使用CAS部署SSO服务的简单实现
来源:互联网 发布:商家管理 源码 编辑:程序博客网 时间:2024/06/05 16:21
系统:CentOS release 6.4JDK:1.6.0_21-b06Tomcat:6.0.0.29cas-server:3.5.2cas-client:3.2.1
一、创建证书
1、在 $TOMCAT_HOME 下创建keystore目录;
2、用JDK自带的keytool工具生成证书:
# keytool -genkey -alias test -keyalg RSA -keystore /usr/local/tomcat/keystore/test.keystore
Enter keystore password:Re-enter new password:What is your first and last name? [Unknown]: sso.test.com(单点登录的服务器域名)What is the name of your organizational unit? [Unknown]: test.comWhat is the name of your organization? [Unknown]: test.comWhat is the name of your City or Locality? [Unknown]: BeijingWhat is the name of your State or Province? [Unknown]: BeijingWhat is the two-letter country code for this unit? [Unknown]: ZHIs CN=sso.test.com, OU=test.com, O=test.com, L=Beijing, ST=Beijing, C=ZH correct? [no]: yesEnter key password for <tootoo> (RETURN if same as keystore password): Re-enter new password:
3、导出证书:
# keytool -export -file /usr/local/tomcat/keystore/test.keystore.crt -alias test -keystore /usr/local/tomcat/keystore/test.keystore
4、为客户端的JVM导入证书:
# keytool -import -keystore /usr/java/jdk1.6.0_21/jre/lib/security/cacerts -file /usr/local/tomcat/keystore/test.crt -alias test
Enter keystore password:(输入changeit)
Owner: CN=sso.tootoo.cn, OU=ninetowns.com, O=tootoo.cn, L=Beijing, ST=Beijing, C=ZHIssuer: CN=sso.tootoo.cn, OU=ninetowns.com, O=tootoo.cn, L=Beijing, ST=Beijing, C=ZHSerial number: 52fad92aValid from: Wed Feb 12 10:15:06 CST 2014 until: Tue May 13 10:15:06 CST 2014Certificate fingerprints: MD5: 44:C5:A5:76:26:5A:69:C0:0A:7D:9E:9A:D5:C1:86:C1 SHA1: FB:21:EB:E7:9D:2C:5D:1C:6E:58:2F:22:D3:4F:95:70:DF:C3:CA:79 Signature algorithm name: SHA1withRSA Version: 3Trust this certificate? [no]:yes
(删除证书)
# keytool -delete -alias test -keystore /usr/java/jdk1.6.0_21/jre/lib/security/cacerts -storepass changeit
二、将应用证书配置到Server端的Tomcat中
1、编辑Tomcat的server.xml文件:
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" enableLookups="true" disableUploadTimeout="true" acceptCount="100" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/usr/local/tomcat/keystore/test.keystore" keystorePass="111111" clientAuth="false" sslProtocol="TLS"/>
2、启动Tomcat,访问 https://sso.test.com:8443/,出现如下页面:
添加例外后,进入Tomcat主页。
三、部署CAS Server端服务
1、下载 CAS,http://www.jasig.org/cas/download,Maven构建后,打包cas-server-webapp;
2、将car.war包放到Tomcat的webapps目录中,重启Tomcat;
3、启动Tomcat,访问 https://sso.test.com:8443/cas/,出现如下页面:
4、输入任意用户名,密码保证与用户名相同即可登录成功,出现如下页面:
四、部署客户端
1、编辑客户端web.xml文件,增加如下内容:
<listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>CASFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://sso.test.com:8443/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:18080</param-value> </init-param> </filter> <filter-mapping> <filter-name>CASFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://sso.test.com:8443/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:18080</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
2、创建index.jsp文件,内容如下:
<%@ page import="org.jasig.cas.client.validation.Assertion,org.jasig.cas.client.util.AbstractCasFilter,org.jasig.cas.client.authentication.AttributePrincipal"%><% Assertion assertion = (Assertion) request.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);AttributePrincipal principal = assertion.getPrincipal();String username = null; out.print("UserName:"); if (null != principal) { username = principal.getName(); out.println("<span style='color:red;'>" + username + "</span><br>"); }%>
3、启动客户端,访问http://localhost:18080/,跳转到CAS登录页,登录成功后返回index.jsp
0 0
- 使用CAS部署SSO服务的简单实现
- 使用cas实现sso
- 使用CAS实现SSO.
- 使用CAS实现SSO
- 使用cas实现sso [摘]
- CAS 的SSO实现细节
- CAS实现SSO的过程
- 【Cas】(一)cas实现SSO简单介绍
- [学习] 使用 CAS 实现 SSO 实践过程
- 使用CAS实现SSO(单点登录)
- 使用CAS实现SSO简洁教程
- 使用CAS实现SSO简洁教程
- java使用CAS实现SSO单点登录
- SSO的CAS单点登录简单例子
- 用cas实现sso的方法
- SSO---CAS实现单点登录的HelloWorld
- cas+sso实现单点登录的步骤
- sso 单点登录cas使用(1): cas 4.2.7 maven cas-overlay部署服务端
- SVG与perl SVG学习笔记
- JDK8 RC 版发布
- ios之应用数据存储四:CoreData
- WPF命令参数
- 启动startUML时报“System Error. code:1772. RPC服务器不可用”的解决办法
- 使用CAS部署SSO服务的简单实现
- ubuntu下音频播放器
- android ListView详解
- 将一个Arraylist去重
- MySql模糊查询like通配符使用详细介绍
- eclipse 默认函数折叠(打开)
- Android两次按返回键退出应用程序
- 11.HTML5 JavaScript DOM
- PHP可能不知道的函数,介绍