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
- 在web.xml中加入攔截器
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CASSingle Sign OutFilter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CASSingle Sign OutFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://192.168.0.71:8080/CasWeb/login</param-value>
// http://192.168.0.71:8080/CasWeb/login CAS登入位址
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://192.168.0.65:8089</param-value>
// http://192.168.0.65:8089 用戶端(即第三方應用統)的伺服器+端口
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CASValidationFilter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://192.168.0.71:8080/CasWeb</param-value>
// http://10.64.15.83:10039/cas CAS登入位址
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://192.168.0.65:8089</param-value>
// http://localhost:8080 用戶端(即第三方應用系統)的伺服器+端口
</init-param>
</filter>
<filter-mapping>
<filter-name>CASValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CASHttpServletRequest WrapperFilter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>CASHttpServletRequest WrapperFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CASAssertion Thread LocalFilter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CASAssertion Thread LocalFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
- 引入cas-client-core-3.2.1.jar
- 增加login.jsp作為單點登入頁面
通過cas client提供的方法擷取,cas登入頁面的使用者名
随機生成登入密碼,進行登入
AttributePrincipal principal = (AttributePrincipal) request.getUserPrincipal();
user = principal.toString();
CTUserCheckSSO.createUserMap(user, true);
pass = CTUserCheckSSO.getUserRandPwd(user, false);
import java.util.Random;
import java.util.TreeMap;
public class CTUserCheckSSO {
public static TreeMap<String, String> userList = new TreeMap<String, String>();
public static String createUserMap(String uName, boolean add) {
if (userList == null) {
userList = new TreeMap<String, String>();
}
if (uName == null || "".equals(uName.trim())) {
return "";
}
String pwd = "";
while (true) {
Random randrom = new Random();
long p = System.currentTimeMillis() + randrom.nextLong();
double ps = Math.abs(Math.sin(p));
pwd = String.valueOf(ps);
if (pwd != null && !"".equals(pwd)) {
break;
}
}
if (add) {
userList.put(uName, pwd);
}
return pwd;
}
public static String getUserRandPwd(String uName, boolean remove) {
if (userList == null) {
userList = new TreeMap<String, String>();
}
if (uName == null || "".equals(uName.trim())) {
return "";
}
if (!userList.containsKey(uName)) {
return "";
}
String pwd = userList.get(uName);
if (remove) {
userList.remove(uName);
}
return pwd;
}
public static void main(String[] args) {
for (int i = 0; i < 20; i++) {
System.out.println(CTUserCheckSSO.createUserMap("test", true));
}
}
}
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ page import="org.jasig.cas.client.authentication.*" %>
<%@ page import="java.util.*" %>
<%@ page import="com.clustertech.cloud.gui.utils.CTUserCheckSSO" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<script type="text/javascript" src="http://code.jquery.com/jquery-1.12.4.js"></script>
</head>
<!-- get "userName" and "password" from the request -->
<%
String user = "";
String pass = "";
String flag = (String) request.getParameter("flag");
if(flag == null || !flag.equals("capitalPortal")){
}else{
AttributePrincipal principal = (AttributePrincipal) request.getUserPrincipal();
user = principal.toString();
CTUserCheckSSO.createUserMap(user, true);
pass = CTUserCheckSSO.getUserRandPwd(user, false);
}
pageContext.setAttribute("userName", user);
pageContext.setAttribute("password", pass);
%>
<body>
</body>
<script type="text/javascript">
var user = '${userName}';
var pass = '${password}';
var accessType = localStorage.getItem('ccmp3AccessType');
var data = {
userName: user,
password: pass
};
if (user && pass && !accessType) {
$.ajax({
url:"/api/auth/login",
contentType: "application/json;charset=UTF-8",
type: 'POST',
data: JSON.stringify(data),
success: function (e) {
localStorage.setItem('ctcloud3AccessToken', e.token);
localStorage.setItem('ctcloud3AccessType', 'single');
window.location.href = '/';
}
});
} else {
localStorage.removeItem('ctcloud3AccessType');
window.close();http://
}
</script>
</html>
啟動tomcat。
登入測試
在浏覽器中通路(使用單點登入):http://192.168.0.65:8089/login.jsp?flag=capitalPortal
頁面跳轉至:http://192.168.0.71:8080/CasWeb/login?service=http%3A%2F%2F192.168.0.65%3A8089%2Flogin.jsp%3Fflag%3DcapitalPortal
輸入使用者名,密碼進行登入,登陸成功後頁面跳轉至web頁面。