使用CAS部署SSO服务的简单实现
2014-02-12 14:51
309 查看
系统: | CentOS release 6.4 |
JDK: | 1.6.0_21-b06 |
Tomcat: | 6.0.0.29 |
cas-server: | 3.5.2 |
cas-client: | 3.2.1 |
1、在 $TOMCAT_HOME 下创建keystore目录;
2、用JDK自带的keytool工具生成证书:
# keytool -genkey -alias test -keyalg RSA -keystore /usr/local/tomcat/keystore/test.keystore
Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: sso.test.com(单点登录的服务器域名) What is the name of your organizational unit? [Unknown]: test.com What is the name of your organization? [Unknown]: test.com What is the name of your City or Locality? [Unknown]: Beijing What is the name of your State or Province? [Unknown]: Beijing What is the two-letter country code for this unit? [Unknown]: ZH Is CN=sso.test.com, OU=test.com, O=test.com, L=Beijing, ST=Beijing, C=ZH correct? [no]: yes Enter key password for <tootoo> (RETURN if same as keystore password): Re-enter new password:
3、导出证书:
# keytool -export -file /usr/local/tomcat/keystore/test.keystore.crt -alias test -keystore /usr/local/tomcat/keystore/test.keystore
4、为客户端的JVM导入证书:
# keytool -import -keystore /usr/java/jdk1.6.0_21/jre/lib/security/cacerts -file /usr/local/tomcat/keystore/test.crt -alias test
Enter keystore password:(输入changeit)
Owner: CN=sso.tootoo.cn, OU=ninetowns.com, O=tootoo.cn, L=Beijing, ST=Beijing, C=ZH Issuer: CN=sso.tootoo.cn, OU=ninetowns.com, O=tootoo.cn, L=Beijing, ST=Beijing, C=ZH Serial number: 52fad92a Valid from: Wed Feb 12 10:15:06 CST 2014 until: Tue May 13 10:15:06 CST 2014 Certificate fingerprints: MD5: 44:C5:A5:76:26:5A:69:C0:0A:7D:9E:9A:D5:C1:86:C1 SHA1: FB:21:EB:E7:9D:2C:5D:1C:6E:58:2F:22:D3:4F:95:70:DF:C3:CA:79 Signature algorithm name: SHA1withRSA Version: 3 Trust this certificate? [no]:yes
(删除证书)
# keytool -delete -alias test -keystore /usr/java/jdk1.6.0_21/jre/lib/security/cacerts -storepass changeit
二、将应用证书配置到Server端的Tomcat中
1、编辑Tomcat的server.xml文件:
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/usr/local/tomcat/keystore/test.keystore" keystorePass="111111"
clientAuth="false" sslProtocol="TLS"/>
2、启动Tomcat,访问 https://sso.test.com:8443/,出现如下页面:
添加例外后,进入Tomcat主页。
三、部署CAS Server端服务
1、下载 CAS,http://www.jasig.org/cas/download,Maven构建后,打包cas-server-webapp;
2、将car.war包放到Tomcat的webapps目录中,重启Tomcat;
3、启动Tomcat,访问 https://sso.test.com:8443/cas/,出现如下页面:
4、输入任意用户名,密码保证与用户名相同即可登录成功,出现如下页面:
四、部署客户端
1、编辑客户端web.xml文件,增加如下内容:
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://sso.test.com:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:18080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://sso.test.com:8443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:18080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
2、创建index.jsp文件,内容如下:
<%@ page import="org.jasig.cas.client.validation.Assertion,org.jasig.cas.client.util.AbstractCasFilter,org.jasig.cas.client.authentication.AttributePrincipal"%>
<%
Assertion assertion = (Assertion) request.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
AttributePrincipal principal = assertion.getPrincipal();
String username = null;
out.print("UserName:");
if (null != principal) {
username = principal.getName();
out.println("<span style='color:red;'>" + username + "</span><br>");
}
%>
3、启动客户端,访问http://localhost:18080/,跳转到CAS登录页,登录成功后返回index.jsp
相关文章推荐
- 细说Form表单
- 程序员究竟该如何提高效率
- Qt: 中文-常量中有换行符
- 【林】Ubuntu防火墙ufw简单设置
- Internet Explorer已停止工作的解决方法
- iOS AvPlayer AvAudioPlayer音频的后台播放问题
- ASM(active shape models)算法介绍
- C++之多态与虚函数
- 切换游戏场景特效的Android源码
- Linux服务器性能评估
- 项目中不能双击打开xml文件
- 解决IntelliJ IDEA duplicate class R.java and BuildConfig.java
- 基于autohotkey(AHK)的通用摘录器的制作
- 京东6000万元净利润的三大来源:营亏压缩、利息以及财政补贴
- Git 的origin和master分析
- C#数据库读写文件
- js 验证各种格式类型的正则表达式
- 算法导论第三版4.1习题解答
- SQL 学习资源
- java定时任务,每天定时执行任务