From:
http://wangyaodi.javaeye.com/blog/294172
实验目的:
A. 验证cas 和 php应用客户端的连接性
B. 验证cas 和java应用客户端的连接性
C. 验证从java客户端连接到php客户端,session的连续性
1. 下载必要的软件:
Tomcat:apache-tomcat-5.5.27 windows安装包。Tomcat可以去apache 网站上去下载。
以下CAS有关软件可以去 http://www.ja-sig.org/products/cas/downloads/index.html 下载。
CAS server端: cas-server-3.3-release.zip
CAS php客户端:CAS-1.0.1.tgz
CAS java客户端:cas-client-2.0.11.zip
2. 搭建php和tomcat 运行环境。
我是使用AppServ V.2.5.10 来安装的PHP运行环境,这个集成环境包安装非常方便,很容易就上手。
Tomcat 的安装就更简单,使用直接解压版(不用安装成windows的服务), jdk的安装当然是必备的,这里就不累述了。
这里假定读者可以正常的安装好php 和 tomcat 的运行环境。
3. 配置CAS 服务器。
a. 为CAS服务器端生成HTTPS证书并注册
运行如下脚本:
keytool -delete -alias tomcatsso -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit
keytool -delete -alias tomcatsso -storepass changeit
rem keytool -list -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit
keytool -genkey -keyalg RSA -alias tomcatsso -dname "CN=localhost" -storepass changeit
keytool -export -alias tomcatsso -file "%JAVA_HOME%/jre/lib/security/tomcatsso.crt" -storepass changeit
keytool -import -alias tomcatsso -file "%JAVA_HOME%/jre/lib/security/tomcatsso.crt" -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit
说明:在生成key的过程," CN=localhost" 中的localhost为Server端的域名。当然你可以改成别的,取决于你的应用。
b. 配置Tomcat的HTTPS服务
拷贝C:\Documents and Settings\Administrator\.keystore到 tomcat的 conf 目录下。
修改server.xml,去掉ssl的注释,并更改为如下配置
<Connector port="8443" maxHttpHeaderSize="8192" keystorePass="changeit" keystoreFile="conf/.keystore"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
注意:
请保持C:\Documents and Settings\Administrator\.keystore与%tomcat_home%\conf\.keystore一致
将cas.war 拷入 webapp 目录中,然后启动tomcat, 保证 http://localhost:8080/cas 可以访问。
用admin/admin 登录示例程序,显示登录成功则表明cas 服务器配置成功。
4. 配置PHP cas 客户端测试程序。
解压CAS-1.0.1.tgz,将CAS 目录和CAS.php 拷入 C:\AppServ\www (AppServ默认安装目录中的www目录)中。
这样, cas 的php 客户端就配置好了。
我们来测试一下这个php的cas 客户端是否起作用。
修改php客户端自带的一个示例:example_simple.php,并拷贝到www目录中。
代码修改如下:
<?php
//
// phpCAS simple client
//
// import phpCAS lib
include_once('CAS.php');
phpCAS::setDebug();
// initialize phpCAS
phpCAS::client(CAS_VERSION_2_0,'localhost',8443,'cas');
// no SSL validation for the CAS server
phpCAS::setNoCasServerValidation();
// force CAS authentication
phpCAS::forceAuthentication();
// at this step, the user has been authenticated by the CAS server
// and the user's login name can be read with phpCAS::getUser().
// logout if desired
if (isset($_REQUEST['logout'])) {
phpCAS::logout();
}
// for this test, simply print that the authentication was successfull
?>
<html>
<head>
<title>phpCAS simple client</title>
</head>
<body>
<h1>Successfull Authentication!</h1>
<p>the user's login is <b><?php echo phpCAS::getUser(); ?></b>.</p>
<p>phpCAS version is <b><?php echo phpCAS::getVersion(); ?></b>.</p>
<p><a href="http://localhost:8080/ssodemo/ssojavaclient.jsp">去java客户端测试</a></p>
<p><a href="?logout=">Logout</a></p>
</body>
</html>
红色为修改添加部分。
测试:
1) 访问http://localhost/ example_simple.php
2) Cas检测到用户没有登录,转向:
https://localhost:8443/cas/login?service=http%3A%2F%2Flocalhost%2Fexample_simple.php 登录界面。
3) 在登录界面输入admin/admin 用户名和密码。
4) 登录成功,转回http://localhost/ example_simple.php,并显示有关信息。
5. 配置cas 的 java 客户端
编写一个ssodemo的webapp 应用程序。
配置其web.xml:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<description>
JSP 2.0 Examples.
</description>
<display-name>JSP 2.0 Examples</display-name>
<filter> <filter-name>CAS Filter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<param-value>https://localhost:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<param-value>https://localhost:8443/cas/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value>localhost:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>