tomcat6.0.2 cas spring security配置开发

来源：互联网发布：arp专杀软件编辑：程序博客网时间：2024/06/05 16:13

经过一天的搜索和修改tomcat终于能够集成cas了

下载服务版本cas-server-3.3.5-release将其解压moduls目录下的cas-server-webapp-3.3.5.war修改为cas。war部署到tomcat

生成密钥之前请配置好jdk的系统变量生成密钥如下命令

@del *.bak
@del server.jks
@del *.cer
@del *.p12

: ------
: server
: ------
call keytool -genkey -keyalg RSA -dname "cn=localhost,ou=localhost,o=localhost,l=china,st=beijing,c=cn" -alias server -keypass password -keystore server.jks -storepass password

: ------
: user
: ------
call keytool -genkey -v -alias user -keyalg RSA -storetype PKCS12 -keystore user.p12 -dname "cn=user,ou=localhost,o=localhost.com,l=china,st=beijing,c=cn" -storepass password -keypass password

call keytool -export -alias user -keystore user.p12 -storetype PKCS12 -storepass password -rfc -file user.cer

call keytool -import -v -file user.cer -keystore server.jks -storepass password

: ------
: import
: ------
call keytool -export -trustcacerts -alias server -file server.cer -keystore server.jks -storepass password

call keytool -import -trustcacerts -alias server -file server.cer -keystore "D:/spring/cacerts" -storepass changeit

pause

注意黑体字的文件时我在jdk安装目录下的security文件夹下拷出来的由于我的系统是win7对C盘的安全性要求较高，若在C盘生成会出现读写错误，所以我将这个文件拷贝出来，然后再将生成的文件拷贝到security目录下。

sever.jks文件放置tomcat的config下

修改tomcat config下的server。xml文件加入

注意黑体字在tomcat6中配置这也是和其他版本的不同，

启动tomcat即可https://localhost:8443/cas/浏览看到熟悉服务器登陆界面说明已经安装成功了

部署security应用由于在MyEclipse中开发一定要注意jdk中cacerts文件是否被加入认证信息，MyEclipse编译器默认的在其安装目录下，若加入了j2eeMyEclipse首先选择的编译器是j2ee的编译器。配置文件如下

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">


       <http auto-config='true' entry-point-ref="casProcessingFilterEntryPoint">
        <intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" />
        <intercept-url pattern="/index.jsp" access="ROLE_USER" />
        <intercept-url pattern="/" access="ROLE_USER" />
        <logout logout-success-url="/cas-logout.jsp"/>
    </http>

    <user-service id="userService">
        <user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
        <user name="user" password="user" authorities="ROLE_USER" />
    </user-service>

    <authentication-manager alias="authenticationManager"/>

    <beans:bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">
        <custom-filter after="CAS_PROCESSING_FILTER"/>
        <beans:property name="authenticationManager" ref="authenticationManager"/>
        <beans:property name="authenticationFailureUrl" value="/casfailed.jsp" />
        <beans:property name="defaultTargetUrl" value="/" />
    </beans:bean>

    <beans:bean id="casProcessingFilterEntryPoint"
                class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">
        <beans:property name="loginUrl" value="https://localhost:8443/cas/login" />
        <beans:property name="serviceProperties" ref="casServiceProperties" />
    </beans:bean>

    <beans:bean id="casServiceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
        <beans:property name="service" value="https://localhost:8443/cas/j_spring_cas_security_check"/>
        <beans:property name="sendRenew" value="false"/>
    </beans:bean>

    <beans:bean id="casAuthenticationProvider"
                class="org.springframework.security.providers.cas.CasAuthenticationProvider">
        <custom-authentication-provider />
        <beans:property name="userDetailsService" ref="userService" />
        <beans:property name="serviceProperties" ref="casServiceProperties" />
        <beans:property name="ticketValidator">
            <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                <beans:constructor-arg index="0" value="https://localhost:8443/cas" />
            </beans:bean>
        </beans:property>
        <beans:property name="key" value="password" />
    </beans:bean>
</beans:beans>

web.xml文件的配置如下

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
    xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
    http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
     <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:applicationContext*.xml</param-value>
    </context-param>


    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

<welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>

证书问题请将生成的证书加载到证书受信任的根目录机构否则打开页面时会出现证书错误。