Cas server改造和Cas client配置說明
Cas Server改造
我這裡講cas Server更名為TrainCasServer 部署在tomcat下
第一步:
在deployerConfigContext.xml加入自己的配置
<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />這個是做caserver 自己驗證的,隻要使用者名密碼一緻就可通過驗證
我們這裡要做自己的資料庫驗證
把<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />給注釋掉
在後面加入
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource" />
<property name="sql" value="select password from user where account=?" />
</bean>
在<sec:user-service id="userDetailsService">
<sec:user name="battags" password="notused" authorities="ROLE_ADMIN" />
</sec:user-service>後面加入
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>com.mysql.jdbc.Driver</value>
</property>
<property name="url">
<value>jdbc:mysql://localhost:3306/digitalschooltrain</value>
</property>
<property name="username">
<value>root</value>
</property>
<property name="password">
<value>root</value>
</property>
</bean>
第二步:WEB-INF-->spring-configuration下找到ticketGrantingTicketCookieGenerator.xml
将裡面 p:cookieSecure=”true” 改為false;這是我因為後面client用的是Http協定通路而不是https,不改後面生成的票據就為空,退出就沒有效果
第三部:修改cas-servlet.xml 找到logoutController控制器,在裡面加入p:followServiceRedirects=”true”;這是後面我們做退出時可以重定向路徑
例如http://demo.outegg.com:8080/TrainCasServer/logout?service=http://demo.outegg.com:8080/Test/login.jsp
至此casServer端配置完成
CasClient配置
第一步:配置SSL證書
以指令方式換到目錄%TOMCAT_HOME%,在command指令行輸入如下指令:
Keytool -genkey -alias tomcat_key -keyalg RSA -storepass changeit -keystore server.keystore -validity 3600
下面的資訊提示随便寫
您的名字與姓氏是什麼?
[Unknown]: demo.outegg.com
您的組織機關名稱是什麼?
[Unknown]: demo.outegg.com
您的組織名稱是什麼?
[Unknown]: demo.outegg.com
您所在的城市或區域名稱是什麼?
[Unknown]:
您所在的州或省份名稱是什麼?
[Unknown]:
該機關的兩字母國家代碼是什麼
[Unknown]:
CN=demo.outegg.com, OU=demo.outegg.com, O=demo.outegg.com, L=Unknown, ST=Unknown
, C=Unknown 正确嗎?
按Y鍵
---說明下 demo.outegg.com是我在我電腦上的host檔案做了個映射處理
127.0.0.1 demo.outegg.com
[否]:第二步: 導出證書
Keytool -export -trustcacerts -alias tomcat_key -file server.cer -keystore server.keystore -storepass changeit
第三步: 把證書導入tomcat應用的JDK下(這步比較關鍵,很多時候報證書錯誤,其實是證書沒有導入tomcat所應用的JDK)
第四步:在tomcat的server.xml配置檔案中加入
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:/Program Files/Apache Software Foundation/Tomcat 7.0/server.keystore" <!--server.keystore 完整路徑 -->
truststoreFile="C:/Program Files/Java/jdk1.7.0_01/jre/lib/security/cacerts" <!--cacerts 完整路徑 一般為%JAVA_HOME%/jre/lib/security/cacerts-->
keystorePass="changeit"/>
第五步:在用戶端應用配置web.xml
加入cas filter
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://demo.outegg.com:8443/TrainCasServer</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://demo.outegg.com:8443/TrainCasServer/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://demo.outegg.com:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://demo.outegg.com:8443/TrainCasServer</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://demo.outegg.com:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
![2021阿裡雲Web主機安裝SSL證書(Apache)[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)