一.系統環境:
java version 1.7.0_80
tomcat 7
cas server 4.2.7
cas-client-core 3.4.1
二.配置tomcat https(包括cas server端和cas client端):
1. 生成公私鑰證書庫並添加證書(公鑰和私鑰)信息,生成後可以查看:
keytool -genkey -alias casServer -keyalg RSA -keystore E:/develop/cas/keytool/.keystore -validity 36500
keytool -list -keystore .keystore2. 複製“E:/軟件開發/cas/.keystore”到%TOMCAT_HOME%/conf
3. 配置server.xml,啓用https協議,注意要添加屬性keystorefile(公私鑰證書庫)和keystorepass:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/conf/.keystore" keystorePass="changeit"/> <security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>如果你希望關閉SSL,只需要將CONFIDENTIAL改爲NONE即可。
5.從證書庫導出公鑰證書文件:
keytool -export -alias casServer -file casServer.crt -keystore .keystorekeytool -import -keystore "D:/Program Files/Java/jdk1.7.0_80/jre/lib/security/cacerts" -file casServer.crt -alias casServer三.給cas client應用添加cas的配置(假設包含CasClient1和CasClient2兩個應用,以下以CasClient1爲例,CasClient2同樣配法):
pom.xml依賴cas-client-core
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.4.1</version>
</dependency>web.xml加入cas client的filter和listener:
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:8443/cas</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://localhost:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://localhost:8443/CasClient1</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:8443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://localhost:8443/CasClient1</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>四.部署cas server和cas client:
把cas-server-webapp-4.2.7.war改名爲"cas.war",連通兩個client應用的war包一起放到tomcat的webapp目錄下,啓動。
五.測試登錄:
CAS4.x以前,默認只要帳號密碼相等就能登錄,CAS4.x以後默認登錄帳號/密碼: casuser/Mellon