CAS SSO研究一:抛弃Https让Cas以Http协议提供单点登录服务
2016-08-26 23:19
501 查看
转自: http://blog.csdn.net/ycyk_168/article/details/18668951
本文环境:
1、apache-tomcat-7.0.50-windows-x86
2、cas-server-3.4.11
3、cas-client-3.2.1
将cas-server-webapp-3.4.11.war放入tomcat的webapps下,改名ROOT.war,启动tomcat,待自动解压后,进行如下修改:
1、修改WEB-INF\deployerConfigContext.xml,加入
[html]
view plain
copy
p:requireSecure="false"
[html]
view plain
copy
<property name="authenticationHandlers">
<list>
<!--
| This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
| a server side SSL certificate.
+-->
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" p:requireSecure="false"/>
<!--
| This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS
| into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
| where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your
| local authentication strategy. You might accomplish this by coding a new such handler and declaring
| edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
+-->
<bean
class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
</list>
</property>
2、修改WEB-INF\spring-configuration\ticketGrantingTicketCookieGenerator.xml,修改p:cookieSecure="false"
[html]
view plain
copy
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="false"
p:cookieMaxAge="-1"
p:cookieName="CASTGC"
p:cookiePath="/cas" />
3、修改修改WEB-INF\spring-configuration\warnCookieGenerator.xml,修改p:cookieSecure="false"
[html]
view plain
copy
<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="false"
p:cookieMaxAge="-1"
p:cookieName="CASPRIVACY"
p:cookiePath="/cas" />
经过以上三步,cas server端修改完毕
客户端操作我习惯进行一下域名/IP映射,修改:C:\Windows\System32\drivers\etc\hosts 添加如下映射
[java]
view plain
copy
127.0.0.1 cas.jkkl1314.com
127.0.0.1 c1.jkkl1314.com
127.0.0.1 c2.jkkl1314.com
在客户端项目中加入cas-client-core-3.2.1.jar、commons-logging.jar,并在web.xml中加入:
[html]
view plain
copy
<!-- ======================== 单点登录开始 ======================== -->
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置-->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- 该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://cas.jkkl1314.com:10000</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://c1.jkkl1314.com:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://cas.jkkl1314.com:10000</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://c1.jkkl1314.com:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
该过滤器负责实现HttpServletRequest请求的包裹,
比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。
-->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
比如AssertionHolder.getAssertion().getPrincipal().getName()。
-->
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- ======================== 单点登录结束 ======================== -->
第二个客户端项目只是修改了一下域名,在web.xml中加入的配置是一样的!运行后即可实现单点登录!
以下两边文章对我帮助很大,特此感谢:
http://www.micmiu.com/enterprise-app/sso/sso-cas-sample/ http://blog.csdn.net/designlife/article/details/2956814
本文环境:
1、apache-tomcat-7.0.50-windows-x86
2、cas-server-3.4.11
3、cas-client-3.2.1
将cas-server-webapp-3.4.11.war放入tomcat的webapps下,改名ROOT.war,启动tomcat,待自动解压后,进行如下修改:
1、修改WEB-INF\deployerConfigContext.xml,加入
[html]
view plain
copy
p:requireSecure="false"
[html]
view plain
copy
<property name="authenticationHandlers">
<list>
<!--
| This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
| a server side SSL certificate.
+-->
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" p:requireSecure="false"/>
<!--
| This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS
| into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
| where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your
| local authentication strategy. You might accomplish this by coding a new such handler and declaring
| edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
+-->
<bean
class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
</list>
</property>
2、修改WEB-INF\spring-configuration\ticketGrantingTicketCookieGenerator.xml,修改p:cookieSecure="false"
[html]
view plain
copy
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="false"
p:cookieMaxAge="-1"
p:cookieName="CASTGC"
p:cookiePath="/cas" />
3、修改修改WEB-INF\spring-configuration\warnCookieGenerator.xml,修改p:cookieSecure="false"
[html]
view plain
copy
<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="false"
p:cookieMaxAge="-1"
p:cookieName="CASPRIVACY"
p:cookiePath="/cas" />
经过以上三步,cas server端修改完毕
客户端操作我习惯进行一下域名/IP映射,修改:C:\Windows\System32\drivers\etc\hosts 添加如下映射
[java]
view plain
copy
127.0.0.1 cas.jkkl1314.com
127.0.0.1 c1.jkkl1314.com
127.0.0.1 c2.jkkl1314.com
在客户端项目中加入cas-client-core-3.2.1.jar、commons-logging.jar,并在web.xml中加入:
[html]
view plain
copy
<!-- ======================== 单点登录开始 ======================== -->
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置-->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- 该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://cas.jkkl1314.com:10000</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://c1.jkkl1314.com:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://cas.jkkl1314.com:10000</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://c1.jkkl1314.com:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
该过滤器负责实现HttpServletRequest请求的包裹,
比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。
-->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
比如AssertionHolder.getAssertion().getPrincipal().getName()。
-->
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- ======================== 单点登录结束 ======================== -->
第二个客户端项目只是修改了一下域名,在web.xml中加入的配置是一样的!运行后即可实现单点登录!
以下两边文章对我帮助很大,特此感谢:
http://www.micmiu.com/enterprise-app/sso/sso-cas-sample/ http://blog.csdn.net/designlife/article/details/2956814
相关文章推荐
- CAS SSO研究一:抛弃Https让Cas以Http协议提供单点登录服务
- cas sso单点登录系列8_抛弃Https让Cas以Http协议提供单点登录服务
- 将CAS 单点登录协议由https改为http
- ubuntu 12.04配置SSH---为远程登录会话和其它网络服务提供的协议
- Cas 从https改成http Google浏览器无法实现单点登录
- cas+tomcat+shiro实现单点登录-1-tomcat添加https协议
- 在Spring Boot中,使用Https提供服务,并将Http请求自动重定向到Https
- 申请阿里云的CA证书服务(免费)-将http协议转为Https
- HTTP 协议中 Vary 的一些研究 转自https://www.imququ.com/post/vary-header-in-http.html
- HTTP 协议本身也是无连接的,虽然它使用了面向连接的 TCP 向上提供的服务。
- CAS单点登录https协议修改成http协议
- 如何在Spring Boot中,使用Https提供服务,并将Http请求自动重定向到Https。
- 关于AXIS WebService通过HTTPS协议访问WAS Web服务错误问题的解决方案
- HTTP协议----(2)Java程序检测HTTP服务是否打开
- WCF如何克服HTTP传输协议的局限提供对不同消息传输模式的实现
- Chrome 强奸了我的 FTP Http Https 协议
- Win7 下http,https协议的默认打开浏览器修改
- HTTP和HTTPS协议的区别
- CakePHP: HTTPS HTTP页面跳转导致登录信息丢失
- HTTPSQS(HTTP Simple Queue Service)是一款基于 HTTP GET/POST 协议的轻量级开源简单消息队列服务