jasig CAS客户端配置
2016-04-13 22:51
253 查看
一点感悟:由于项目需要用到了CAS单点登录技术,前段时间对CAS单点登录进行了服务器端配置,比较顺利,难就难做在CAS客户端配置,花了不少时间,希望借此一点经验与大家分析,让学习的人少走弯路。
一、环境准备
jdk1.7
tomact7
cas-server-3.4.6-release
cas-client-3.2.1
二、配置cas-server-3.4.6数据源
1、修改在tomact/webapps/cas-server-webapp-3.4.6/WEB-INF中的deployerConfigContext.xml文件中的认证方式及添加mysql数据源,如下:
修改数据库认证方式
添加配置mysql数据源
<span style="font-family:SimSun;font-size:14px;"><bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
<!-- 配置mysql数据源 -->
<bean id="casDataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"></property>
<property name="url" value="jdbc:mysql://172.22.6.9:3306/casuserdatabase"/>
<property name="username" value="root"/>
<property name="password" value="123456"/>
</bean><span style="color:#ff0000;"> </span></span>2、创建casuserdatabase数据库,新建app_user数据表,如下:
CREATE TABLE `app_user` (
`t_id` int(11) PRIMARY KEY AUTO_INCREMENT NOT NULL<span style="font-family: SimSun;">,</span>
`t_username` varchar(30) NOT NULL,
`t_password` varchar(30) NOT NULL,
);
三、配置cas-client-3.2.1客户端
1、下载cas-client-3.2.1客户端,下载地址:https://www.apereo.org/projects/cas/download-cas,
2、将cas-client-3.2.1进行解压,然后在modules文件夹中将cas-client-core-3.2.1.jar,cas-client-integration-tomcat-v7-3.2.1.jar、commons-logging-1.1.jar、commons-codec-1.4.jar四个jar包拷贝到web项目工程WEB-INF/lib下,如图:
3、配置web项目中的web.xml,如下:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置 -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- 该过滤器用于实现单点功能,可选配置 -->
<filter>
<filter-name>CasSingleSignOutFilter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CasSingleSignOutFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责用户的认证工作,必须启用它 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<!-- cas服务器登录地址 -->
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://172.22.6.9:8888/cas/login</param-value>
</init-param>
<!-- 连接服务器登录ip -->
<init-param>
<param-name>serverName</param-name>
<param-value>http://172.22.6.9:8888</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CASTicketValidator</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<!-- 配置当前web应用所在的的web服务器域名URL -->
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://172.22.6.9:8888/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://172.22.6.9:8888</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASTicketValidator</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责实现HttpServletRequest请求的包裹, 比如允许开发者通过HttpServletRequest的getRemoteUser()
方法获得SSO登录用户的登录名,可选配置。 -->
<filter>
<filter-name>CASRequestWrapperFilter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CASRequestWrapperFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 比如
AssertionHolder.getAssertion().getPrincipal().getName()。 -->
<filter>
<filter-name>CASAssertionThreadLocalFilter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CASAssertionThreadLocalFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>AutoSetUserAdapterFilter</filter-name>
<filter-class>com.demo.servlet.AutoSetUserAdapterFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AutoSetUserAdapterFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
配置web.xml有两点需要注意:
1、CASFilter中的cas服务器地址要配置http://localhost:8888/cas/login;
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<!-- cas服务器登录地址 -->
<init-param>
<param-name>casServerLoginUrl</param-name>
<span style="color:#ff0000;"><param-value>http://172.22.6.9:8888/cas/login</param-value>//注意URL</span>
</init-param>
<!-- 连接服务器登录ip -->
<init-param>
<param-name>serverName</param-name>
<param-value>http://172.22.6.9:8888</param-value>
</init-param>
</filter>
2、CASTicketValidator中的cas服务器地址要配置http://172.22.6.9:8888/cas
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CASTicketValidator</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<!-- cas服务器登录地址 -->
<init-param>
<param-name>casServerUrlPrefix</param-name>
<span style="color:#ff0000;"> <param-value>http://172.22.6.9:8888/cas</param-value>//注意URL</span>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://172.22.6.9:8888</param-value>
</init-param>
</filter>如果URL地址一致,会出现错误:
org.xml.sax.SAXParseException; lineNumber: 64; columnNumber: 23; 元素类型 "label" 必须由匹配的结束标记 "</label>" 终止。
org.xml.sax.SAXParseException; lineNumber: 64; columnNumber: 23; 元素类型 "label" 必须由匹配的结束标记 "</label>" 终止。
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:198)
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:177)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:441)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:368)
at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1436)效果:
在浏览器中输入web项目地址:172.22.6.9:8888/demo,会跳转到http://172.22.6.9:8888/cas/login?service=http%3A%2F%2F172.22.6.9%3A8888%2Fdemo%2F单点登录界面,然后输入帐号与密码,ok!
一、环境准备
jdk1.7
tomact7
cas-server-3.4.6-release
cas-client-3.2.1
二、配置cas-server-3.4.6数据源
1、修改在tomact/webapps/cas-server-webapp-3.4.6/WEB-INF中的deployerConfigContext.xml文件中的认证方式及添加mysql数据源,如下:
修改数据库认证方式
<property name="authenticationHandlers"> <list> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <!-- 注释原有的数据库认证方式 <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> --> <!-- 创建数据库认证方式 --> <bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"> <property name="dataSource" ref="casDataSource" /> <property name="sql" value="select t_password from app_user where t_username=?" /> </bean> </list> </property>
添加配置mysql数据源
<span style="font-family:SimSun;font-size:14px;"><bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
<!-- 配置mysql数据源 -->
<bean id="casDataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"></property>
<property name="url" value="jdbc:mysql://172.22.6.9:3306/casuserdatabase"/>
<property name="username" value="root"/>
<property name="password" value="123456"/>
</bean><span style="color:#ff0000;"> </span></span>2、创建casuserdatabase数据库,新建app_user数据表,如下:
CREATE TABLE `app_user` (
`t_id` int(11) PRIMARY KEY AUTO_INCREMENT NOT NULL<span style="font-family: SimSun;">,</span>
`t_username` varchar(30) NOT NULL,
`t_password` varchar(30) NOT NULL,
);
三、配置cas-client-3.2.1客户端
1、下载cas-client-3.2.1客户端,下载地址:https://www.apereo.org/projects/cas/download-cas,
2、将cas-client-3.2.1进行解压,然后在modules文件夹中将cas-client-core-3.2.1.jar,cas-client-integration-tomcat-v7-3.2.1.jar、commons-logging-1.1.jar、commons-codec-1.4.jar四个jar包拷贝到web项目工程WEB-INF/lib下,如图:
3、配置web项目中的web.xml,如下:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置 -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- 该过滤器用于实现单点功能,可选配置 -->
<filter>
<filter-name>CasSingleSignOutFilter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CasSingleSignOutFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责用户的认证工作,必须启用它 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<!-- cas服务器登录地址 -->
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://172.22.6.9:8888/cas/login</param-value>
</init-param>
<!-- 连接服务器登录ip -->
<init-param>
<param-name>serverName</param-name>
<param-value>http://172.22.6.9:8888</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CASTicketValidator</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<!-- 配置当前web应用所在的的web服务器域名URL -->
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://172.22.6.9:8888/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://172.22.6.9:8888</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASTicketValidator</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器负责实现HttpServletRequest请求的包裹, 比如允许开发者通过HttpServletRequest的getRemoteUser()
方法获得SSO登录用户的登录名,可选配置。 -->
<filter>
<filter-name>CASRequestWrapperFilter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CASRequestWrapperFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 比如
AssertionHolder.getAssertion().getPrincipal().getName()。 -->
<filter>
<filter-name>CASAssertionThreadLocalFilter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CASAssertionThreadLocalFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>AutoSetUserAdapterFilter</filter-name>
<filter-class>com.demo.servlet.AutoSetUserAdapterFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AutoSetUserAdapterFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
配置web.xml有两点需要注意:
1、CASFilter中的cas服务器地址要配置http://localhost:8888/cas/login;
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<!-- cas服务器登录地址 -->
<init-param>
<param-name>casServerLoginUrl</param-name>
<span style="color:#ff0000;"><param-value>http://172.22.6.9:8888/cas/login</param-value>//注意URL</span>
</init-param>
<!-- 连接服务器登录ip -->
<init-param>
<param-name>serverName</param-name>
<param-value>http://172.22.6.9:8888</param-value>
</init-param>
</filter>
2、CASTicketValidator中的cas服务器地址要配置http://172.22.6.9:8888/cas
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CASTicketValidator</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<!-- cas服务器登录地址 -->
<init-param>
<param-name>casServerUrlPrefix</param-name>
<span style="color:#ff0000;"> <param-value>http://172.22.6.9:8888/cas</param-value>//注意URL</span>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://172.22.6.9:8888</param-value>
</init-param>
</filter>如果URL地址一致,会出现错误:
org.xml.sax.SAXParseException; lineNumber: 64; columnNumber: 23; 元素类型 "label" 必须由匹配的结束标记 "</label>" 终止。
org.xml.sax.SAXParseException; lineNumber: 64; columnNumber: 23; 元素类型 "label" 必须由匹配的结束标记 "</label>" 终止。
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:198)
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:177)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:441)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:368)
at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1436)效果:
在浏览器中输入web项目地址:172.22.6.9:8888/demo,会跳转到http://172.22.6.9:8888/cas/login?service=http%3A%2F%2F172.22.6.9%3A8888%2Fdemo%2F单点登录界面,然后输入帐号与密码,ok!
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- apache lucene solr 官网历史版本下载地址
- 【精心推荐】几款极好的 JavaScript 文件上传插件
- BZOJ3160 万径人踪灭 FFT+manacher
- Linux多线程与同步
- ReactNative学习十七-UIExplorer例子运行
- iframe 中使用 window.name
- 寻找两个排序数组的中位数
- HTML 利用MAP创建图片中的链接的映射
- bzoj3173【TJOI2013】最长上升子序列
- 磁盘缓存
- ViewPager(三)——深入理解 OnPageChangeListener中的onPageScrollStateChanged(int state)
- MySQL基础八:MySQL存储过程
- 虚拟现实VR究竟有多现实,淘宝buy+是真的么?
- 电话相亲之感
- Jersey(1.19.1) - Hello World, Get started with Jersey using the embedded Grizzly server
- 向mysql中插入数据(时间,图片)
- 关于springSecurity
- DedeCMS反馈页面SQL注入漏洞
- JAVA与C当中基本数据类型和基本运算符的区别
- Android开发系列(十一) QQ登陆界面——Android控件使用实例