Cas Server和Cas Client以及退出详解

Cas server改造和Cas client配置说明
Cas Server改造
我这里讲cas Server更名为TrainCasServer 部署在tomcat下
第一步:
在deployerConfigContext.xml加入自己的配置

<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />这个是做caserver 自己验证的,只要用户名密码一致就可通过验证
我们这里要做自己的数据库验证

把<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />给注释掉
在后面加入
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource" />
<property name="sql" value="select password from user where account=?" />
</bean>
在<sec:user-service id="userDetailsService">
        <sec:user name="battags" password="notused" authorities="ROLE_ADMIN" />
</sec:user-service>后面加入
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
                   <property name="driverClassName">
                            <value>com.mysql.jdbc.Driver</value>
                   </property>
                   <property name="url">
                            <value>jdbc:mysql://localhost:3306/digitalschooltrain</value>
                   </property>
                   <property name="username">
                            <value>root</value>
                   </property>
                   <property name="password">
                            <value>root</value>
                   </property>
</bean>
第二步:WEB-INF-->spring-configuration下找到ticketGrantingTicketCookieGenerator.xml
将里面 p:cookieSecure=”true” 改为false;这是我因为后面client用的是Http协议访问而不是https,不改后面生成的票据就为空,退出就没有效果
第三部:修改cas-servlet.xml 找到logoutController控制器,在里面加入p:followServiceRedirects=”true”;这是后面我们做退出时可以重定向路径
例如http://demo.outegg.com:8080/TrainCasServer/logout?service=http://demo.outegg.com:8080/Test/login.jsp

至此casServer端配置完成
CasClient配置
第一步：配置SSL证书
以命令方式换到目录%TOMCAT_HOME%,在command命令行输入如下命令：

Keytool -genkey -alias tomcat_key -keyalg RSA -storepass changeit -keystore server.keystore -validity 3600
下面的信息提示随便写
您的名字与姓氏是什么？
  [Unknown]：  demo.outegg.com
您的组织单位名称是什么？
  [Unknown]：  demo.outegg.com
您的组织名称是什么？
  [Unknown]：  demo.outegg.com
您所在的城市或区域名称是什么？
  [Unknown]：
您所在的州或省份名称是什么？
  [Unknown]：
该单位的两字母国家代码是什么
  [Unknown]：
CN=demo.outegg.com, OU=demo.outegg.com, O=demo.outegg.com, L=Unknown, ST=Unknown
, C=Unknown 正确吗？
按Y键
---说明下 demo.outegg.com是我在我电脑上的host文件做了个映射处理
127.0.0.1  demo.outegg.com
  [否]：第二步: 导出证书
Keytool -export -trustcacerts -alias tomcat_key -file server.cer -keystore server.keystore -storepass changeit
第三步: 把证书导入tomcat应用的JDK下(这步比较关键,很多时候报证书错误,其实是证书没有导入tomcat所应用的JDK)
第四步:在tomcat的server.xml配置文件中加入
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8443" minSpareThreads="5" maxSpareThreads="75"
           enableLookups="true" disableUploadTimeout="true"  
           acceptCount="100"  maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="C:/Program Files/Apache Software Foundation/Tomcat 7.0/server.keystore"  <!--server.keystore 完整路径 -->
                      truststoreFile="C:/Program Files/Java/jdk1.7.0_01/jre/lib/security/cacerts" <!--cacerts 完整路径 一般为%JAVA_HOME%/jre/lib/security/cacerts-->
           keystorePass="changeit"/>
第五步:在客户端应用配置web.xml
加入cas filter
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>

<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://demo.outegg.com:8443/TrainCasServer</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://demo.outegg.com:8443/TrainCasServer/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://demo.outegg.com:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://demo.outegg.com:8443/TrainCasServer</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://demo.outegg.com:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>