CAS (2) —— Mac下配置CAS到Tomcat(客户端)

tomcat版本: tomcat-8.0.29

jdk版本: jdk1.8.0_65

cas版本: cas4.1.2

cas-client-3.4.1

参考来源:

CAS实现单点登录(SSO)经典完整教程

CAS 4.0 配置开发手册

cas客户端应用实现

使用 CAS 在 Tomcat 中实现单点登录

Tomcat (1) —— Mac下配置Tomcat Https/SSL

【高可用HA】Apache (2) —— Mac下安装多个Apache Tomcat实例

目标架构

下载

首先登陆jasig网站http://downloads.jasig.org/,下载相应的cas版本。

由于网站只提供源码包而不提供发布包,所以需要自己下载来编译。

cas会为不同的客户端消费者提供client包,这里我们选择java-client作为演示。

编译客户端所需要的jar

java-cas-client-cas-client-3.4.1 Richard$ mvn clean install -Dmaven.test.skip

然后下载供测试的客户端示例代码(jasig在github上为我们提供了一个简易的客户端demo)

$ git clone https://github.com/UniconLabs/cas-sample-java-webapp.git

配置

客户端

  • 设置

参照以下文章为Tomcat配置好Https

Tomcat (1) —— Mac下配置Tomcat Https/SSL

【高可用HA】Apache (2) —— Mac下安装多个Apache Tomcat实例

  • 编译部署

然后编译我们的示例项目

:cas-sample-java-webapp Richard$ mvn clean install -Dmaven.test.skip

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

<modelVersion>4.0.0</modelVersion>

<groupId>iamlabs.unicon.net</groupId>

<artifactId>cas-sample-java-webapp</artifactId>

<version>0.0.1-SNAPSHOT</version>

<packaging>war</packaging>

<name>CAS Example Java Web App</name>

<description>A sample web application that exercises the CAS protocol features via the Java CAS Client.</description>

<build>

	<finalName>cas-sample-java-webapp</finalName>

	<plugins>

		<plugin>

			<groupId>org.apache.maven.plugins</groupId>

			<artifactId>maven-compiler-plugin</artifactId>

			<version>2.5.1</version>

			<configuration>

				<source>1.6</source>

				<target>1.6</target>

			</configuration>

		</plugin>

	</plugins>

</build>

<dependencies>

	<dependency>

		<groupId>commons-logging</groupId>

		<artifactId>commons-logging</artifactId>

		<version>1.1.1</version>

	</dependency>

	<dependency>

		<groupId>log4j</groupId>

		<artifactId>log4j</artifactId>

		<version>1.2.16</version>

	</dependency>

	<dependency>

		<groupId>org.opensaml</groupId>

		<artifactId>opensaml1</artifactId>

		<version>1.1</version>

	</dependency>

	<dependency>

		<groupId>javax.servlet</groupId>

		<artifactId>javax.servlet-api</artifactId>

		<version>3.1.0</version>

		<scope>provided</scope>

	</dependency>

	<dependency>

		<groupId>org.jasig.cas.client</groupId>

		<artifactId>cas-client-core</artifactId>

  		<version>3.2.1</version>

		<exclusions>

			<exclusion>

				<groupId>javax.servlet</groupId>

				<artifactId>servlet-api</artifactId>

			</exclusion>

		</exclusions>

	</dependency>

	<dependency>

		<groupId>commons-codec</groupId>

		<artifactId>commons-codec</artifactId>

		<version>1.6</version>

	</dependency>

	<dependency>

		<groupId>org.apache.santuario</groupId>

		<artifactId>xmlsec</artifactId>

		<version>1.4.3</version>

	</dependency>

</dependencies>

将编译生成的war包部署到我们的Tomcat容器中:

项目主要包括两个页面

index.jsp(供登陆)

<%@page contentType="text/html"%>

<%@page pageEncoding="UTF-8"%>

<%@ page import="java.util.Map" %>

<%@ page import="java.util.Iterator" %>

<%@ page import="java.util.List" %>

<%@ page import="org.jasig.cas.client.authentication.AttributePrincipal" %>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

	"http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <title>CAS Example Java Web App</title>

</head>

<body>

<h1>CAS Example Java Web App</h1>

<p>A sample web application that exercises the CAS protocol features via the Java CAS Client.</p>

<hr>

<p><b>Authenticated User Id:</b> <a href="../cas1/logout.jsp" title="Click here to log out"><%= request.getRemoteUser() %></a></p>

<%

if (request.getUserPrincipal() != null) {

  AttributePrincipal principal = (AttributePrincipal) request.getUserPrincipal();

  /*

  final String password = principal.getPassword();

  if (password != null) {

    out.println("<p><b>User Credentials:</b> " + password + "</p>");

  }

  */

  final Map attributes = principal.getAttributes();

  if (attributes != null) {

    Iterator attributeNames = attributes.keySet().iterator();

    out.println("<b>Attributes:</b>");

    if (attributeNames.hasNext()) {

      out.println("<hr><table border='3pt' width='100%'>");

      out.println("<th colspan='2'>Attributes</th>");

      out.println("<tr><td><b>Key</b></td><td><b>Value</b></td></tr>");

      for (; attributeNames.hasNext();) {

        out.println("<tr><td>");

        String attributeName = (String) attributeNames.next();

        out.println(attributeName);

        out.println("</td><td>");

        final Object attributeValue = attributes.get(attributeName);

        if (attributeValue instanceof List) {

          final List values = (List) attributeValue;

          out.println("<strong>Multi-valued attribute: " + values.size() + "</strong>");

          out.println("<ul>");

          for (Object value: values) {

            out.println("<li>" + value + "</li>");

          }

          out.println("</ul>");

        } else {

          out.println(attributeValue);

        }

        out.println("</td></tr>");

      }

      out.println("</table>");

    } else {

      out.print("No attributes are supplied by the CAS server.</p>");

    }

  } else {

    out.println("<pre>The attribute map is empty. Review your CAS filter configurations.</pre>");

  }

} else {

    out.println("<pre>The user principal is empty from the request object. Review the wrapper filter configuration.</pre>");

}

%>

</body>

</html>

logout.jsp(注销)

<%@page contentType="text/html"%>

<%@page pageEncoding="UTF-8"%>

<%@ page import="java.util.Map" %>

<%@ page import="java.util.Iterator" %>

<%@ page import="org.jasig.cas.client.authentication.AttributePrincipal" %>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

	"http://www.w3.org/TR/html4/loose.dtd">

<%

	session.invalidate();

%>

<html>

<head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <title>CAS Example Java Web App</title>

</head>

<body>

	<h1>CAS Example Java Web App</h1>

    <p>Application session is now invalidated. You may also issue a request to "/cas/logout" to destroy the CAS SSO Session as well.</p>

    <hr>

	<a href="../cas1/index.jsp">Back to Home</a>

</body>

</html>

  • 配置CAS Authentication Filter

web.xml

<?xml version="1.0" encoding="UTF-8"?>

<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

<filter>

	<filter-name>CAS Authentication Filter</filter-name>

	<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>

	<!-- <filter-class>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class> -->

	<!-- <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> -->

	<init-param>

		<param-name>casServerLoginUrl</param-name>

		<param-value>https://sso.hoau.com:8433/cas/login</param-value>

	</init-param>

	<init-param>

		<param-name>serverName</param-name>

		<param-value>https://app1.hoau.com:8413</param-value>

	</init-param>

</filter>

<filter>

	<filter-name>CAS Validation Filter</filter-name>

	<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>

	<!-- <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class> -->

	<!-- <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>	-->

	<init-param>

		<param-name>casServerUrlPrefix</param-name>

		<param-value>https://sso.hoau.com:8433/cas</param-value>

	</init-param>

	<init-param>

		<param-name>serverName</param-name>

		<param-value>https://app1.hoau.com:8413</param-value>

	</init-param>

	<init-param>

		<param-name>redirectAfterValidation</param-name>

		<param-value>true</param-value>

	</init-param>

	<init-param>

		<param-name>useSession</param-name>

		<param-value>true</param-value>

	</init-param>

	<init-param>

		<param-name>acceptAnyProxy</param-name>

		<param-value>true</param-value>

	</init-param>

	<!--

	<init-param>

		<param-name>proxyReceptorUrl</param-name>

		<param-value>/cas1/proxyUrl</param-value>

	</init-param>

	<init-param>

		<param-name>proxyCallbackUrl</param-name>

		<param-value>https://app1.hoau.com:8413/cas1/index.jsp</param-value>

	</init-param>

	-->

</filter>

<filter>

	<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>

	<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>

</filter>

<filter-mapping>

	<filter-name>CAS Validation Filter</filter-name>

	<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

	<filter-name>CAS Authentication Filter</filter-name>

	<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

	<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>

	<url-pattern>/*</url-pattern>

</filter-mapping>

<welcome-file-list>

	<welcome-file>

        index.jsp

</welcome-file>

</welcome-file-list>

</web-app>
* 以上web.xml配置中有四处需要注意的地方

  1. cas目标服务器登陆页面的配置

     <init-param>
    
 	<param-name>casServerLoginUrl</param-name>
    
 	<param-value>https://sso.hoau.com:8433/cas/login</param-value>
    
 </init-param>

  2. 本机服务器的地址(即当前node-a)

     <init-param>
    
 	<param-name>serverName</param-name>
    
 	<param-value>https://app1.hoau.com:8413</param-value>
    
 </init-param>

  3. "Cas20ProxyReceivingTicketValidationFilter"

    2.x和3.x以前也有其他的Ticket校验方式,这里官方推荐用Cas20Proxy

     <filter>
    
 <filter-name>CAS Validation Filter</filter-name>
    
 <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
    
 <init-param>
    
 	<param-name>casServerUrlPrefix</param-name>
    
 	<param-value>https://sso.hoau.com:8433/cas</param-value>
    
 </init-param>
    
 <init-param>
    
 	<param-name>serverName</param-name>
    
 	<param-value>https://app1.hoau.com:8413</param-value>
    
 </init-param>

  4. 暂时将proxyReceptorUrl和proxyCallbackUrl注释掉,因为这里没有使用代理

     <!--
    
 <init-param>
    
 	<param-name>proxyReceptorUrl</param-name>
    
 	<param-value>/cas1/proxyUrl</param-value>
    
 </init-param>
    
 <init-param>
    
 	<param-name>proxyCallbackUrl</param-name>
    
 	<param-value>https://app1.hoau.com:8413/cas1/index.jsp</param-value>
    
 </init-param>
    
 -->

测试

尝试访问

https://app1.hoau.com:8413/cas1

* 抱歉此处配图为node-b的

并使用我们在数据库里面预埋的数据"test01/psw01"登陆

使用相同方式将cas2部署到node-b节点,并指向cas的SSO服务器

*扩展

我们清空浏览器的cache和cookie,按照下列步骤操作

  1. 访问"https://app1.hoau.com:8413/cas1"

    系统会将我们重定向到"https://sso.hoau.com:8433/cas/login"。

  2. 输入用户名密码"test01/psw01"

    登陆成功

  3. 访问"https://app2.hoau.com:8423/cas2"

    系统会自动登陆使用用户名密码"test01/psw01"。

问题来了

这就是达到了SSO的效果,但是为什么是这样,原理是什么

结束

CAS (2) —— Mac下配置CAS到Tomcat(客户端)的更多相关文章

  1. CAS (1) —— Mac下配置CAS到Tomcat(服务端)

    CAS (1) -- Mac下配置CAS到Tomcat(服务端) tomcat版本: tomcat-8.0.29 jdk版本: jdk1.8.0_65 cas版本: cas4.1.2 cas-clie ...

  2. CAS (3) —— Mac下配置CAS客户端经代理访问Tomcat CAS

    CAS (3) -- Mac下配置CAS客户端经代理访问Tomcat CAS tomcat版本: tomcat-8.0.29 jdk版本: jdk1.8.0_65 nginx版本: nginx-1.9 ...

  3. CAS (8) —— Mac下配置CAS到JBoss EAP 6.4(6.x)的Standalone模式(服务端)

    CAS (8) -- Mac下配置CAS到JBoss EAP 6.4(6.x)的Standalone模式(服务端) jboss版本: jboss-eap-6.4-CVE-2015-7501 jdk版本 ...

  4. CAS (7) —— Mac下配置CAS 4.x的JPATicketRegistry(服务端)

    CAS (7) -- Mac下配置CAS 4.x集群及JPATicketRegistry(服务端) tomcat版本: tomcat-8.0.29 jdk版本: jdk1.8.0_65 cas版本: ...

  5. CAS (1) —— Mac下配置CAS到Tomcat(服务端)(转)

    tomcat版本: tomcat-8.0.29 jdk版本: jdk1.8.0_65 cas版本: cas4.1.2cas-client-3.4.1 参考来源: CAS实现单点登录(SSO)经典完整教 ...

  6. Mac下配置git环境和客户端SourceTree+Git常用命令大全(Mac 10.12)

    前言: 如果不想折腾,直接下载GitHub桌面端,高度集成git,不需要学习git的任何命令. https://desktop.github.com/ 一.配置git环境 1.上官网https://g ...

  7. Tomcat (1) —— Mac下配置Tomcat Https/SSL

    Tomcat (1) -- Mac下配置Tomcat Https/SSL tomcat版本: tomcat-8.0.29 jdk版本: jdk1.8.0_65 参考来源: SSL/TLS Config ...

  8. 【高可用HA】Nginx (1) —— Mac下配置Nginx Http负载均衡(Load Balancer)之101实例

    [高可用HA]Nginx (1) -- Mac下配置Nginx Http负载均衡(Load Balancer)之101实例 nginx版本: nginx-1.9.8 参考来源: nginx.org [ ...

  9. 【高可用HA】Apache (4) —— Mac下配置Apache Httpd负载均衡(Load Balancer)之mod_jk

    Mac下配置Apache Httpd负载均衡(Load Balancer)之mod_jk httpd版本: httpd-2.4.17 jk版本: tomcat-connectors-1.2.41 参考 ...

随机推荐

  1. HDUOJ---1712 ACboy needs your help

    ACboy needs your help Time Limit: 1000/1000 MS (Java/Others)    Memory Limit: 32768/32768 K (Java/Ot ...

  2. 基于node.js的web框架express

    1.安装node.js方法: window :https://nodejs.org/en/ linux:http://www.runoob.com/nodejs/nodejs-install-setu ...

  3. PowerDesigner 12小技巧-pd小技巧-pd工具栏不见了-pd修改外键命名规则-pd添加外键

    PowerDesigner 12小技巧-pd小技巧-pd工具栏不见了-pd修改外键命名规则-pd添加外键 1. 附加:工具栏不见了 调色板(Palette)快捷工具栏不见了PowerDesigner ...

  4. Hadoop分布式文件系统:架构和设计

    原文地址:http://hadoop.apache.org/docs/r1.0.4/cn/hdfs_design.html 引言 前提和设计目标 硬件错误 流式数据访问 大规模数据集 简单的一致性模型 ...

  5. python学习笔记011——内置函数__sizeof__()

    1 描述 __sizeof__() : 打印系统分配空间的大小 2 示例 def fun(): pass print(fun.__sizeof__()) 运行 112

  6. 用HTTP协议传输媒体文件 学习

    用HTTP协议传输媒体文件可以分两个阶段,第一个阶段是Progressive Download(渐进式下载方式)阶段,第二个阶段是HTTP streaming(HTTP流化)阶段.其中,第一个阶段可以 ...

  7. RHEL7 -- 识别文件系统和设备

    逻辑卷依赖于设备映射程序(DM)内核驱动程序. 比如有个逻辑卷组rhel中有一个逻辑卷root,对应的设备为/dev/rhel/root.符号链接/dev/rhel/root指向/dev/dm-< ...

  8. yield与send实现协程操作

    yield与send实现协程操作 之前我们说过,在函数内部含有yield语句即称为生成器. 下面,我们来看看在函数内部含有yield语句达到的效果.首先,我们来看看以下代码: def foo(): w ...

  9. STM32 usb_mem.c和usb_sil.c文件的分析

    转:http://blog.csdn.net/u011318735/article/details/17424515 这两个c文件都还算是很简单的,先讲讲usb_mem.c这个文件.从文件名就能知道跟 ...

  10. 在python3.x下使用如下代码: import cPickle as pk 报错

    在python3.x下使用如下代码: import cPickle as pk会报如下错误:ImportError: No module named 'cPickle' 原因:python2有cPic ...