cas实现sso-单点登录

发表于 | 更新于: | 分类于
字数统计: 702 | 阅读时长 ≈ 3

cas-server下载和打包

从github下载cas 4.2.17
github地址 https://github.com/apereo/cas-overlay-template/tree/4.1
或从release下载

打包 4.2.17

mvn clean package --settings=e:/.m2/settings.xml

(–settings指定配置文件,可以不指定,则默认在c盘用户目录下的.m2文件夹中下载jar包等依赖)

修改 WEB-INF/spring-configuration/propertyFileConfigurer.xml

将cas.properties移动到 WEB-INF/classes/目录下

tomcat配置https

通过jdk生成ssl证书

keytool -genkeypair -alias "tomcat7" -keyalg "RSA" -keystore "d:\keys\tomcat.keystore"

名字和姓氏应为 域名
本地为 localhost
或增加参数 -dname “CN=localhost, OU=org, O=org.demo, L=bj, ST=bj, C=cn”
keytool   -alias  "tomcat7"   -exportcert   -keystore    "d:\keys\tomcat.keystore"    -file  "d:\keys\tomcat.cer"   -storepass   "123456"

500 错误 Caused by:
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed
解决方法,导入ssl证书

keytool    -import     -alias    "tomcat7"    -keystore   "D:\Program Files\jdk1.7.0_79\jre\lib\security\cacerts"   -file   "d:\keys\tomcat.cer"    -trustcacerts    -storepass "changeit"

– 注意这个密码就是 changeit
是否信任? y

tomcat server.xml配置

启动tomcat, 访问 https://localhost:8443

默认用户名 casuser 密码 Mellon

cas client

下载地址 https://www.yf2017.top/files/zip/casClient1.zip
配置 web.xml
修改cas server WEB-INF\classes\services\HTTPSandIMAPS-10000001.json

{
  "@class" : "org.jasig.cas.services.RegexRegisteredService",
  "serviceId" : "^(http|imaps)://.*",
  "name" : "HTTPS and IMAPS",

支持客户端http 修改 “serviceId” : “^(https|imaps)://.“ 为 “serviceId” : “^(http|imaps)://.“,

cas server支持 mysql配置

lib/增加 mysql-connector-java-5.1.37.jar, cas-server-support-jdbc-4.2.7.jar
cas.properties

cas.jdbc.authn.query.sql=select password  from  t_user  where account=? and  valid=true

# == Basic database connection pool configuration ==
database.driverClass=com.mysql.jdbc.Driver
database.url=jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&characterEncoding=UTF-8
database.user=root
database.password=
database.pool.minSize=6
database.pool.maxSize=18

# Maximum amount of time to wait in ms for a connection to become
# available when the pool is exhausted
database.pool.maxWait=10000

# Amount of time in seconds after which idle connections
# in excess of minimum size are pruned.
database.pool.maxIdleTime=120

# Number of connections to obtain on pool exhaustion condition.
# The maximum pool size is always respected when acquiring
# new connections.
database.pool.acquireIncrement=6

# == Connection testing settings ==

# Period in s at which a health query will be issued on idle
# connections to determine connection liveliness.
database.pool.idleConnectionTestPeriod=30

# Query executed periodically to test health
database.pool.connectionHealthQuery=select 1

# == Database recovery settings ==

# Number of times to retry acquiring a _new_ connection
# when an error is encountered during acquisition.
database.pool.acquireRetryAttempts=5

# Amount of time in ms to wait between successive aquire retry attempts.
database.pool.acquireRetryDelay=2000

logging.level.org.apereo=DEBUG

注意修改其中的数据库配置信息

修改 cas-server WEB-INF/deployerConfigContext.xml

注释 acceptUsersAuthenticationHandler, 并增加

创建表



CREATE TABLE `t_user` (
  `id` int(11) NOT NULL COMMENT '主键',
  `account` varchar(30) DEFAULT NULL COMMENT '账号',
  `password` varchar(255) DEFAULT NULL COMMENT '密码',
  `valid` tinyint(1) DEFAULT NULL COMMENT '是否有效',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;



INSERT INTO t_user(id,account,PASSWORD,valid) VALUES 
(1,'admin','21232f297a57a5a743894a0e4a801fc3',1),
(2,'tony','ddc5f5e86d2f85e1b1ff763aff13ce0a',1);

增加用户名admin,tony的用户,密码和用户名相同,密码为md5加密。

增加 log4j配置 ,在 cas-server WEB-INF/classes目录下创建文件 log4j2.xml
文件内容:

启动casClient1

访问 http://localhost:8081/casClient1 会自动跳到cas-server的登录页,登录成功后返回

0%