`
zeng_84_long
  • 浏览: 57509 次
  • 性别: Icon_minigender_1
  • 来自: 北京
文章分类
社区版块
存档分类
最新评论
阅读更多
 

一.环境

a)         Windows 2003 sp1

b)        JDK<!----><st1:chsdate isrocdate="False" month="12" w:st="on" islunardate="False" day="30" year="1899">1.5.0</st1:chsdate>_11

c)        Tomcat <st1:chsdate isrocdate="False" month="12" w:st="on" islunardate="False" day="30" year="1899">5.5.23</st1:chsdate>

d)        MySql5.0

二.准备

a)         cas-server-<st1:chsdate isrocdate="False" month="12" w:st="on" islunardate="False" day="30" year="1899">3.0.6</st1:chsdate>.zip 下载地址:http://www.ja-sig.org/products/cas/index.html

b)        cas-client-java-<st1:chsdate isrocdate="False" month="12" w:st="on" islunardate="False" day="30" year="1899">2.1.1</st1:chsdate>.zip 下载地址:同上

c)        安装完jdkjre后,需要配置JAVA_HOMEPATH=%JAVA_HOME%\bin

三.步骤

a)        配置Tomcat使用SSL安全认证

                         i.              使用命令提示符进入到Tomcat安装目录

                       ii.              生成服务端密匙执行以下命令

                     keytool -genkey -alias 别名keyalg RSA -keypass changeit -storepass changeit                           -keystore server.keystore

例:keytool -genkey -alias casserver -keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore

运行后出现提示信息:

输入keystore密码:changeit      这里也填入主机名

您的名字与姓氏是什么?

 [Unknown] localhost           这里一定要填写正确的主机名

您的组织单位名称是什么?

 [Unknown] oksonic

您的组织名称是什么?

 [Unknown] oksonic

您所在的城市或区域名称是什么?

 [Unknown] <st1:place w:st="on"><st1:city w:st="on">kunming</st1:city></st1:place>

您所在的州或省份名称是什么?

 [Unknown] <st1:place w:st="on"><st1:state w:st="on">yunnan</st1:state></st1:place>

该单位的两字母国家代码是什么

 [Unknown] cn

CN=localhost, OU=oksonic, O=oksonic, L=kunming, ST=yunnan, C=cn 正确吗?

 [] y

完成后会在Tomcat目录生成一个名为casserver的文件

                      iii.              生成服务端证书执行以下命令

                            keytool -export -alias casserver -storepass changeit -file server.cer                                     -keystore server.keystore

                            命令执行后生成一个server.cer的证书文件

 

                     iv.              生成客户端密匙执行以下命令

                            keytool -genkey -alias casclient -keyalg RSA -keypass changeit -storepass                                  changeit -keystore client.keystore

                       v.              生成客户端证书执行以下命令

                            keytool -export -alias casclient -storepass changeit -file client.cer                                        -keystore client.keystore

                            命令执行后生成一个server.cer的证书文件

                     vi.              导入证书文件到cacerts 文件中,执行以下命令

                            keytool -import -trustcacerts -alias server -file server.cer -keystore                                      cacerts -storepass changeit

 

                            keytool -import -trustcacerts -alias client -file client.cer -keystore                                        cacerts -storepass changeit

                            cacerts文件,拷贝到<JAVA_HOME>\jre\lib\security目录下

 

                    vii.              拷贝cas-server-<st1:chsdate isrocdate="False" month="12" w:st="on" islunardate="False" day="30" year="1899">3.0.6</st1:chsdate>.zip包内的target目录下的cas.war文件到Tomcat目录下的webapps目录下

                  viii.              修改Tomcat的配置文件server.xml把以下补注释的内容打开

<Connector port="8443" maxHttpHeaderSize="8192"

               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

               enableLookups="false" disableUploadTimeout="true"

               acceptCount="100" scheme="https" secure="true"

               clientAuth="false" sslProtocol="TLS" />

加入红字部份后的内容如下:

         <Connector port="8443" maxHttpHeaderSize="8192"

keystorePass="changeit" keystoreFile="/server.keystore"

               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

               enableLookups="false" disableUploadTimeout="true"

               acceptCount="100" scheme="https" secure="true"

               clientAuth="false" sslProtocol="TLS" />

 

b)        配置客户端应用

                         i.              使用Tomcat的例子jsp-examples来做客户端

                       ii.              打开项目中的web.xml文件,加入以下配置信息

                     <filter>
                             <filter-name>CASFilter</filter-name>
                              <filter-class>
                                    edu.yale.its.tp.cas.client.filter.CASFilter
                             </filter-class>
                             <init-param>
                             <param-name>
                                    edu.yale.its.tp.cas.client.filter.loginUrl
                            </param-name>
                             <param-value>
https://localhost:8443/cas/login</param-value>
                            </init-param> 
                            <init-param>
                               <param-name>
                                          edu.yale.its.tp.cas.client.filter.validateUrl
                                   </param-name>
                            <param-value>
                                  
https://localhost:8443/cas/proxyValidate
                            </param-value>
                     </init-param>
                     <init-param>
                            <param-name>
                                    edu.yale.its.tp.cas.client.filter.serverName
                            </param-name>
                                   <param-value>
localhost:8080</param-value>
                      </init-param>
              </filter>

              <filter-mapping>
              <filter-name>CASFilter</filter-name>
                     <url-pattern>
/ *</url-pattern>
               </filter-mapping>

 

              拷贝cas-client-java-<st1:chsdate isrocdate="False" month="12" w:st="on" islunardate="False" day="30" year="1899">2.1.1</st1:chsdate>.zip包中的casclient.jar到项目的lib目录下

 

              现在可以启动Tomcat来测试一下是否能够进入到登录页

c)         配置CAS使用数据库进行验证

                         i.              MySql中的Test库中新建app_user

       CREATE TABLE `app_user` (
                  `username` varchar(30) NOT NULL default '',
                  `password` varchar(45) NOT NULL default '',
                  PRIMARY KEY  (`username`)
         ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
添加以下用户:
         INSERT INTO `app_user` (`username`,`password`) VALUES

                    ('oksonic','oksonic'),

                    ('oksonic1','oksonic1');

 

                      ii.              修改cas项目中的deployerConfigContext.xml文件

<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
注释掉该行,在其下加入:
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
                            <property name="sql" value="select password from
app_user where username=?" />
                            <property name="dataSource" ref="dataSource" />

                     </bean>
并添加一个bean
    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" destroy-method="close">
       <property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
       <property name="url"><value>jdbc:mysql://localhost:3306/test</value></property>
       <property name="username"><value>test</value></property>

 

 <filter>  
    <filter-name>CASFilterfilter</filter-name>  
    <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>  
    <init-param>  
        <param-name>edu.yale.its.tp.cas.client.filter.loginUrl </param-name>  
        <param-value>https://localhost:8443/cas/login</param-value>  
    </init-param>  
    <init-param>  
        <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>  
        <param-value>https://localhost:8443/cas/proxyValidate</param-value>  
    </init-param>  
    <init-param>  
        <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>  
        <param-value>localhost:8443</param-value>  
    </init-param>    
</filter>  
<filter-mapping>  
    <filter-name>CASFilterfilter</filter-name>
    <url-pattern>/*</url-pattern>  
</filter-mapping>


       <property name="password"><value>test</value></property>
    </bean>
拷贝cas-server-jdbc-<st1:chsdate isrocdate="False" month="12" w:st="on" islunardate="False" day="30" year="1899">3.0.6</st1:chsdate>.jarmysql-connector-java-3.1.11-bin.jarwebapps/cas/WEB-INF/lib下。

分享到:
评论

相关推荐

Global site tag (gtag.js) - Google Analytics