CAS 入门

Posted 贪吃蛇

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了CAS 入门相关的知识,希望对你有一定的参考价值。

 

安装环境

jdk 1.8 、tomcat 8 、cas 5.1

之前使用的是 cas 5.1 和 tomcat 7,怎么都跑不通,一直以为是配置的问题,一查资料才知道是 cas5  以上至少要 tomcat8 以上版本。

cas5 源码下载

官网cas主页地址: https://www.apereo.org/projects/cas

github 源码主页 : https://github.com/apereo/cas

 选择 Maven 构建工程

 

选择版本号下载

下载完成之后将项目解压导入 IDE 中(3.5版本可以直接从modle 目录下找到对应的war包直接部署运行即可)

tomcat 配置

因为cas要求是https 请求所以设置tomcat的请求方式为https

第一步使用 JDK 自带的工具生成证书文件,命令如下:

keytool -genkey -alias castest -keyalg RSA -keystore C:/key/casKey.keystore

注意:名字与姓氏要为域名或localhost

第二步导出crt文件:

keytool -export -file C:/key/casKey.crt -alias castest -keystore C:/key/casKey.keystore

执行完这两步,你将生成两个文件:

第三步:将生成的证书导入你的运行jdk中:

keytool -import -keystore "E:/JDK/1.8/jre/lib/security/cacerts" -file C:/key/casKey.crt -alias castest

这里需要注意的是你的路径一定要为你的jdk->jre->lib->security,如果你的路径下存在此文件,则需要将其删除,再执行导入,密钥库口令默认为changeit

第四步:在 c://windows/System32/drivers/etc/hosts 文件中添加你的域名映

127.0.0.1 sso.castest.com

第五步: 修改 tomcat 的server.xml:

找到:

将其打开并修改为:

<Connector port="8086" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="C:/key/casKey.keystore" keystorePass="111111" /> 

其中 keystorePass 为第一步设置的密码,并不是 changeit,并将之前的配置注释掉:

运行tomca测试https访问:https://sso.castest.com:8086/

 

选择高级

 

访问成功:

 

修改源码配置

将源码载入Eclipse 中目录结构

 

执行 maven-clean  ->  maven-install  然后添加maven的资源文件夹

进入target 目录将class 目录下的application.properties 和 service文件夹 拷贝到 resources目录下 

修改etc/cas/config目录下的 cas.properties 

cas.server.name: https://sso.castest.com:8086
cas.server.prefix: https://sso.castest.com:8086/cas

cas.adminPagesSecurity.ip=127\\.0\\.0\\.1

logging.config: file:/etc/cas/config/log4j2.xml
# cas.serviceRegistry.config.location: classpath:/services

修改application.properties 文件

##
# CAS Server Context Configuration
#
server.context-path=/cas
server.port=8086

cas.serviceRegistry.initFromJson=true

  
server.ssl.key-store=file:/C:/key/caskey.Keystore
server.ssl.key-store-password=changeit
server.ssl.key-password=changeit
# server.ssl.ciphers=
# server.ssl.client-auth=
# server.ssl.enabled=
# server.ssl.key-alias=
# server.ssl.key-store-provider=
# server.ssl.key-store-type=
# server.ssl.protocol=
# server.ssl.trust-store=
# server.ssl.trust-store-password=
# server.ssl.trust-store-provider=
# server.ssl.trust-store-type=

server.compression.enabled=true
server.compression.mime-types=application/javascript,application/json,application/xml,text/html,text/xml,text/plain

server.max-http-header-size=2097152
server.use-forward-headers=true
server.connection-timeout=20000
server.error.include-stacktrace=NEVER

server.tomcat.max-http-post-size=2097152
server.tomcat.basedir=build/tomcat
server.tomcat.accesslog.enabled=true
server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms)
server.tomcat.accesslog.suffix=.log
server.tomcat.max-threads=10
server.tomcat.port-header=X-Forwarded-Port
server.tomcat.protocol-header=X-Forwarded-Proto
server.tomcat.protocol-header-https-value=https
server.tomcat.remote-ip-header=X-FORWARDED-FOR
server.tomcat.uri-encoding=UTF-8
   
spring.http.encoding.charset=UTF-8
spring.http.encoding.enabled=true
spring.http.encoding.force=true

##
# CAS Cloud Bus Configuration
#
spring.cloud.bus.enabled=false
# spring.cloud.bus.refresh.enabled=true
# spring.cloud.bus.env.enabled=true
# spring.cloud.bus.destination=CasCloudBus
# spring.cloud.bus.ack.enabled=true

endpoints.enabled=false
endpoints.sensitive=true

endpoints.restart.enabled=false
endpoints.shutdown.enabled=false

management.security.enabled=true
management.security.roles=ACTUATOR,ADMIN
management.security.sessions=if_required
management.context-path=/status
management.add-application-context-header=false

security.basic.authorize-mode=role
security.basic.enabled=false
security.basic.path=/cas/status/**

##
# CAS Web Application Session Configuration
#
server.session.timeout=300
server.session.cookie.http-only=true
server.session.tracking-modes=COOKIE

##
# CAS Thymeleaf View Configuration
#
spring.thymeleaf.encoding=UTF-8
spring.thymeleaf.cache=true
spring.thymeleaf.mode=HTML
##
# CAS Log4j Configuration
#
# logging.config=file:/etc/cas/log4j2.xml
server.context-parameters.isLog4jAutoInitializationDisabled=true

##
# CAS AspectJ Configuration
#
spring.aop.auto=true
spring.aop.proxy-target-class=true

##
# CAS Authentication Credentials
#
#cas.authn.accept.users=casuser::Mellon

##
# CAS Delegated Authentication
#
#cas.authn.pac4j.bitbucket.clientName=Bitbucket
#cas.authn.pac4j.dropbox.clientName=Dropbox
#cas.authn.pac4j.facebook.clientName=Facebook
#cas.authn.pac4j.foursquare.clientName=Foursquare
#cas.authn.pac4j.github.clientName=Github
#cas.authn.pac4j.google.clientName=Google
#cas.authn.pac4j.linkedIn.clientName=LinkedIn
#cas.authn.pac4j.paypal.clientName=PayPal
#cas.authn.pac4j.twitter.clientName=Twitter
#cas.authn.pac4j.yahoo.clientName=Yahoo
#cas.authn.pac4j.windowsLive.clientName=Windows Live
#cas.authn.pac4j.wordpress.clientName=WordPress

 cas.authn.jdbc.query[0].sql=SELECT * FROM t_user WHERE name=?
# cas.authn.jdbc.query[0].healthQuery=
# cas.authn.jdbc.query[0].isolateInternalQueries=false
 cas.authn.jdbc.query[0].url=jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&useSSL=false&serverTimezone=GMT
# cas.authn.jdbc.query[0].failFastTimeout=1
 cas.authn.jdbc.query[0].isolationLevelName=ISOLATION_READ_COMMITTED
 cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect
 cas.authn.jdbc.query[0].leakThreshold=10
 cas.authn.jdbc.query[0].propagationBehaviorName=PROPAGATION_REQUIRED
# cas.authn.jdbc.query[0].batchSize=1
 cas.authn.jdbc.query[0].user=root
# cas.authn.jdbc.query[0].ddlAuto=create-drop
# cas.authn.jdbc.query[0].maxAgeDays=180
 cas.authn.jdbc.query[0].password=
 cas.authn.jdbc.query[0].autocommit=false
 cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
# cas.authn.jdbc.query[0].idleTimeout=5000
# cas.authn.jdbc.query[0].credentialCriteria=
# cas.authn.jdbc.query[0].name=
# cas.authn.jdbc.query[0].order=0
# cas.authn.jdbc.query[0].dataSourceName=
# cas.authn.jdbc.query[0].dataSourceProxy=false
# Hibernate-specific properties (i.e. `hibernate.globally_quoted_identifiers`)
# cas.authn.jdbc.query[0].properties.propertyName=propertyValue

 cas.authn.jdbc.query[0].fieldPassword=password
# cas.authn.jdbc.query[0].fieldExpired=
# cas.authn.jdbc.query[0].fieldDisabled=
# cas.authn.jdbc.query[0].principalAttributeList=sn,cn:commonName,givenName

# cas.authn.jdbc.query[0].passwordEncoder.type=NONE|DEFAULT|STANDARD|BCRYPT|SCRYPT|PBKDF2|com.example.CustomPasswordEncoder
# cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=
# cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=
# cas.authn.jdbc.query[0].passwordEncoder.secret=
# cas.authn.jdbc.query[0].passwordEncoder.strength=16

# cas.authn.jdbc.query[0].principalTransformation.pattern=(.+)@example.org
# cas.authn.jdbc.query[0].principalTransformation.groovy.location=file:///etc/cas/config/principal.groovy
# cas.authn.jdbc.query[0].principalTransformation.suffix=
# cas.authn.jdbc.query[0].principalTransformation.caseConversion=NONE|UPPERCASE|LOWERCASE
# cas.authn.jdbc.query[0].principalTransformation.prefix=

maven-install  打包并放入tomca目录中,测试运行 cmd -> startup

 

在这儿之前也想过在 Eclipse 中直接运行但是不知道为什么运行到最后 从浏览器中可以访问到,但是tomcat就是启动不起来一段时间之后就会超时自动关闭。

浏览器测试: https://sso.castest.com:8086/cas

输入 casuser  Mellon :(该用户名和密码是在application.properties 文件中写死的,稍后说绑定数据库)

到此,最基本的 CAS 服务器就算配置成功了。但是在实际项目中登录肯定不仅仅是这么简单,登录的过程肯定还要绑定数据库,数据库还要加密等等。

数据库绑定

以MySQL为例:

数据库:

添加mysql驱动依赖

 

     <dependency>
            <groupId>org.apereo.cas</groupId>
            <artifactId>cas-server-support-jdbc</artifactId>
            <version>5.1.9</version>
        </dependency> 
        <dependency>
           <groupId>org.apereo.cas</groupId>
           <artifactId>cas-server-support-jdbc-drivers</artifactId>
           <version>5.1.9</version>
        </dependency>

 

修改application.properties 文件中的配置:

##
# CAS Server Context Configuration
#
server.context-path=/cas
server.port=8086

cas.serviceRegistry.initFromJson=true

  
server.ssl.key-store=file:/C:/key/caskey.Keystore
server.ssl.key-store-password=changeit
server.ssl.key-password=changeit
# server.ssl.ciphers=
# server.ssl.client-auth=
# server.ssl.enabled=
# server.ssl.key-alias=
# server.ssl.key-store-provider=
# server.ssl.key-store-type=
# server.ssl.protocol=
# server.ssl.trust-store=
# server.ssl.trust-store-password=
# server.ssl.trust-store-provider=
# server.ssl.trust-store-type=

server.compression.enabled=true
server.compression.mime-types=application/javascript,application/json,application/xml,text/html,text/xml,text/plain

server.max-http-header-size=2097152
server.use-forward-headers=true
server.connection-timeout=20000
server.error.include-stacktrace=NEVER

server.tomcat.max-http-post-size=2097152
server.tomcat.basedir=build/tomcat
server.tomcat.accesslog.enabled=true
server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms)
server.tomcat.accesslog.suffix=.log
server.tomcat.max-threads=10
server.tomcat.port-header=X-Forwarded-Port
server.tomcat.protocol-header=X-Forwarded-Proto
server.tomcat.protocol-header-https-value=https
server.tomcat.remote-ip-header=X-FORWARDED-FOR
server.tomcat.uri-encoding=UTF-8
   
spring.http.encoding.charset=UTF-8
spring.http.encoding.enabled=true
spring.http.encoding.force=true

##
# CAS Cloud Bus Configuration
#
spring.cloud.bus.enabled=false
# spring.cloud.bus.refresh.enabled=true
# spring.cloud.bus.env.enabled=true
# spring.cloud.bus.destination=CasCloudBus
# spring.cloud.bus.ack.enabled=true

endpoints.enabled=false
endpoints.sensitive=true

endpoints.restart.enabled=false
endpoints.shutdown.enabled=false

management.security.enabled=true
management.security.roles=ACTUATOR,ADMIN
management.security.sessions=if_required
management.context-path=/status
management.add-application-context-header=false

security.basic.authorize-mode=role
security.basic.enabled=false
security.basic.path=/cas/status/**

##
# CAS Web Application Session Configuration
#
server.session.timeout=300
server.session.cookie.http-only=true
server.session.tracking-modes=COOKIE

##
# CAS Thymeleaf View Configuration
#
spring.thymeleaf.encoding=UTF-8
spring.thymeleaf.cache=true
spring.thymeleaf.mode=HTML
##
# CAS Log4j Configuration
#
# logging.config=file:/etc/cas/log4j2.xml
server.context-parameters.isLog4jAutoInitializationDisabled=true

##
# CAS AspectJ Configuration
#
spring.aop.auto=true
spring.aop.proxy-target-class=true

##
# CAS Authentication Credentials
#
#cas.authn.accept.users=casuser::Mellon

##
# CAS Delegated Authentication
#
#cas.authn.pac4j.bitbucket.clientName=Bitbucket
#cas.authn.pac4j.dropbox.clientName=Dropbox
#cas.authn.pac4j.facebook.clientName=Facebook
#cas.authn.pac4j.foursquare.clientName=Foursquare
#cas.authn.pac4j.github.clientName=Github
#cas.authn.pac4j.google.clientName=Google
#cas.authn.pac4j.linkedIn.clientName=LinkedIn
#cas.authn.pac4j.paypal.clientName=PayPal
#cas.authn.pac4j.twitter.clientName=Twitter
#cas.authn.pac4j.yahoo.clientName=Yahoo
#cas.authn.pac4j.windowsLive.clientName=Windows Live
#cas.authn.pac4j.wordpress.clientName=WordPress

 cas.authn.jdbc.query[0].sql=SELECT * FROM t_user WHERE name=?
# cas.authn.jdbc.query[0].healthQuery=
# cas.authn.jdbc.query[0].isolateInternalQueries=false
 cas.authn.jdbc.query[0].url=jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&useSSL=false&serverTimezone=GMT
# cas.authn.jdbc.query[0].failFastTimeout=1
 cas.authn.jdbc.query[0].isolationLevelName=ISOLATION_READ_COMMITTED
 cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect
 cas.authn.jdbc.query[0].leakThreshold=10
 cas.authn.jdbc.query[0].propagationBehaviorName=PROPAGATION_REQUIRED
# cas.authn.jdbc.query[0].batchSize=1
 cas.authn.jdbc.query[0].user=root
# cas.authn.jdbc.query[0].ddlAuto=create-drop
# cas.authn.jdbc.query[0].maxAgeDays=180
 cas.authn.jdbc.query[0].password=
 cas.authn.jdbc.query[0].autocommit=false
 cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
# cas.authn.jdbc.query[0].idleTimeout=5000
# cas.authn.jdbc.query[0].credentialCriteria=
# cas.authn.jdbc.query[0].name=
# cas.authn.jdbc.query[0].order=0
# cas.authn.jdbc.query[0].dataSourceName=
# cas.authn.jdbc.query[0].dataSourceProxy=false
# Hibernate-specific properties (i.e. `hibernate.globally_quoted_identifiers`)
# cas.authn.jdbc.query[0].properties.propertyName=propertyValue

 cas.authn.jdbc.query[0].fieldPassword=password
# cas.authn.jdbc.query[0].fieldExpired=
# cas.authn.jdbc.query[0].fieldDisabled=
# cas.authn.jdbc.query[0].principalAttributeList=sn,cn:commonName,givenName

# cas.authn.jdbc.query[0].passwordEncoder.type=NONE|DEFAULT|STANDARD|BCRYPT|SCRYPT|PBKDF2|com.example.CustomPasswordEncoder
# cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=
# cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=
# cas.authn.jdbc.query[0].passwordEncoder.secret=
# cas.authn.jdbc.query[0].passwordEncoder.strength=16

# cas.authn.jdbc.query[0].principalTransformation.pattern=(.+)@example.org
# cas.authn.jdbc.query[0].principalTransformation.groovy.location=file:///etc/cas/config/principal.groovy
# cas.authn.jdbc.query[0].principalTransformation.suffix=
# cas.authn.jdbc.query[0].principalTransformation.caseConversion=NONE|UPPERCASE|LOWERCASE
# cas.authn.jdbc.query[0].principalTransformation.prefix=

修改 背景色 着重标记的数据即可,打包运行测试

登录结果:

 

 到此服务端就完成了,客户端添加依赖导入web.xml 就可以了。

客户端:

配置服务端接受客户端服务配置文件:

注意:服务文件的命名必须为  域名/localhost + 序号 .json 的格式,并且要开启服务点的配置:

cas.serviceRegistry.initFromJson=true

 

Localhost-10000003.json:

{
  "@class": "org.apereo.cas.services.RegexRegisteredService",
  "serviceId": "^(http)://localhost.*",
  "name": "本地服务",
  "id": 10000003,
  "description": "这是一个本地允许的服务,通过localhost访问都允许通过",
  "evaluationOrder": 1
}

导入 jar 包

<dependency>
        <groupId>org.jasig.cas.client</groupId>
        <artifactId>cas-client-core</artifactId>
        <version>3.2.1</version>
    </dependency>

    <!-- https://mvnrepository.com/artifact/commons-collections/commons-collections -->
    <dependency>
        <groupId>commons-collections</groupId>
        <artifactId>commons-collections</artifactId>
        <version>3.2.2</version>
    </dependency>
    
    <!-- https://mvnrepository.com/artifact/commons-logging/commons-logging -->
    <dependency>
        <groupId>commons-logging</groupId>
        <artifactId>commons-logging</artifactId>
        <version>1.2</version>
    </dependency>
    
    <!-- https://mvnrepository.com/artifact/javax.servlet/servlet-api -->
    <dependency>
        <groupId>javax.servlet</groupId>
        <artifactId>servlet-api</artifactId>
        <version>2.5</version>
        <scope>provided</scope>
    </dependency>

web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
         xmlns="http://java.sun.com/xml/ns/j2ee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

  <!-- ======================== 单点登录开始 ======================== -->
    <!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置-->
    <listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>

    <!-- 该过滤器用于实现单点登出功能,可选配置。 -->
    <filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <!-- 该过滤器负责用户的认证工作,必须启用它 -->
    <filter>
        <filter-name>CASFilter</filter-name>
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <param-value>https://sso.castest.com:8086/cas/login</param-value>
        </init-param>
        <!--
            指定客户端的域名和端口,是指客户端应用所在机器而不是 CAS Server 所在机器以下配置表示,
            系统部署在域名为shirui-55的机器上,端口为80 
        -->
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://localhost:8111</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>CASFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
    <filter>
        <filter-name>CAS Validation Filter</filter-name>
        <filter-class>
            org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>https://sso.castest.com:8086/cas</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://localhost:8111</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>CAS Validation Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <!--
        该过滤器负责实现HttpServletRequest请求的包裹,
        比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。
    -->
    <filter>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <filter-class>
            org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <!--
        该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
        比如AssertionHolder.getAssertion().getPrincipal().getName()。
    -->
    <filter>
        <filter-name>CAS Assertion Thread Local Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>CAS Assertion Thread Local Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    
        
        <!-- ======================== 单点登录结束 ======================== -->

        <!-- session超时定义,单位为分钟 -->
        <session-config>
                <session-timeout>2</session-timeout>
        </session-config>

</web-app>

亲测有效,时间有限就不写了。。。,

官方配置: https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#jdbc

源码: https://files.cnblogs.com/files/guofz/cas-overlay-template-5.1.rar

参照: https://www.cnblogs.com/advanceBlog/p/8093908.html    

     http://www.cnblogs.com/flying607/p/7598248.html

   https://segmentfault.com/a/1190000013844049

ps : 巨人的肩膀就是好使~

SSO原理:

    https://www.cnblogs.com/ywlaker/p/6113927.html

https://blog.csdn.net/javaloveiphone/article/details/52439613

以上是关于CAS 入门的主要内容,如果未能解决你的问题,请参考以下文章

CAS 入门实战--自定义登录页面

CAS 入门实战--自定义登录页面

CAS单点登录入门

CAS单点登录系列之极速入门于实战教程(4.2.7)

cas sso入门(转)

[多线程进阶]CAS与Synchronized基本原理