CAS单点登录

CAS单点登录

 

准备文件：

cas-server-4.0.0-release.zip

cas-client-3.3.3-release.zip

 

下载地址：

https://www.apereo.org/cas/download

 

客户端下载地址：

http://downloads.jasig.org/cas-clients/

 

配置前准备：

1.配置tomcat https

 

一．调试CAS服务端：

1.配置tomcat https

 

2.到cas-server-4.0.0-release\cas-server-4.0.0\modules目录找到cas-server-webapp-4.0.0.war，解压到tomcat下，随便改个工程名称，如：cas_server。

 

3.启动tomcat，访问https://localhost:8443/cas_server，进入登录页。

 

 

 

4.到cas_server\WEB-INF下找到文件deployerConfigContext.xml,可以看到验证方式为AcceptUsersAuthenticationHandler，使用key和value的值来登录，登录成功即说明你的部署没有问题：

 <bean id="primaryAuthenticationHandler"
          class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
        <property name="users">
            <map>
                <entry key="casuser" value="Mellon"/>
            </map>
        </property>
    </bean>

 

 

 

二．配置CAS服务端：

 

1.创建用户表，两个字段即可，用户名密码：

 

 

2.更改cas验证方式，到cas_server\WEB-INF下找到文件deployerConfigContext.xml：

 

a.将cas的AcceptUsersAuthenticationHandler验证方式块注释

<!--
    <bean id="primaryAuthenticationHandler"
          class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
        <property name="users">
            <map>
                <entry key="casuser" value="Mellon"/>
            </map>
        </property>
    </bean>
-->

 

b.将引用验证方式的管理器PolicyBasedAuthenticationManager中的primaryAuthenticationHandler验证引用注释

<!--<entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />-->

 

c.新增org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler验证，需要导入依赖jar：cas-server-support-jdbc-4.0.0.jar

<bean id="queryDatabaseAuthenticationHandler" class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">  
<property name="dataSource" ref="dataSource" />  
<property name="sql" value="select password from user where username = ?" />
</bean> 

 

d.添加数据库连接信息，添加驱动jar

<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">  
   <property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>  
   <property name="url"><value>jdbc:mysql://localhost:3306/test?useUnicode=true&characterEncoding=utf-8</value></property>  
   <property name="username"><value>root</value></property>  
   <property name="password"><value>root</value></property>  
</bean>

 

e.添加新的验证方式到验证管理器PolicyBasedAuthenticationManager

<entry key-ref="queryDatabaseAuthenticationHandler" value-ref="primaryPrincipalResolver"/>

 

3.启动tomcat再次访问用用户名和密码登录

三．配置CAS客户端：

1.创建客户端程序来调试，Test_CAS_a

2.将cas-client-3.3.3-release.zip里modules下所有的jar拷贝到工程的lib下

3.配置过滤，更改web.xml,参考文章：http://www.middleware.vt.edu/doku.php?id=middleware:cas:client

<!-- ==================== CAS begin ==================== -->
  <!-- 
  		CAS 登陆
  		http://localhost:9080/Test_CAS_a转向到https://localhost:8443/cas_server/login
   -->   
  <filter>  
    <filter-name>CASFilter</filter-name>  
    <filter-class>
    	org.jasig.cas.client.authentication.AuthenticationFilter
    </filter-class>  
    <init-param>  
        <param-name>casServerLoginUrl</param-name>  
        <param-value>https://localhost:8443/cas_server/login</param-value>  
    </init-param>  
    <init-param>  
        <param-name>serverName</param-name>  
        <param-value>http://localhost:9080</param-value>  
    </init-param>  
  </filter>  
  <filter-mapping>  
    <filter-name>CASFilter</filter-name>  
    <url-pattern>/*</url-pattern>  
  </filter-mapping>  
    
  <!-- 过滤验证 -->  
  <filter>  
    <filter-name>CAS Validation Filter</filter-name>  
    <filter-class>
   	 org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
    </filter-class>  
    <init-param>  
        <param-name>casServerUrlPrefix</param-name>  
        <param-value>https://localhost:8443/cas_server</param-value>  
    </init-param>  
    <init-param>  
        <param-name>serverName</param-name>  
        <param-value>http://localhost:9080</param-value>  
    </init-param>  
  </filter>  
  <filter-mapping>  
    <filter-name>CAS Validation Filter</filter-name>  
    <url-pattern>/*</url-pattern>  
  </filter-mapping>  
  
  <!-- 过滤请求信息 -->  
  <filter>  
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>  
    <filter-class>
   	 org.jasig.cas.client.util.HttpServletRequestWrapperFilter
    </filter-class>  
  </filter>  
  <filter-mapping>  
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>  
    <url-pattern>/*</url-pattern>  
  </filter-mapping>  
    
  <filter>  
    <filter-name>CAS Assertion Thread Local Filter</filter-name>  
    <filter-class>
    	org.jasig.cas.client.util.AssertionThreadLocalFilter
    </filter-class>  
  </filter>  
  <filter-mapping>  
    <filter-name>CAS Assertion Thread Local Filter</filter-name>  
    <url-pattern>/*</url-pattern>  
  </filter-mapping> 
  
   <!-- 
   		CAS 退出     
    	访问：https://localhost:8443/cas_server/logout
    --> 
	<listener>
	  <listener-class>
	    org.jasig.cas.client.session.SingleSignOutHttpSessionListener
	  </listener-class>
	</listener>
    
	<filter>
	  <filter-name>CAS Single Sign Out Filter</filter-name>
	  <filter-class>
	    org.jasig.cas.client.session.SingleSignOutFilter
	  </filter-class>
	</filter>
  <filter-mapping>  
    <filter-name>CAS Single Sign Out Filter</filter-name>  
    <url-pattern>/*</url-pattern>  
  </filter-mapping> 
 <!-- ==================== CAS end ==================== --> 

4.启动项目此时会过滤请求，将请求转向到CAS的登陆页面，登陆成功后返回Test_CAS_a。

5.获取登陆用户名，在jsp页面中导入类AttributePrincipal，参考文章：http://www.shangxueba.com/jingyan/1842962.html

 

<%@ page import="org.jasig.cas.client.authentication.AttributePrincipal" %> 
  <%   
      AttributePrincipal principal = (AttributePrincipal)request.getUserPrincipal();  
      String userName = principal.getName();  
  %>   
 用户：<%= userName %>

 

 

 

6.调试成功后可以再新建一个工程Test_CAS_b以同样的方式配置，两个工程一个登陆之后在访问另一个就可以直接操作了，退出访问https://localhost:8443/cas_server/logout即可。