1、服務端(http)
-
部署
- 下載地址cas4.0.0服務端
- 解壓并進入目錄cas-server-4.0.0-release.zip\cas-server-4.0.0\modules,找到war包cas-server-webapp-4.0.0.war
- 將war包改名為cas,放到tomcat的webapps下發布項目
- 打開瀏覽器輸入http://localhost:8080/cas,成功如下圖
-
配置mysql連接
- 打開cas\WEB-INF\deployerConfigContext.xml
- 找到id為primaryAuthenticationHandler的bean,修改為
<bean id="primaryAuthenticationHandler" class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"> <property name="dataSource" ref="dataSource"></property> <property name="sql" value="select password from user where user_name=?"></property> </bean> - 添加數據源
<!-- 數據源配置 --> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName" value="com.mysql.jdbc.Driver"></property> <property name="url" value="jdbc:mysql://localhost:3306/ossm"></property> <property name="username" value="root"></property> <property name="password" value="123456"></property> </bean> - 添加jar包:
- 打開cas\cas-server-4.0.0\modules
- 復制cas-server-support-jdbc-4.0.0到項目的cas\WEB-INF\lib目錄下
- 下載mysql驅動mysql-connector-java-5.0.2.jar,添加到cas\WEB-INF\lib目錄下
- 重啟tomcat
-
去掉https驗證
- 打開cas/WEB-INF/deployerConfigContext.xml
增加參數p:requireSecure="false",是否需要安全驗證,即HTTPS,false為不采用。修改后為:<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient"/><bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" p:requireSecure="false"/> - 打開cas/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml
p:cookieSecure="true"改成p:cookieSecure="false"<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" p:cookieSecure="true" p:cookieMaxAge="-1" p:cookieName="CASTGC" p:cookiePath="/cas" /> - 打開WEB-INF\spring-configuration\warnCookieGenerator.xml
將p:cookieSecure="true" 改成false<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" p:cookieSecure="true" p:cookieMaxAge="-1" p:cookieName="CASPRIVACY" p:cookiePath="/cas" />
- 打開cas/WEB-INF/deployerConfigContext.xml
2、客戶端
- 在maven配置文件添加依賴
<!--cas客戶端--> <dependency> <groupId>org.jasig.cas.client</groupId> <artifactId>cas-client-core</artifactId> <version>3.3.3</version> </dependency> <dependency> <groupId>xml-apis</groupId> <artifactId>xml-apis</artifactId> <version>1.4.01</version> </dependency> - 配置web.xml文件
<!-- 用于單點退出,該過濾器用于實現單點登出功能,可選配置--> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <!-- 該過濾器用于實現單點登出功能,可選配置 --> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>CAS Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <!--casServer的登錄訪問路徑--> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://localhost:8080/cas/login</param-value> </init-param> <!--casServer的根訪問路徑--> <!--需要將serverName的參數設置為本地登錄系統使用的ip:port參數,登錄后跳轉的url(此項目)--> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8090</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 該過濾器負責對Ticket的校驗工作,必須啟用它 --> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class> org.jasig.cas.client.validation.Cas10TicketValidationFilter </filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://localhost:8080/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8090</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 該過濾器負責實現HttpServletRequest請求的包裹,比如允許開發者通過HttpServletRequest的getRemoteUser()方法獲得SSO登錄用戶的登錄名,可選配置。 --> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 該過濾器使得開發者可以通過org.jasig.cas.client.util.AssertionHolder來獲取用戶的登錄名。比如AssertionHolder.getAssertion().getPrincipal().getName()。 --> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
3、報錯
unable to find valid certification path to requested target
https證書問題,將證書導入到起作用的jdk里面
java.security.cert.CertificateException: No name match
生成證書的時候,“您的名字與姓氏是什么”應填寫項目域名,比如localhost
java.lang.IllegalArgumentException: casServerUrlPrefix cannot be null.
客戶端使用的cas-client-core版本不對,4.0.0的服務端應使用3.3
java.lang.NoClassDefFoundError: org/w3c/dom/ElementTraversal
添加依賴xml-apis
````
<dependency>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
<version>1.4.01</version>
</dependency>
````
