转:http://blog.csdn.net/ahpo/article/details/46412859

1    下载

地址http://downloads.jasig.org/

cas-server-4.0.0-release.tar.gz

cas-client-3.3.3-release.tar.gz

2    配置

解压cas-server-4.0.0,将其中module/cas-server-webapp-4.0.0.war复制到Tomcat的webapps目录下,重命名为cas.war,启动Tomcat解开压缩。

2.1 CAS的HTTP模式与HTTPS设置

1)cas\WEB-INF\deployerConfigContext.xml,新增p:requireSecure="false"

<bean id="proxyAuthenticationHandler"          class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"

p:httpClient-ref="httpClient" p:requireSecure="false"/>

2)cas\WEB-INF\spring-configuration

ticketGrantingTicketCookieGenerator.xml设置p:cookieSecure="false"

warnCookieGenerator.xml设置p:cookieSecure="false"

http://localhost:8080/cas,进入登录页面。

默认用户为casuser/Mellon,登录成功即配置完成。

2.2 设置利用数据库来验证用户

需依赖:c3p0-0.9.1.2.jar,mysql-connector-java-5.1.21.jar,cas-server-support-jdbc-4.0.0.jar

cas\WEB-INF\deployerConfigContext.xml

1)更换验证方式

<!--

<bean id="primaryAuthenticationHandler"

class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">

<property name="users">

<map>

<entry key="casuser" value="Mellon"/>

</map>

</property>

</bean>

-->

<!-- Define the DB Connection -->

<bean id="dataSource"

class="com.mchange.v2.c3p0.ComboPooledDataSource"

p:driverClass="com.mysql.jdbc.Driver"

p:jdbcUrl="jdbc:mysql://127.0.0.1:3306/hztraffic?useUnicode=true&amp;characterEncoding=UTF-8&amp;zeroDateTimeBehavior=convertToNull"

p:user="root"

p:password="root" />

<!-- Define the encode method-->

<!--<bean id="passwordEncoder"

class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" autowire="byName">

<constructor-arg value="MD5"/>

</bean> -->

<bean id="passwordEncoder"

class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"

c:encodingAlgorithm="MD5"

p:characterEncoding="UTF-8" />

<bean id="dbAuthHandler"

class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"

p:dataSource-ref="dataSource"

p:sql="select password from hztraffic.user_data where name=? and used=1"

p:passwordEncoder-ref="passwordEncoder"/>

<!-- p:passwordEncoder-ref="passwordEncoder" -->

2)更换验证Handle

<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">

<constructor-arg>

<map>

<!--

| IMPORTANT

| Every handler requires a unique name.

| If more than one instance of the same handler class is configured, you must explicitly

| set its name to something other than its default name (typically the simple class name).

-->

<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />

<entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver" />

<!-- <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" /> -->

</map>

</constructor-arg>

http://localhost:8080/cas,进入登录页面。

默认用户为casuser/Mellon,登录成功即配置完成。

3    编译

3.1 Eclipse导入工程

3.2 License文件设置

Failed goal com.mycila.maven-license-plugin

注意src目录与cas-server-webapp平级,此外,任何关于Sever文件的修改,文件头的License声明需要添加。JSP/JS/CSS,否则编译检测通过不了。

<%--

Licensed to Jasig under one or more contributor license

agreements. See the NOTICE file distributed with this work

for additional information regarding copyright ownership.

Jasig licenses this file to you under the Apache License,

Version 2.0 (the "License"); you may not use this file

except in compliance with the License.  You may obtain a

copy of the License at the following location:

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,

software distributed under the License is distributed on an

"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

KIND, either express or implied.  See the License for the

specific language governing permissions and limitations

under the License.

--%>

4    定制

4.1 登录/登出页面

4.2 允许退出后重定向

5    接入

5.1 WEB接入

5.1.1 非Spring模式

在Client工程WEB-INF/lib下添加cas-client-core-3.2.1.jar包。

修改web.xml如下:

<!-- ======================== 单点登录/登出 ======================== -->

<!-- 该过滤器用于实现单点登出功能,可选配置。 -->

<filter>

<filter-name>CAS Single Sign Out Filter</filter-name>

<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>

</filter>

<!-- 该过滤器负责用户的认证工作,必须启用它 -->

<filter>

<filter-name>CAS Authentication Filter</filter-name>

<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>

<init-param>

<param-name>casServerLoginUrl</param-name>

<param-value>https://localhost:8443/cas/login</param-value>

</init-param>

<init-param>

<param-name>serverName</param-name>

<param-value>http://localhost:8080</param-value>

</init-param>

</filter>

<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->

<filter>

<filter-name>CAS Validation Filter</filter-name>

<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>

<init-param>

<param-name>casServerUrlPrefix</param-name>

<param-value>https://localhost:8443/cas</param-value>

</init-param>

<init-param>

<param-name>serverName</param-name>

<param-value>http://localhost:8080</param-value>

</init-param>

<init-param>

<param-name>redirectAfterValidation</param-name>

<param-value>true</param-value>

</init-param>

</filter>

<!-- 该过滤器负责实现HttpServletRequest请求的包裹,

比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。 -->

<filter>

<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>

<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>

</filter>

<!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。

比如AssertionHolder.getAssertion().getPrincipal().getName()。-->

<filter>

<filter-name>CAS Assertion Thread Local Filter</filter-name>

<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>

</filter>

<filter-mapping>

<filter-name>CAS Single Sign Out Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>CAS Authentication Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>CAS Validation Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>CAS Assertion Thread Local Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<listener>

<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>

</listener>

<!-- ======================== 单点登录/登出结束 ======================== -->

现在运行Client工程,首次访问任一页面就会跳转到https://localhost:8443/cas/login进行认证。同时,把你的退出链接设置为:https://sso.wsria.com/cas/logout 即可实现单点推出。

5.1.2 Spring方式

引用cas-client-core.jar

Web.xml,注意casSingleSignOutFilter必须位于最前面

<listener>        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>

</listener>

<!-- ======================== 单点登录/登出 ======================== -->

<filter>

<filter-name>casSingleSignOutFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>casSingleSignOutFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter>

<filter-name>casAuthenticationFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>casAuthenticationFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter>

<filter-name>casTicketValidationFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>casTicketValidationFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter>

<filter-name>casHttpServletRequestWrapperFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>casHttpServletRequestWrapperFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter>

<filter-name>casAssertionThreadLocalFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>casAssertionThreadLocalFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<!-- ======================== 单点登录/登出结束 ======================== -->

appliationContext.xml

<bean id="casSingleSignOutFilter"

        class="org.jasig.cas.client.session.SingleSignOutFilter" />

<bean name="casAuthenticationFilter"

class="org.jasig.cas.client.authentication.AuthenticationFilter"

p:casServerLoginUrl="http://localhost:9000/uq-w-cas/login"

p:renew="false"

p:gateway="false" p:serverName="http://localhost:8080" />

<bean name="casTicketValidationFilter"

class="org.jasig.cas.client.validation.Cas10TicketValidationFilter"

p:serverName="http://localhost:8080"

p:redirectAfterValidation="true">

<property name="ticketValidator">

<bean class="org.jasig.cas.client.validation.Cas10TicketValidator">

<!-- 对应于casServerUrlPrefix -->

<constructor-arg index="0" value="http://localhost:9000/uq-w-cas" />

</bean>

</property>

</bean>

<bean id="casHttpServletRequestWrapperFilter"

class="org.jasig.cas.client.util.HttpServletRequestWrapperFilter" />

<bean id="casAssertionThreadLocalFilter"

class="org.jasig.cas.client.util.AssertionThreadLocalFilter" />

页面

<%

AttributePrincipal  principal= (AttributePrincipal)request.getUserPrincipal();

String username = "i am username";

if(null!=principal){

username=principal.getName();

%>

<h1>登录成功,这是客户端1啊</h1><br/>

用户名:<%=username %><br/>

<a href="http://localhost:8989/Casclient2/index.jsp">进入客户端2</a><br/>

<a href="http://localhost:9000/uq-w-cas/logout?service=http://localhost:9000/uq-w-cas/">退出</a><br/

<%

}

%>

5.2 客户端

工程依赖如下:

import java.io.BufferedReader;

import java.io.IOException;

import java.io.InputStreamReader;

import java.util.ArrayList;

import java.util.List;

import org.apache.http.HttpEntity;

import org.apache.http.HttpResponse;

import org.apache.http.NameValuePair;

import org.apache.http.client.entity.UrlEncodedFormEntity;

import org.apache.http.client.methods.HttpGet;

import org.apache.http.client.methods.HttpPost;

import org.apache.http.cookie.Cookie;

import org.apache.http.impl.client.DefaultHttpClient;

import org.apache.http.message.BasicNameValuePair;

import org.apache.http.protocol.HTTP;

public class CasUtil {

//Cas server address

static final String server = "http://localhost:9000/cas/login";

public static void main(String[] args) throws IOException {

//Login and get the cookie

Cookie cookie = getTicketGrantingTicket(server, "13082838818",

"13082838818");

if (cookie != null) {

System.out.println(cookie);

}

}

private static Cookie getTicketGrantingTicket(String server,

String username, String password) throws IOException {

DefaultHttpClient client = new DefaultHttpClient();

HttpPost post = new HttpPost(server);

//Login parameters

List<NameValuePair> nvps = new ArrayList<NameValuePair>();

nvps.add(new BasicNameValuePair("username", username));

nvps.add(new BasicNameValuePair("password", password));

String[] dynamicPara = doCasLoginRequest(client, server);

nvps.add(new BasicNameValuePair("lt", dynamicPara[0]));

nvps.add(new BasicNameValuePair("execution", dynamicPara[1]));

nvps.add(new BasicNameValuePair("_eventId", "submit"));

//Font Code

post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));

try {

HttpResponse response = client.execute(post);

HttpEntity entity = response.getEntity();

if (entity != null) {

//CASTGC: the default cookie name

Cookie cookie = getCookieValue(client, "CASTGC");

entity.consumeContent();

return cookie;

}

catch (Exception e) {

e.printStackTrace();

}

return null;

}

private static Cookie getCookieValue(DefaultHttpClient httpclient,

String name) {

List<Cookie> cookies = httpclient.getCookieStore().getCookies();

if (cookies.isEmpty()) {

return null;

else {

for (int i = 0; i < cookies.size(); i++) {

Cookie cookie = cookies.get(i);

if (cookie.getName().equalsIgnoreCase(name)) {

return cookie;

}

}

}

return null;

}

//Simulate the login action and get the dynamic parameters lt and execution

private static String[] doCasLoginRequest(DefaultHttpClient httpclient,

String url) throws IOException {

String[] result = new String[2];

HttpGet httpget = new HttpGet(url);

HttpResponse response = httpclient.execute(httpget);

HttpEntity entity = response.getEntity();

BufferedReader rd = new BufferedReader(new InputStreamReader(

entity.getContent(), "UTF-8"));

String tempLine = rd.readLine();

String sLt = "<input type=\"hidden\" name=\"lt\" value=\"";

String sEx = "<input type=\"hidden\" name=\"execution\" value=\"";

while (tempLine != null) {

int iLt = tempLine.indexOf(sLt);

int iEx = tempLine.indexOf(sEx);

if (iLt != -1) {

String s1 = tempLine.substring(iLt + sLt.length());

int index1 = s1.indexOf("\"");

if (index1 != -1)

result[0] = s1.substring(0, index1);

}

if (iEx != -1) {

String s1 = tempLine.substring(iEx + sEx.length());

int index1 = s1.indexOf("\"");

if (index1 != -1)

result[1] = s1.substring(0, index1);

}

tempLine = rd.readLine();

}

if (entity != null) {

entity.consumeContent();

}

return result;

}

//Cookie convert

private javax.servlet.http.Cookie convertToServletCookie(Cookie cookie) {

javax.servlet.http.Cookie retCookie = new javax.servlet.http.Cookie(

cookie.getName(), cookie.getValue());

retCookie.setComment(cookie.getComment());

retCookie.setDomain(cookie.getDomain());

retCookie.setHttpOnly(false);

retCookie.setSecure(false);

retCookie.setPath(cookie.getPath());

retCookie.setVersion(cookie.getVersion());

retCookie.setMaxAge((int) ((cookie.getExpiryDate().getTime() - System

.currentTimeMillis()) / 1000));

return retCookie;

}

}

CAS 4.0 配置开发手册(转)的更多相关文章

  1. CAS 4.0 配置开发手冊

    1    下载 地址http://downloads.jasig.org/ cas-server-4.0.0-release.tar.gz cas-client-3.3.3-release.tar.g ...

  2. ThinkPHP5.0完全开发手册 --技术文档

    1.ThinkPHP5.0完全开发手册.chm 链接:https://pan.baidu.com/s/1199wK6q6O9IyOf5RU_-Xow 提取码:hnek 2.ThinkPHP5.0完全开 ...

  3. ThinkPHP5.0完全开发手册.【CHM】下载

    ThinkPHP5已经出来很长时间了,官网也没有提供CHM格式的手册下载只有PDF格式的,我根据官网的在线手册制作了一个离线版的ThinkPHP5.0完全开发手册.CHM格式的文档.

  4. ThinkPHP5.0完全开发手册

    http://www.kancloud.cn/manual/thinkphp5/118006 www  WEB部署目录(或者子目录) ├─composer.json         composer定 ...

  5. 配置开发环境&安装sklearn

    我的开发环境是Jupyter lab,所用的库和版本大家参考: Python 3.7.1(你的版本至少要3.4以上) Scikit-learn 0.20.0 (你的版本至少要0.19) Graphvi ...

  6. 304902阿里巴巴Java开发手册1.4.0

    转自官网 前言 <阿里巴巴Java开发手册>是阿里巴巴集团技术团队的集体智慧结晶和经验总结,经历了多次大规模一线实战的检验及不断完善,系统化地整理成册,回馈给广大开发者.现代软件行业的高速 ...

  7. 阿里巴巴 Java 开发手册 1.4.0

    一.编程规约(一) 命名风格1. [强制]代码中的命名均不能以下划线或美元符号开始,也不能以下划线或美元符号结束.反例: _name / __name / $name / name_ / name$ ...

  8. 唯品会Java开发手册》1.0.2版阅读

    <唯品会Java开发手册>1.0.2版阅读 1. 概述 <阿里巴巴Java开发手册>,是首个对外公布的企业级Java开发手册,对整个业界都有重要的意义. 我们结合唯品会的内部经 ...

  9. nginx1.9.4 +php 5.5.29+yii2.0配置手册

    nginx1.9.4 +php 5.5.29+yii2.0配置手册 目录 一.    php5.5.29安装配置    2 二.    nginx1.9.4安装配置    2 三.    yii2.0 ...

随机推荐

  1. MySQL 没有索引 锁全表

    <h3 class="title" style="box-sizing: inherit; margin: 8px 0px 15px; padding: 0px; ...

  2. 构造函数语义学之Copy Constructor构建操作(1)

    一.Copy Constructor的构建操作 就像 default constructor 一样,如果class没有申明一个 copy constructor,就会隐含的声明或隐含的定义一个.生成的 ...

  3. 图论(网络流):SCOI 2007 修车

    同一时刻有N位车主带着他们的爱车来到了汽车维修中心.维修中心共有M位技术人员,不同的技术人员对不同的车进行维修所用的时间是不同的.现在需要安排这M位技术人员所维修的车及顺序,使得顾客平均等待的时间最小 ...

  4. 数据结构(虚树,动态规划):HNOI 2014 世界树

    Hnoi2014 世界树 Description 世界树是一棵无比巨大的树,它伸出的枝干构成了整个世界.在这里,生存着各种各样的种族和生灵,他们共同信奉着绝对公正公平的女神艾莉森,在他们的信条里,公平 ...

  5. 树状数组(二维):COGS 1532 [IOI2001]移动电话

    1532. [IOI2001]移动电话 ★☆   输入文件:mobilephones.in   输出文件:mobilephones.out   简单对比 时间限制:5 s   内存限制:256 MB ...

  6. Sqrt(x)——LeetCode

    Implement int sqrt(int x). Compute and return the square root of x. 题目大意:实现求一个int的根. 解题思路:二分. public ...

  7. cf702B Powers of Two

    B. Powers of Two time limit per test 3 seconds memory limit per test 256 megabytes input standard in ...

  8. [Locked] Read N Characters Given Read4 & Read N Characters Given Read4 II - Call multiple times

    Read N Characters Given Read4 The API: int read4(char *buf) reads 4 characters at a time from a file ...

  9. linux安装vnc

    1. 安装vnc-server yum install vnc-server redhat的iso文件中自带 tigervnc-server 2.设置vnc密码 切换到oracle用户,之后再运行vn ...

  10. C语言判断系统数据大/小端存储方式

    小端存储:数据的低位部分,存储于存储器的低地址空间里. 大端存储:数据的低位部分,存储于存储器的高地址空间里. 首先,一般PC数据存储方式是小端存储. 基本实现思想是:将存储器中所存的数据按字节以地址 ...