CAS服务端的部署及CAS与spring的整合

一 CAS服务端的部署

这里以4.0版本为例，cas-server-webapp-4.0.0.war  将其改名为cas.war放入tomcat目录下的webapps下。启动tomcat自动解压war包。

浏览器输入  http://localhost:8080/cas/login 可以看到登陆的页面 如下

这里有个固定的用户名和密码   casuser /Mellon

登录成功后会跳到登录成功的提示页面

A  修改端口

如果我们不希望用8080端口访问CAS, 可以修改端口

打开tomcat 目录 conf\server.xml  找到下面的配置

将端口8080，改为9100

B  修改CAS配置文件   

修改cas的WEB-INF/cas.properties

server.name=http://localhost:9100

C  去除https认证

CAS默认使用的是HTTPS协议，如果使用HTTPS协议需要SSL安全证书（需向特定的机构申请和购买） 。如果对安全要求不高或是在开发测试阶段，可使用HTTP协议。我们这里讲解通过修改配置，让CAS使用HTTP协议。

a  修改cas的WEB-INF/deployerConfigContext.xml

找到下面的配置

<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient"/>

修改成p:requireSecure="false"，requireSecure属性意思为是否需要安全验证 即;HTTPS，false为不采用

b 修改cas的/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml

找到下面配置

<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"       p:cookieSecure="true"       p:cookieMaxAge="-1"       p:cookieName="CASTGC"       p:cookiePath="/cas" />

参数p:cookieSecure="true"，同理为HTTPS验证相关，TRUE为采用HTTPS验证，FALSE为不采用https验证。参数p:cookieMaxAge="-1"，是COOKIE的最大生命周期，-1为无生命周期，即只在当前打开的窗口有效，关闭或重新打开其它窗口，仍会要求验证。可以根据需要修改为大于0的数字，比如3600等，意思是在3600秒内，打开任意窗口，都不需要验证。我们这里将cookieSecure改为false ,  cookieMaxAge 改为3600

c  修改cas的WEB-INF/spring-configuration/warnCookieGenerator.xml

找到下面配置

<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" p:cookieSecure="true" p:cookieMaxAge="-1" p:cookieName="CASPRIVACY" p:cookiePath="/cas" />

我们这里将cookieSecure改为false ,  cookieMaxAge 改为3600

二 CAS与spring的整合

A 导入CAS与spring的jar包（这里我将与spring相关的jar包及版本全部上传）B
  

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>com.pinyougou</groupId>
		<artifactId>pinyougou-parent</artifactId>
		<version>0.0.10-SNAPSHOT</version>
	</parent>
	<artifactId>pinyougou-user-web</artifactId>
	<packaging>war</packaging>
	<description>用户注册的服务层</description>

	<dependencies>
		<!-- Spring -->
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-context</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-beans</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-webmvc</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-jdbc</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-aspects</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-jms</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-context-support</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-test</artifactId>
		</dependency>
		
		<!-- dubbo相关 -->
		<dependency>
			<groupId>com.alibaba</groupId>
			<artifactId>dubbo</artifactId>
		</dependency>
		<dependency>
			<groupId>org.apache.zookeeper</groupId>
			<artifactId>zookeeper</artifactId>
		</dependency>
		<dependency>
			<groupId>com.github.sgroschupf</groupId>
			<artifactId>zkclient</artifactId>
		</dependency>
		<dependency>
			<groupId>junit</groupId>
			<artifactId>junit</artifactId>
		</dependency>
		<dependency>
			<groupId>com.alibaba</groupId>
			<artifactId>fastjson</artifactId>
		</dependency>
		<dependency>
			<groupId>javassist</groupId>
			<artifactId>javassist</artifactId>
		</dependency>
		<dependency>
			<groupId>commons-codec</groupId>
			<artifactId>commons-codec</artifactId>
		</dependency>
		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>servlet-api</artifactId>
			<scope>provided</scope>
		</dependency>

		
		<!--安全登陆的依赖 -->
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-web</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-config</artifactId>
		</dependency>
		<!--spring整合cas -->
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-cas</artifactId>
		</dependency>
		<!--cas -->
		<dependency>
			<groupId>org.jasig.cas.client</groupId>
			<artifactId>cas-client-core</artifactId>
			<exclusions>
				<exclusion>
					<groupId>org.slf4j</groupId>
					<artifactId>log4j-over-slf4j</artifactId>
				</exclusion>
			</exclusions>
		</dependency>


		<dependency>
			<groupId>com.pinyougou</groupId>
			<artifactId>pinyougou-pojo</artifactId>
			<version>0.0.10-SNAPSHOT</version>
		</dependency>
		<dependency>
			<groupId>com.pinyougou</groupId>
			<artifactId>pinyougou-user-interface</artifactId>
			<version>0.0.10-SNAPSHOT</version>
		</dependency>
		<dependency>
			<groupId>com.pinyougou</groupId>
			<artifactId>pinyougou-common</artifactId>
			<version>0.0.10-SNAPSHOT</version>
		</dependency>
	</dependencies>


	<build>
		<plugins>
			<plugin>
				<groupId>org.apache.tomcat.maven</groupId>
				<artifactId>tomcat7-maven-plugin</artifactId>
				<version>2.2</version>
				<configuration>
					<!-- 指定端口 -->
					<port>9106</port>
					<!-- 请求路径 -->
					<path>/</path>
				</configuration>
			</plugin>
		</plugins>
	</build>
</project>

B  导入配置文件web-xml

<!-- spring security filter过滤器链 -->
	 <filter>  
		<filter-name>springSecurityFilterChain</filter-name>  		
		 <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  
	 </filter>  
	 <filter-mapping>  
		<filter-name>springSecurityFilterChain</filter-name>  
		<url-pattern>/*</url-pattern>  
	 </filter-mapping>

C 设置spring的配置文件springSecurity.xml

<!--不 拦截过滤的 的方法及页面 -->
	<http pattern="/css/**" security="none"></http>
	<http pattern="/js/**" security="none"></http>
	<http pattern="/img/**" security="none"></http>
	<http pattern="/plugins/**" security="none"></http>
	<http pattern="/register.html" security="none"></http>
	<http pattern="/user/add.do" security="none"></http>
	<http pattern="/user/sendSms.do" security="none"></http>

	<!-- 页面拦截规则 -->
	<http use-expressions="false" entry-point-ref="casProcessingFilterEntryPoint">
		<intercept-url pattern="/**" access="ROLE_USER" />
		<csrf disabled="true" />
		<!-- custom-filter为过滤器， position 表示将过滤器放在指定的位置上，before表示放在指定位置之前 ，after表示放在指定的位置之后 -->
		<custom-filter ref="casAuthenticationFilter" position="CAS_FILTER" />
		<custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
		<custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />  
	</http>

	<!-- 入口点引用 -->
	<!-- CAS入口点 开始 -->
	<beans:bean id="casProcessingFilterEntryPoint"
		class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
		<!-- 单点登录服务器登录URL -->
		<beans:property name="loginUrl" value="http://localhost:9100/cas/login" />
		<beans:property name="serviceProperties" ref="serviceProperties" />
	</beans:bean>
	<beans:bean id="serviceProperties"
		class="org.springframework.security.cas.ServiceProperties">
		<!--service 配置自身工程的根地址+/login/cas -->
		<beans:property name="service" value="http://localhost:9106/login/cas" />
	</beans:bean>

	<!-- 认证过滤器 开始 -->
	<beans:bean id="casAuthenticationFilter"
		class="org.springframework.security.cas.web.CasAuthenticationFilter">
		<beans:property name="authenticationManager" ref="authenticationManager" />
	</beans:bean>

	<!-- 认证管理器 -->
	<authentication-manager alias="authenticationManager">
		<authentication-provider ref="casAuthenticationProvider">
		</authentication-provider>
	</authentication-manager>
	
	
	<!-- 认证提供者 -->
	<beans:bean id="casAuthenticationProvider"     class="org.springframework.security.cas.authentication.CasAuthenticationProvider">  
        <beans:property name="authenticationUserDetailsService">  
            <beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">  
                <beans:constructor-arg ref="userDetailsService" />  
            </beans:bean>  
        </beans:property>  
        <beans:property name="serviceProperties" ref="serviceProperties"/>  
        <!-- ticketValidator 为票据验证器 -->
        <beans:property name="ticketValidator">  
            <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">  
                <beans:constructor-arg index="0" value="http://localhost:9100/cas"/>  
            </beans:bean>  
        </beans:property>  
        <beans:property name="key" value="an_id_for_this_auth_provider_only"/> 
    </beans:bean>  
    
     <!-- 认证类 -->
	<beans:bean id="userDetailsService" class="com.pinyougou.user.service.UserDetailServiceImpl"/>  
	<!-- 认证过滤器 结束 -->
	
	<!-- 单点登出  开始  -->     
    <beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>          
    <beans:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">  
        <beans:constructor-arg value="http://localhost:9100/cas/logout?service=http://localhost:9103/index.html"/>  
        <beans:constructor-arg>  
            <beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>  
        </beans:constructor-arg>  
        <beans:property name="filterProcessesUrl" value="/logout/cas"/>  
    </beans:bean>  
    <!-- 单点登出  结束 --> 

注意里面的引用ref- 

在配置文件中的相应登陆的实现类即可

三 退出登陆

设置退出登录后的跳转地址（这里只是自定义的地址也可以是http://www.baidu.com)

<beans:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">          <beans:constructor-arg value="http://localhost:9100/cas/logout?service=http://localhost:9103"/>         ........  </beans:bean>

退出登录后，跳转到网站首页

<span class="safe"> <a href="/logout/cas">退出登录 </a></span>