keytool 的使用

写的不全，为了方便理解，可以操作下 dos窗口中有许多有用的提示

1 进入操作界面

C:/Documents and Settings/Administrator>cd C:/Program Files/Java/jdk1.6.0_10/bin

 

2 帮助
C:/Program Files/Java/jdk1.6.0_10/bin>keytool.exe

 

3 产生证书库 该库包含公私 会在C:/Program Files/Java/jdk1.6.0_10/bin> 目录下产生个名字为.keystore 的库文件

您的名字与姓氏是什么？
  [Unknown]：  localhost

C:/Program Files/Java/jdk1.6.0_10/bin>keytool -genkey -alias tomcat -keyalg RSA -keystore .keystore

 

4查看 库

C:/Program Files/Java/jdk1.6.0_10/bin>keytool -list -keystore .keystore

 

5将 .keystore 复制到 tomcat /conf 下
 在server.xml
中修改
 <Connector port="8443" maxHttpHeaderSize="8192"
   keystorePass="5759107" keystoreFile="/conf/.keystore"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

 

6 根据证书库 .keystore 中的名字为"tomcat" 的私钥导出公钥 abc.crt

C:/Program Files/Java/jdk1.6.0_10/bin>keytool -export -alias tomcat -file abc.crt -keystore .keystore

 

7双击该密钥可以安装 abc.crt

 

8 将abc.cr （公钥）t添加到证书库中 cacets 是公钥证书库文件  .keystore 中包含私钥

C:/Program Files/Java/jdk1.6.0_10/bin>keytool -import  -keystore cacerts -file abc.crt -alias tomcat

 

9 下载  cas-server-3.4.2-release.zip  解压 找到 cas-server-webapp-3.4.2.war

    将 cas-server-webapp-3.4.2.war 复制到D:/tomcat5.5/webapps/ 下

 下载cas-client-2.0.11.zip  将E:/Downloads/cas-client-2.0.11/cas-client-2.0.11/java/lib/casclient.jar 添加

10

然后将cacerts 复制到%JAVA_HOME%/jre/lib/security/目录下

 

11 在APP 项目中的web.xml 加

 <filter>
  <filter-name>CASFilter</filter-name>
  <filter-class>
   edu.yale.its.tp.cas.client.filter.CASFilter
  </filter-class>
  <init-param>
   <param-name>
    edu.yale.its.tp.cas.client.filter.loginUrl
   </param-name>
   <param-value>
    https://localhost:8443/cas-server-webapp-3.4.2/login<!--这里是CAS server的loginURL-->
    
   </param-value>
  </init-param>
  <init-param>
   <param-name>
    edu.yale.its.tp.cas.client.filter.validateUrl
   </param-name>
   <param-value>
    https://localhost:8443/cas-server-webapp-3.4.2/proxyValidate<!--这里是CAS server的URL验证器-->
   </param-value>
  </init-param>
  <init-param>
   <param-name>
    edu.yale.its.tp.cas.client.filter.serverName
   </param-name>
   <param-value>localhost:8080<!--client:port就是需要CAS需要拦截的地址和端口，一般就是这个TOMCAT所启动的IP（默认为localhost）和port(默认8080)--></param-value>
  </init-param>
 </filter>
 <filter-mapping>
  <filter-name>CASFilter</filter-name>
  <url-pattern>/*</url-pattern>
 </filter-mapping>

 11再添加几个jar包

as-server-support-jdbc-3.3.3.jar

Cas-server-support-ldap-3.3.3.jar

Commons-dbcp.jar

Commons-pool.jar

mysql-connector-java-3.1.13-bin.jar

可能还不够，看着添加吧

 

12

deployerConfigContext.xml 更改如下

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns:p="http://www.springframework.org/schema/p"
 xmlns:sec="http://www.springframework.org/schema/security"
 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

 <bean id="authenticationManager"
  class="org.jasig.cas.authentication.AuthenticationManagerImpl">

  <property name="credentialsToPrincipalResolvers">
   <list>

    <bean
     class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />

    <bean
     class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
   </list>
  </property>

  <property name="authenticationHandlers">
   <list>

    <bean
     class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
     p:httpClient-ref="httpClient" />
  
    <bean
     class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">

     <property name="dataSource" ref="dataSource" />

     <property name="sql"
      value="select password from t_USER  where  lower(username) = lower(?)" />
<!-- 由于不知道怎么写算法所以 暂时注释掉了
     <property name="passwordEncoder"
      ref="passwordEncoder" />
 -->

    </bean>

 

   </list>
  </property>
 </bean>

 

 <sec:user-service id="userDetailsService">
  <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused"
   authorities="ROLE_ADMIN" />
 </sec:user-service>

 <bean id="attributeRepository"
  class="org.jasig.services.persondir.support.StubPersonAttributeDao">
  <property name="backingMap">
   <map>
    <entry key="uid" value="uid" />
    <entry key="eduPersonAffiliation"
     value="eduPersonAffiliation" />
    <entry key="groupMembership" value="groupMembership" />
   </map>
  </property>
 </bean>

 <bean id="serviceRegistryDao"
  class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />

 

 

 

 

 <bean id="passwordEncoder"
  class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
  autowire="byName">
  <constructor-arg value="MD5" />
 </bean>

 

 <bean id="dataSource"
  class="org.apache.commons.dbcp.BasicDataSource">
  <property name="driverClassName">
   <value>com.mysql.jdbc.Driver</value>
  </property>
  <property name="url">
   <value>jdbc:mysql://localhost/oa</value>
  </property>
  <property name="username">
   <value>root</value>
  </property>
  <property name="password">
   <value>5759107</value>
  </property>
 </bean>

 

 

</beans>
可以搜索下 “CAS在tomcat下的部署和定制(下篇)”写的很好

      百度文库中“使用CAS实现SSO”也不错