关于CAS单点登录的实例
来源:互联网 发布:我的世界快速建造js 编辑:程序博客网 时间:2024/06/10 23:49
1、如何实现sso与cas的环境搭建和使用。实现的结果:单点登录的时候,先验证用户身份,如果未验证用户身份,那么将跳转到第三方的验证登录界面,如果验证通过,将允许跳转到对应的请求链接
CAS的官网:http://www.jasig.org/cas
2、环境的搭建:
我们需要修改hots文件中的内容,添加域名,在文件 C:\Windows\System32\drivers\etc\hosts 文件中添加2条
127.0.0.1 server.zhang.com127.0.0.1 client.zhang.com
server.zhang.com ----->对应cas server的tomcat,同时这个虚拟的域名还要用于生成证书
client.zhang.com--------->对应部署应用client客户端的tomcat
下一步:安装jdk,确保jdk环境正确
配置好环境变量后,检查jdk环境是否配置正确。
下一步:配置并生成证书
打开cmd ,输入下面的命令:
keytool -genkey -alias ssocas -keyalg RSA -keystore e:/sso/ssocas
下一步导出证书:
keytool -export -file e:/sso/ssocas.crt -alias ssocas -keystore e:/sso/ssocas
下一步:部署cas-server的tomcat;
(1)、配置HTTPS
在文件 conf/server.xml文件找到:
<Connector port="8080" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" keystoreFile="e:/sso/ssocas" keystorePass="ssodemo" clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/>----------->keystoreFile也可以等于(e:/sso/ssocas.keystore)
保存后,启动tomcat访问 https://server.zhang.com:8080/.可以看到提示网站证书有问题,点击继续浏览后进入tomcat的首页。
下一步部署casServer:
CAS-Server 下载地址:http://www.jasig.org/cas/download
本文以cas-server-3.4.11-release.zip 为例,解压提取cas-server-3.4.11/modules/cas-server-webapp-3.4.11.war文件,把改文件copy到 \webapps\ 目下,并重命名为:cas.war.
启动tomcat,在浏览器地址栏输入:https://server.zhang.com:8080/cas/login ,回车
CAS-server的默认验证规则:只要用户名和密码相同就认证通过(仅仅用于测试,生成环境需要根据实际情况修改),输入admin/admin 点击登录,就可以看到登录成功的页面:
退出时链接为:https://server.zhang.com:8080/cas/logout
看到上述页面表示CAS-Server已经部署成功
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------部署客户端:
1、需要导入服务端生成的证书,用管理员身份打开cmd,进入到jdk的安装目录中;我的是这个----》C:\Program Files\Java\jdk1.7.0_67\jre\lib\security
执行一下命令:
keytool -import -keystore cacerts -file e:/sso/ssocas.crt -alias ssocas
执行完后,已添加到了jdk中信任的证书。
---------------------------------------------------------------------
【如何删除从jdk中证书】
{
keytool -delete -alias ssocas -keystore cacerts -storepass ssodemo
}
-----------------------------------------------------------------
2、部署client
CAS-Client 下载地址:http://downloads.jasig.org/cas-clients/
以cas-client-3.2.1-release.zip 为例,解压提取cas-client-3.2.1/modules/cas-client-core-3.2.1.jar
借以tomcat默认自带的 webapps\examples 作为演示的简单web项目
-------下一步:-配置tomcat (如果是在同一台机器上,则另外启用一个tomcat)
(
同一台机器时另起一个tomcat,需要修改
<Server port="8005" shutdown="SHUTDOWN">改成<Server port="8006" shutdown="SHUTDOWN">
)
<Connector port="18080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="18443" /><Connector port="18009" protocol="AJP/1.3" redirectPort="18443" />
启动client的tomcat ,浏览器输入 http://client.zhang.com:18080/examples/servlets/ 回车:
没有报错说明配置启动成功。
下一步:接下来复制 client的lib包cas-client-core-3.2.1.jar到 \webapps\examples\WEB-INF\lib\目录下, 在\webapps\examples\WEB-INF\web.xml 文件中增加如下内容:
<!-- ======================== 单点登录开始 ======================== --><!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置--><listener><listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class></listener> <!-- 该过滤器用于实现单点登出功能,可选配置。 --><filter><filter-name>CAS Single Sign Out Filter</filter-name><filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class></filter><filter-mapping><filter-name>CAS Single Sign Out Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping> <filter><filter-name>CAS Filter</filter-name><filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class><init-param><param-name>casServerLoginUrl</param-name><param-value>https://server.zhang.com:8080/cas/login</param-value></init-param><init-param><param-name>serverName</param-name><param-value>http://client.zhang.com:18080</param-value></init-param></filter><filter-mapping><filter-name>CAS Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping><!-- 该过滤器负责对Ticket的校验工作,必须启用它 --><filter><filter-name>CAS Validation Filter</filter-name><filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class><init-param><param-name>casServerUrlPrefix</param-name><param-value>https://server.zhang.com:808/cas</param-value></init-param><init-param><param-name>serverName</param-name><param-value>http://client.zhang.com:18080</param-value></init-param></filter><filter-mapping><filter-name>CAS Validation Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping> <!--该过滤器负责实现HttpServletRequest请求的包裹,比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。--><filter><filter-name>CAS HttpServletRequest Wrapper Filter</filter-name><filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class></filter><filter-mapping><filter-name>CAS HttpServletRequest Wrapper Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping> <!--该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。比如AssertionHolder.getAssertion().getPrincipal().getName()。--><filter><filter-name>CAS Assertion Thread Local Filter</filter-name><filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class></filter><filter-mapping><filter-name>CAS Assertion Thread Local Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping> <!-- ======================== 单点登录结束 ======================== -->
----------------- 启动后,输入:http://client.zhang.com.18080/example/如果没有验证用户身份,就会直接跳转到服务的登录界面,如果验证了,就会直接进入到相应的页面
在servlet中获取到用户输入的用户名:
-------
在创建这个web服务是,需要的包有:cas-client-core.3.3.3.jar ,但是这个包还需要其他两个包: commons-lang-2.4.jar slf4j-api-1.7.25.jar
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
遇到的问题:
1、
严重: Servlet.service() for servlet [default] in context with path [/SSO] threw exceptionjava.lang.NullPointerException at java.lang.StringBuffer.indexOf(Unknown Source) at java.lang.StringBuffer.indexOf(Unknown Source) at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:169) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:100) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1132) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1539) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1495) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Unknown Source)
解决办法:在web.xml文件中的CASFilter 和CAS Validation Filter过滤器中的<init-param> <param-name>serverName</param-name> 中的serverName改为service
2、
十月 16, 2017 2:55:02 下午 org.apache.catalina.core.StandardWrapperValve invoke严重: Servlet.service() for servlet [LoginServlet] in context with path [/SSO] threw exceptionjava.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:409) at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:45) at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:200) at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:206) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:180) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:100) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1132) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1539) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1495) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Unknown Source)Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) at sun.security.ssl.Handshaker.processLoop(Unknown Source) at sun.security.ssl.Handshaker.process_record(Unknown Source) at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:395) ... 27 moreCaused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ... 40 moreCaused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 46 more十月 16, 2017 3:02:23 下午 org.apache.catalina.core.StandardWrapperValve invoke严重: Servlet.service() for servlet [LoginServlet] in context with path [/SSO] threw exception [Filter execution threw an exception] with root causejava.lang.Error: Unresolved compilation problem: The method logout() is undefined for the type HttpServletRequest at org.jasig.cas.client.session.SingleSignOutHandler$Servlet30LogoutStrategy.logout(SingleSignOutHandler.java:380) at org.jasig.cas.client.session.SingleSignOutHandler.destroySession(SingleSignOutHandler.java:316) at org.jasig.cas.client.session.SingleSignOutHandler.process(SingleSignOutHandler.java:212) at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:99) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1132) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1539) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1495) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Unknown Source)
原因:证书导入不正确导致的,特别是同一台机器上,证书的导入。需要确定eclipse引用的jdk是不是你导入的证书的jdk,如果是用tomcat直接启动的,需要确认tomcat配置的jdk是不是你引入的证书的jdk.下面是eclipse中引用的jdk路径:
参考文章:http://www.micmiu.com/enterprise-app/sso/sso-cas-sample/
http://www.kafeitu.me/sso/2010/11/05/sso-cas-full-course.html
--------------------完工-------------------------
- 关于CAS单点登录的实例
- CAS单点登录实例
- CAS单点登录实例
- 关于CAS单点登录的学习
- CAS SSO单点登录实例
- 单点登录cas的使用
- CAS的单点登录原理
- CAS 实现的单点登录
- CAS 实现的单点登录
- SSO之CAS单点登录实例演示
- SSO之CAS单点登录实例演示
- CAS SSO单点登录实例详细步骤
- SSO之CAS单点登录实例演示
- SSO之CAS单点登录实例演示
- SSO之CAS单点登录实例演示
- SSO之CAS单点登录实例演示
- SSO之CAS单点登录实例演示
- SSO之CAS单点登录实例演示
- 1003. 我要通过!(20)
- 方法之间参数传递问题
- IDEA junit运行时编译错误
- tomcat 单个tomcat配置多个web应用
- mongodb导入csv格式 获取指定字段
- 关于CAS单点登录的实例
- 算法总结
- Handle简单讲解
- Unity 3D--摄像机平滑跟随(方法一)
- 判断网络状态
- 如何用git将项目代码上传到github
- 输入一个链表,从尾到头打印链表每个节点的值。
- LeetCode题解系列--685. Redundant Connection II
- c++类定义和类实现