Linux中本地构建CAS单点登陆开发环境

<style type="text/css"> <!-- p {margin-bottom:0.21cm} --> </style>

Thisdocument is designed to walk a new CAS user through our recommendeddevelopment/build process. It does not require you to explicitlydownload any version of CAS, but it does require particulardevelopment tools to be available. We've detailed those requirementsand our recommendations as part of this process. Experienced usersmay be able to ignore that, and other parts. At the end of thedocument, we've listed publicly available examples of our recommendedprocess. This document will continue to evolve.

本文以Ubuntu 10.10为例。

1、<style type="text/css"> <!-- h3 {margin-top:0cm; margin-bottom:0cm; line-height:200%} h3.western {font-family:"Arial",sans-serif; font-size:18pt} h3.cjk {font-family:"DejaVu Sans"; font-size:18pt; font-style:normal} h3.ctl {font-family:"DejaVu Sans"; font-size:18pt} p {margin-bottom:0.21cm} --> </style>Required Software

必需软件

<style type="text/css"> <!-- p {margin-bottom:0.21cm} a:link {color:rgb(0,0,255)} --> </style>

• A Servlet 2.4 Container - We've hadgood luck withTomcatand this exercise will use that.

• Maven2- If you're interested in using the Maven2 WAR Overlay method, youhave no choice but todownloadMaven2

• Java5 or higher - We'll assume you'veinstalleda JDK. While Java 5 will work, it has reached itsend-of-life,so you should install Java 6 or higher.

看字面意思应该很容易明白，要求linux系统安装了tomcat，maven2，jdk等。

2、<style type="text/css"> <!-- h3 {margin-top:0cm; margin-bottom:0cm; line-height:200%} h3.western {font-family:"Arial",sans-serif; font-size:18pt} h3.cjk {font-family:"DejaVu Sans"; font-size:18pt; font-style:normal} h3.ctl {font-family:"DejaVu Sans"; font-size:18pt} p {margin-bottom:0.21cm} --> </style>Recommended Software

推荐软件

<style type="text/css"> <!-- p {margin-bottom:0.21cm} a:link {color:rgb(0,0,255)} --> </style>

• An IDE - This exercise won'tactually utilize an IDE, but we recommend you use the one you'remost comfortable with in your daily work. We've had great luck withIntelliJIDEA,Eclipseand theSpringSourceTool Suite

• AVersion Control system - Again, this exercise won't actually use aversion control system, but you should ultimately be using one suchasSubversionorGit.

要求系统安装IDE和版本控制器，安装Eclipse和subversion就可以了。

3、<style type="text/css"> <!-- h2 {margin-top:0cm; margin-bottom:0cm; line-height:200%} h2.western {font-family:"Arial",sans-serif; font-size:24pt} h2.cjk {font-family:"DejaVu Sans"; font-size:24pt; font-style:normal} h2.ctl {font-family:"DejaVu Sans"; font-size:24pt} p {margin-bottom:0.21cm} --> </style>Setting up theSoftware

安装以上软件，安装过程相信大家已经很熟悉了。注意，安装好之后，需要配置java，maven，tomcat等的环境变量。

4、<style type="text/css"> <!-- h4 {margin-top:0cm; margin-bottom:0cm; line-height:200%} h4.western {font-family:"Arial",sans-serif; font-size:18pt; font-weight:normal} h4.cjk {font-family:"DejaVu Sans"; font-size:18pt; font-style:normal; font-weight:normal} h4.ctl {font-family:"DejaVu Sans"; font-size:18pt; font-weight:normal} p {margin-bottom:0.21cm} --> </style>Create the Certificate

创建认证

(1).打开console终端，输入：

keytool -genkey -alias tomcat -keyalg RSA -validity 365

这时，会自动创建一个名为.keystore的文件，路径为$HOME/.keystore

<style type="text/css"> <!-- p {margin-bottom:0.21cm} --> </style>

注意：

如果提示'keytool'is not recognized as an internal or external command,

operableprogram or batch file.

说明系统环境变量没有设定jdk

执行上述命令后，会得到如同下面的信息：

<style type="text/css"> <!-- p {margin-bottom:0.21cm} --> </style>

Enterkeystore password:

Re-enternewpassword:

Whatis your first and last name?

[Unknown]:localhost

Whatis the name of your organizational unit?

[Unknown]:shihuangzhe

Whatis the name of your organization?

[Unknown]:shihuangzhe

Whatis the name of your City or Locality?

[Unknown]: sh

Whatis the name of your State or Province?

[Unknown]: sh

Whatis the two-letter country code forthisunit?

[Unknown]: cn

IsCN=localhost, OU=shihuangzhe, O=shihuangzhe, L=sh, ST=sh, C=cn correct?

[no]:y

5、<style type="text/css"> <!-- p {margin-bottom:0.21cm} --> </style> 修改$TOMCAT_HOME/conf/server.xml配置档

注意：

<style type="text/css"> <!-- p {margin-bottom:0.21cm} --> </style>

Tomcat每个版本的SSL配置是不同的，读者可自行参考TOMCAT_HOME\webapps\docs\index.xml文档。

<style type="text/css"> <!-- p {margin-bottom:0.21cm} --> </style>

Tomcat--6.0

<Connectorport="8443"protocol="HTTP/1.1"SSLEnabled="true"

maxThreads="150"scheme="https" secure="true"

clientAuth="false"sslProtocol="TLS"keystoreFile="/home/dsan/.keystore" keystorePass="50963187"/>

Tomcat—7.0

<Connectorport="8443"protocol="org.apache.coyote.http11.Http11Protocol"SSLEnabled="true"

maxThreads="150"scheme="https" secure="true"

clientAuth="false"sslProtocol="TLS"

keystoreFile="/home/dsan/.keystore"keystorePass="50963187" keyAlias="tomcat"/>

如果这里设置有问题，tomcat启动时候应该会报如下错误：

EVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
LifecycleException:  Protocol handler initialization failed: java.lang.Exception: No Certificate file specified or invalid file format

5、产生server.crt档<style type="text/css"> <!-- p {margin-bottom:0.21cm} --> </style>

终端console执行如下：

keytool -export -alias tomcat -file server.crt

则此时会产生$HOME/server.crt

6、<style type="text/css"> <!-- p {margin-bottom:0.21cm} --> </style>Youcan then import the server.crt into other JVM keystore's byexecuting a command similar to this:

NOTE,Windows machine's may require the "\" instead of "/"and reference variables with "%", i.e. %JAVA_HOME%.

导入key

终端console执行如下：

keytool -import -file server.crt -keystore $JAVA_HOME\jre\lib\security\cacerts

<style type="text/css"> <!-- p {margin-bottom:0.21cm} --> </style>

注意：

如果报如下错误，

keytool 错误 ： java.io.Exception:Keystore was tampered with,or password is incorrect.

此处的密码有可能不是你产生证书时候所设的密码，而是默认密码changeit。

如果启动tomcat后，cas报错，提示找不到资源文件，可修改IE的语言做修改。

<style type="text/css"> <!-- p {margin-bottom:0.21cm} --> </style>

MessageSource]- <ResourceBundle [messages] not found for MessageSource: Can't f

indbundle for base name messages, locale zh_TW>

2011-08-0313:56:27,781 ERROR [org.springframework.web.servlet.tags.MessageTag]

-<No message found under code 'screen.welcome.welcome' for locale'zh_TW'.>

javax.servlet.jsp.JspTagException:No message found under code 'screen.welcome.w

elcome'for locale 'zh_TW'.

atorg.springframework.web.servlet.tags.MessageTag.doStartTagInternal(Me

ssageTag.java:184)

atorg.springframework.web.servlet.tags.RequestContextAwareTag.doStartTa

g(RequestContextAwareTag.java:79)

atorg.apache.jsp.WEB_002dINF.view.jsp.default_.ui.casLoginView_jsp._jsp

x_meth_spring_005fmessage_005f0(casLoginView_jsp.java:631)

atorg.apache.jsp.WEB_002dINF.view.jsp.default_.ui.casLoginView_jsp._jsp

Service(casLoginView_jsp.java:204)

7、将sso工程用maven编译为eclipse工程之后，导入eclipse中，启动tomcat服务，在浏览器中输入

<style type="text/css"> <!-- p {margin-bottom:0.21cm} --> </style>

https://localhost:8443/

就会看到单点登陆画面。

8、可在官方提供的此工程基础上，与自己工程进行整合，提倡使用maven构建多模块工程，将cas单点登陆作为一个子模块使用。