jasig CAS客户端配置

一点感悟:由于项目需要用到了CAS单点登录技术,前段时间对CAS单点登录进行了服务器端配置,比较顺利,难就难做在CAS客户端配置,花了不少时间,希望借此一点经验与大家分析,让学习的人少走弯路。

一、环境准备

  1. jdk1.7
  2. tomact7
  3. cas-server-3.4.6-release
  4. cas-client-3.2.1
二、配置cas-server-3.4.6数据源
1、修改在tomact/webapps/cas-server-webapp-3.4.6/WEB-INF中的deployerConfigContext.xml文件中的认证方式及添加mysql数据源,如下:
修改数据库认证方式
<property name="authenticationHandlers">
    <list>
	<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
					p:httpClient-ref="httpClient" />
	<!--
	注释原有的数据库认证方式
	<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
	-->
	<!-- 创建数据库认证方式 -->
	<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">  
              <property name="dataSource" ref="casDataSource" />  
              <property name="sql" value="select t_password from app_user where t_username=?" /> 
        </bean> 
    </list>
</property>

添加配置mysql数据源

<span style="font-family:SimSun;font-size:14px;"><bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
<!-- 配置mysql数据源 -->
<bean id="casDataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <property name="driverClassName" value="com.mysql.jdbc.Driver"></property>
    <property name="url" value="jdbc:mysql://172.22.6.9:3306/casuserdatabase"/>
    <property name="username" value="root"/>
    <property name="password" value="123456"/>
</bean><span style="color:#ff0000;">	</span></span>
2、创建casuserdatabase数据库,新建app_user数据表,如下:

CREATE TABLE `app_user` (
  `t_id` int(11) PRIMARY KEY AUTO_INCREMENT NOT NULL<span style="font-family: SimSun;">,</span>
  `t_username` varchar(30) NOT NULL,
  `t_password` varchar(30) NOT NULL,
);

三、配置cas-client-3.2.1客户端

1、下载cas-client-3.2.1客户端,下载地址:https://www.apereo.org/projects/cas/download-cas,

jasig CAS客户端配置_第1张图片

2、将cas-client-3.2.1进行解压,然后在modules文件夹中将cas-client-core-3.2.1.jar,cas-client-integration-tomcat-v7-3.2.1.jar、commons-logging-1.1.jar、commons-codec-1.4.jar四个jar包拷贝到web项目工程WEB-INF/lib下,如图:

jasig CAS客户端配置_第2张图片

3、配置web项目中的web.xml,如下:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
	http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
	
	<welcome-file-list>
		<welcome-file>login.jsp</welcome-file>
	</welcome-file-list>
	<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置 -->
	<listener>
		<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
	</listener>
	<!-- 该过滤器用于实现单点功能,可选配置 -->
	<filter>
		<filter-name>CasSingleSignOutFilter</filter-name>
		<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>CasSingleSignOutFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<!-- 该过滤器负责用户的认证工作,必须启用它 -->
	<filter>
		<filter-name>CASFilter</filter-name>
		<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
		<!-- cas服务器登录地址 -->
		<init-param>
			<param-name>casServerLoginUrl</param-name>
			<param-value>http://172.22.6.9:8888/cas/login</param-value>
		</init-param>
		<!-- 连接服务器登录ip -->
		<init-param>
			<param-name>serverName</param-name>
			<param-value>http://172.22.6.9:8888</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>CASFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
	<filter>
		<filter-name>CASTicketValidator</filter-name>
		<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
		<!-- 配置当前web应用所在的的web服务器域名URL -->
		<init-param>
			<param-name>casServerUrlPrefix</param-name>
			<param-value>http://172.22.6.9:8888/cas</param-value>
		</init-param>
		<init-param>
			<param-name>serverName</param-name>
			<param-value>http://172.22.6.9:8888</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>CASTicketValidator</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<!-- 该过滤器负责实现HttpServletRequest请求的包裹, 比如允许开发者通过HttpServletRequest的getRemoteUser() 
		方法获得SSO登录用户的登录名,可选配置。 -->
	<filter>
		<filter-name>CASRequestWrapperFilter</filter-name>
		<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>CASRequestWrapperFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 比如 
		AssertionHolder.getAssertion().getPrincipal().getName()。 -->
	<filter>
		<filter-name>CASAssertionThreadLocalFilter</filter-name>
		<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>CASAssertionThreadLocalFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	
	<filter>
	   <filter-name>AutoSetUserAdapterFilter</filter-name>
	   <filter-class>com.demo.servlet.AutoSetUserAdapterFilter</filter-class>
	</filter>
	<filter-mapping>
	   <filter-name>AutoSetUserAdapterFilter</filter-name>
	   <url-pattern>/*</url-pattern>
	</filter-mapping>
</web-app>

配置web.xml有两点需要注意:

1、CASFilter中的cas服务器地址要配置http://localhost:8888/cas/login;

<filter>
   <filter-name>CASFilter</filter-name>
   <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
   <!-- cas服务器登录地址 -->
   <init-param>
      <param-name>casServerLoginUrl</param-name>
      <span style="color:#ff0000;"><param-value>http://172.22.6.9:8888/cas/login</param-value>//注意URL</span>
   </init-param>
   <!-- 连接服务器登录ip -->
   <init-param>
      <param-name>serverName</param-name>
      <param-value>http://172.22.6.9:8888</param-value>
  </init-param>
</filter>

2、CASTicketValidator中的cas服务器地址要配置http://172.22.6.9:8888/cas

<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
   <filter-name>CASTicketValidator</filter-name>
   <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
   <!-- cas服务器登录地址 -->
   <init-param>
      <param-name>casServerUrlPrefix</param-name>
     <span style="color:#ff0000;"> <param-value>http://172.22.6.9:8888/cas</param-value>//注意URL</span>
   </init-param>
   <init-param>
      <param-name>serverName</param-name>
      <param-value>http://172.22.6.9:8888</param-value>
   </init-param>
</filter>
如果URL地址一致,会出现错误:

org.xml.sax.SAXParseException; lineNumber: 64; columnNumber: 23; 元素类型 "label" 必须由匹配的结束标记 "</label>" 终止。
org.xml.sax.SAXParseException; lineNumber: 64; columnNumber: 23; 元素类型 "label" 必须由匹配的结束标记 "</label>" 终止。
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:198)
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:177)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:441)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:368)
at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1436)
效果:

在浏览器中输入web项目地址:172.22.6.9:8888/demo,会跳转到http://172.22.6.9:8888/cas/login?service=http%3A%2F%2F172.22.6.9%3A8888%2Fdemo%2F单点登录界面,然后输入帐号与密码,ok!

jasig CAS客户端配置_第3张图片



 

你可能感兴趣的:(jasig CAS客户端配置)