使用CAS部署SSO服务的简单实现

来源：互联网发布：商家管理源码编辑：程序博客网时间：2024/06/05 16:21

系统：CentOS release 6.4JDK：1.6.0_21-b06Tomcat：6.0.0.29cas-server：3.5.2cas-client：3.2.1

一、创建证书

1、在 $TOMCAT_HOME 下创建keystore目录；
2、用JDK自带的keytool工具生成证书：

# keytool -genkey -alias test -keyalg RSA -keystore /usr/local/tomcat/keystore/test.keystore

Enter keystore password:Re-enter new password:What is your first and last name?  [Unknown]:  sso.test.com（单点登录的服务器域名）What is the name of your organizational unit?  [Unknown]:  test.comWhat is the name of your organization?  [Unknown]:  test.comWhat is the name of your City or Locality?  [Unknown]:  BeijingWhat is the name of your State or Province?  [Unknown]:  BeijingWhat is the two-letter country code for this unit?  [Unknown]:  ZHIs CN=sso.test.com, OU=test.com, O=test.com, L=Beijing, ST=Beijing, C=ZH correct?  [no]:  yesEnter key password for <tootoo>        (RETURN if same as keystore password):  Re-enter new password:

3、导出证书：

# keytool -export -file /usr/local/tomcat/keystore/test.keystore.crt -alias test -keystore /usr/local/tomcat/keystore/test.keystore

4、为客户端的JVM导入证书：

# keytool -import -keystore /usr/java/jdk1.6.0_21/jre/lib/security/cacerts -file /usr/local/tomcat/keystore/test.crt -alias test

Enter keystore password:（输入changeit）

Owner: CN=sso.tootoo.cn, OU=ninetowns.com, O=tootoo.cn, L=Beijing, ST=Beijing, C=ZHIssuer: CN=sso.tootoo.cn, OU=ninetowns.com, O=tootoo.cn, L=Beijing, ST=Beijing, C=ZHSerial number: 52fad92aValid from: Wed Feb 12 10:15:06 CST 2014 until: Tue May 13 10:15:06 CST 2014Certificate fingerprints:         MD5:  44:C5:A5:76:26:5A:69:C0:0A:7D:9E:9A:D5:C1:86:C1         SHA1: FB:21:EB:E7:9D:2C:5D:1C:6E:58:2F:22:D3:4F:95:70:DF:C3:CA:79         Signature algorithm name: SHA1withRSA         Version: 3Trust this certificate? [no]:yes

（删除证书）

# keytool -delete -alias test -keystore /usr/java/jdk1.6.0_21/jre/lib/security/cacerts -storepass changeit

二、将应用证书配置到Server端的Tomcat中

1、编辑Tomcat的server.xml文件：

<Connector           protocol="org.apache.coyote.http11.Http11NioProtocol"           port="8443" enableLookups="true" disableUploadTimeout="true"           acceptCount="100"  maxThreads="200"           scheme="https" secure="true" SSLEnabled="true"           keystoreFile="/usr/local/tomcat/keystore/test.keystore" keystorePass="111111"           clientAuth="false" sslProtocol="TLS"/>

2、启动Tomcat，访问 https://sso.test.com:8443/，出现如下页面：

添加例外后，进入Tomcat主页。

三、部署CAS Server端服务

1、下载 CAS，http://www.jasig.org/cas/download，Maven构建后，打包cas-server-webapp；
2、将car.war包放到Tomcat的webapps目录中，重启Tomcat；
3、启动Tomcat，访问 https://sso.test.com:8443/cas/，出现如下页面：

4、输入任意用户名，密码保证与用户名相同即可登录成功，出现如下页面：

四、部署客户端

1、编辑客户端web.xml文件，增加如下内容：

<listener>    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>  </listener>  <filter>    <filter-name>CAS Single Sign Out Filter</filter-name>    <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>  </filter>  <filter-mapping>    <filter-name>CAS Single Sign Out Filter</filter-name>    <url-pattern>/*</url-pattern>  </filter-mapping>   <filter>    <filter-name>CASFilter</filter-name>    <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>    <init-param>        <param-name>casServerLoginUrl</param-name>        <param-value>https://sso.test.com:8443/cas/login</param-value>    </init-param>    <init-param>        <param-name>serverName</param-name>        <param-value>http://localhost:18080</param-value>    </init-param>  </filter>  <filter-mapping>    <filter-name>CASFilter</filter-name>    <url-pattern>/*</url-pattern>  </filter-mapping>  <filter>    <filter-name>CAS Validation Filter</filter-name>    <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>    <init-param>        <param-name>casServerUrlPrefix</param-name>        <param-value>https://sso.test.com:8443/cas</param-value>    </init-param>    <init-param>        <param-name>serverName</param-name>        <param-value>http://localhost:18080</param-value>    </init-param>  </filter>  <filter-mapping>    <filter-name>CAS Validation Filter</filter-name>    <url-pattern>/*</url-pattern>  </filter-mapping>  <filter>    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>    <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>  </filter>  <filter-mapping>    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>    <url-pattern>/*</url-pattern>  </filter-mapping>   <filter>    <filter-name>CAS Assertion Thread Local Filter</filter-name>    <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>  </filter>  <filter-mapping>    <filter-name>CAS Assertion Thread Local Filter</filter-name>    <url-pattern>/*</url-pattern>  </filter-mapping>

2、创建index.jsp文件，内容如下：

<%@ page import="org.jasig.cas.client.validation.Assertion,org.jasig.cas.client.util.AbstractCasFilter,org.jasig.cas.client.authentication.AttributePrincipal"%><%    Assertion assertion = (Assertion) request.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);AttributePrincipal principal = assertion.getPrincipal();String username = null;    out.print("UserName:");    if (null != principal) {        username = principal.getName();        out.println("<span style='color:red;'>" + username + "</span><br>");    }%>

3、启动客户端，访问http://localhost:18080/，跳转到CAS登录页，登录成功后返回index.jsp

0 0