单点登录cas常见问题(十一) - 怎么搭建oauth服务器？

1、cas项目导入cas-server-support-oauth子项目

如果pom.xml中注释掉了这个模块，放开注释：<module>cas-server-support-oauth</module>

2、cas-server-webapp项目的pom.xml中添加

    <dependency>
      <groupId>org.jasig.cas</groupId>
      <artifactId>cas-server-support-oauth</artifactId>
      <version>${project.version}</version>
    </dependency>

3、cas-server-webapp项目的web.xml中有

    <servlet-mapping>
        <servlet-name>cas</servlet-name>
        <url-pattern>/v1/*</url-pattern>
    </servlet-mapping>

如果上面的代码被注释掉了，放开注释
4、修改cas-server-webapp的cas-servlet.xml文件，
添加一个bean oauth20WrapperController
  <bean id="oauth20WrapperController" class="org.jasig.cas.support.oauth.web.OAuth20WrapperController"
        p:loginUrl="http://www.ittenyear.com/cas/login"
        p:servicesManager-ref="servicesManager"
        p:ticketRegistry-ref="ticketRegistry"
        p:timeout="7200" />

在handlerMappingC bean中添加红色标识的代码

<bean
      id="handlerMappingC"
      class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping"
      p:alwaysUseFullPath="true">
    <property name="mappings">
      <util:properties>
        <prop key="/serviceValidate">serviceValidateController</prop>
        <prop key="/proxyValidate">proxyValidateController</prop>

        <!--
        <prop key="/samlValidate">samlValidateController</prop>
        -->

        <prop key="/p3/serviceValidate">v3ServiceValidateController</prop>
        <prop key="/p3/proxyValidate">v3ProxyValidateController</prop>
        <prop key="/validate">legacyValidateController</prop>
        <prop key="/proxy">proxyController</prop>
        <prop key="/authorizationFailure.html">passThroughController</prop>
        <prop key="/oauth/*">oauth20WrapperController</prop>

5、在deployerConfigContext.xml文件中添加service

One service is needed to make the OAuth wrapper works in CAS. It defines the callback url after CAS authentication to return to the OAuth wrapper as a CAS service.

              <bean class="org.jasig.cas.support.oauth.services.OAuthCallbackAuthorizeService"
                    p:id="2"
                    p:name="HTTP"
                    p:description="oauth wrapper callback url"
                    p:serviceId="${server.prefix}/oauth/callbackAuthorize" />

6、在deployerConfigContext.xml文件中为每一个oauth客户端添加一个service

Every OAuth client must be defined as a CAS service (notice the new clientId and clientSecret properties, specific to OAuth):

              <bean class="org.jasig.cas.support.oauth.services.OAuthRegisteredService"
                    p:id="3"
                    p:name="serviceName"
                    p:description="Service Description"
                    p:serviceId="http://bbs.ittenyear.com"
                    p:bypassApprovalPrompt="false"
                    p:clientId="key"
                    p:clientSecret="secret" />

原文档在这里： http://jasig.github.io/cas/4.1.x/installation/OAuth-OpenId-Authentication.html

7、测试
http:// href="http://www.ittenyear.com" target=_blank>www.ittenyear.com/cas/oauth/authorize?client_id=key&redirect_uri=http://bbs.ittenyear.com&response_type=code

拿到ST
http://bbs.ittenyear.com/?code=ST-1-Ftbt6i5Odk7GaKQTp3yn-cas01.example.org http://www.ittenyear.com/cas/oauth/accessToken?client_id=key&client_secret=secret&grant_type=authorization_code&redirect_uri=http://bbs.ittenyear.com&code=
拿到access_token

TGT-2-3fkIcMgFnN15VQ6VsAkcLigDdq0KqdEzev0kJN5WnoEPYSJ7ze-cas01.example.org

访问资源：用户信息
http://www.ittenyear.com/cas/oauth/profile?access_token=TGT-2-3fkIcMgFnN15VQ6VsAkcLigDdq0KqdEzev0kJN5WnoEPYSJ7ze-cas01.example.org