CAS single sign-on learning from scratch - Examples Demo

CAS single sign-on learning from scratch - Examples Demo

What is single sign-on

Single sign-on (Single Sign On), referred to as SSO, it is one of the more popular enterprise business integration solutions. SSO is defined in multiple applications, users need only log in once to access all applications of mutual trust.

There are many subsystems our current system, and these subsystems are deployed in different servers, use the traditional way of session can not be solved, we need to use single sign-related technology to solve.

 

 

 

What is CAS

CAS is an open source project initiated by Yale University, aims to provide a reliable method of single sign-on for Web applications, CAS officially became a project JA-SIG in December 2004. CAS has the following characteristics:

[1] open source enterprise single sign-on solution.

[2] CAS Server to require a separate deployment of Web applications.

[3] CAS Client support very large number of clients (in this case each Web application single sign-on system), including Java, .Net, PHP, Perl, Apache, uPortal, Ruby and so on.

From a structural point of view, CAS consists of two parts: CAS Server and CAS Client. CAS Server requires a separate deployment, mainly responsible for the certification of the user; CAS Client is responsible for handling client requests for access to protected resources, if necessary logged redirected to the CAS Server. The figure is the most basic protocol CAS process:

 

 

 

SSO single sign-on access to the process are the following steps:

1. Access Services: SSO client sends a request to access the resource service application provided by the system.

2. Directional Certification: SSO client will redirect user requests to the SSO server.

3. User Authentication: User authentication.

4. Granting Ticket: SSO server generates a random Service Ticket.

5. Verify bill: SSO server to verify the legitimacy of bills Service Ticket After authentication, allowing the client to access the service.

6. The transfer of user information: ticket verified by the SSO server, user authentication result information transmitted to the client.

 

In Linux, a Tomcat deployment of CAS

1. Enter the path 

[root@hostname /]# cd usr/local/cas

2. Place prepared ahead cas.war copied to the path we use in

[root@hostname cas]# cp /root/cas/cas.war ./

3. Place the prepared tomcat into this folder and unzip renamed tomcat

[root@hostname /]# cp /root/tomcat/apache-tomcat-7.0.47.tar.gz ./

[root@hostname cas]# tar -zxvf apache-tomcat-7.0.47.tar.gz -C ./

[root@hostname cas]# mv apache-tomcat-7.0.47.tar.gz tomcat

4. Open EditPlus 3 through FTP open the file for changes to the configuration file

Modify the configuration file /usr/local/cas/tomcat/conf/server.xml (three places you need to change the port number because of the conflict)

1.<Server port="8010" shutdown="SHUTDOWN"> 

2.  <Connector port="9100" protocol="HTTP/1.1"
　    connectionTimeout="20000"
        redirectPort="8443" />

3.    <Connector port="8011" protocol="AJP/1.3" redirectPort="8443" />

5.我们将复制过来的cas.war包部署到tomcat中(移动到webapps包中 启动tomcat 关闭tomcat 然后删除webapps中的cas.war)

注意一定要关闭tomcat才删除cas.war

[root@hostname cas]# mv cas.log tomcat/webapps/

[root@hostname cas]# sh tomcat/bin/startup.sh

[root@hostname cas]# sh tomcat/bin/shutdown.sh

[root@hostname webapps]# rm -rf cas.war

二 修改相关配置文件

更改配置文件

1.

/usr/local/cas/tomcat/webapps/cas/WEB-INF/cas.properties

server.name=http://192.168.200.128:9100     (将ip改为我们虚拟机的ip 端口号改为之前修改的端口号9100)

2.

/usr/local/cas/tomcat/webapps/cas/WEB-INF/deployerConfigContext.xml

(代码中增加一串代码p:requireSecure="false")

class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" p:requireSecure="false"/>   

3.

/usr/local/cas/tomcat/webapps/cas/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml

p:cookieSecure 修改为false   p:cookieMaxAge修改为3600

<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="false"
p:cookieMaxAge="3600"
p:cookieName="CASTGC"
p:cookiePath="/cas" />
</beans>

/usr/local/cas/tomcat/webapps/cas/WEB-INF/spring-configuration/warnCookieGenerator.xml 同理修改

三 启动tomcat 访问192.168.200.128:9100/cas/login

 

用户名:casuser    密码:Mellon    登录即可

项目Demo

我们创建两个项目来进行测试cas单点登录系统

casDemo01项目:

pom.xml

    <dependencies>
        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
            <version>4.11</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.jasig.cas.client</groupId>
            <artifactId>cas-client-core</artifactId>
            <version>3.3.3</version>
        </dependency>
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>servlet-api</artifactId>
            <version>2.5</version>
        </dependency>
    </dependencies>

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://java.sun.com/xml/ns/javaee"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         version="2.5">

  <!--用于单点退出-->
  <listener>
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
  </listener>

  <filter>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <!--用于认证-->
  <filter>
    <filter-name>CASFilter</filter-name>
    <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
    <init-param>
      <param-name>casServerLoginUrl</param-name>
      <param-value>http://192.168.200.128:9100/cas/login</param-value>

    </init-param>
    <init-param>
      <param-name>serverName</param-name>
      <param-value>http://localhost:9002</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>CASFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <!--负责校验-->
  <filter>
    <filter-name>CAS Validation Filter</filter-name>
    <filter-class> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
    <init-param>
      <param-name>casServerUrlPrefix</param-name>
      <param-value>http://192.168.200.128:9100/cas</param-value>
    </init-param>
    <init-param>
      <param-name>serverName</param-name>
      <param-value>http://localhost:9002</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <!--负责实现request请求的-->
  <filter>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <filter-class>
      org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <!--开发者可以通过ssertionThreadLocalFilter获取用户名.AssertionThread.getAsssration.getPrincipal.getName-->
  <filter>
    <filter-name>CAS Assertion Thread Local Filter</filter-name>
    <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>CAS Assertion Thread Local Filter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
</web-app>

index.jsp

<html>
<body>
<h2>Hello World!</h2>
this  is   demo01
</body>
</html>

casDemo0项目:  pom.xml与demo01相同

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://java.sun.com/xml/ns/javaee"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         version="2.5">

  <!--用于单点退出-->
  <listener>
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
  </listener>

  <filter>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <!--用于认证-->
  <filter>
    <filter-name>CASFilter</filter-name>
    <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
    <init-param>
      <param-name>casServerLoginUrl</param-name>
      <param-value>http://192.168.200.128:9100/cas/login</param-value>

    </init-param>
    <init-param>
      <param-name>serverName</param-name>
      <param-value>http://localhost:9001</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>CASFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <!--负责校验-->
  <filter>
    <filter-name>CAS Validation Filter</filter-name>
    <filter-class> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
    <init-param>
      <param-name>casServerUrlPrefix</param-name>
      <param-value>http://192.168.200.128:9100/cas</param-value>
    </init-param>
    <init-param>
      <param-name>serverName</param-name>
      <param-value>http://localhost:9001</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <!--负责实现request请求的-->
  <filter>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <filter-class>
      org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <!--开发者可以通过ssertionThreadLocalFilter获取用户名.AssertionThread.getAsssration.getPrincipal.getName-->
  <filter>
    <filter-name>CAS Assertion Thread Local Filter</filter-name>
    <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>CAS Assertion Thread Local Filter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
</web-app>

index.jsp

<html>
<body>
<h2>Hello World!</h2>
this is casDemo0
</body>
</html>

结果:

当我们访问demo0进行登录的时候 再次访问demo01就不需要进行登录可以直接访问

 

cas与mysql数据库远程连接:

配置cas集成数据库，实现动态账号密码

1、开启mysql数据库的root账号的远程连接权限

USR MYSQL;

UPDATE USER SET HOST='%' WHERE USER='root';

FLUSH PRIVILEGES;

2、在配置文件添加如下配置

1、修改配置文件

cas/WEB-INF/deployerConfigContext.xml

新增如下配置：

<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource"
p:driverClass="com.mysql.jdbc.Driver"
p:jdbcUrl="jdbc:mysql://192.168.188.1:3306/youlexuandb?characterEncoding=utf8"
p:user="root"
p:password="123" />
<bean id="passwordEncoder"
class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
c:encodingAlgorithm="MD5"
p:characterEncoding="UTF-8" />
<bean id="dbAuthHandler"
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
p:dataSource-ref="dataSource"
p:sql="select password from tb_user where username = ?"
p:passwordEncoder-ref="passwordEncoder"/>

2、找到bean id 为authenticationManager

修改其中的：<entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />

改成：<entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver"/>

3、上传相关jar包到cas/WEB-INF/lib目录

c3p0-0.9.1.2.jar
cas-server-support-jdbc-4.0.0.jar
mysql-connector-java-5.1.32.jar

4、重启cas所在tomcat服务器

 

最后就可以直接用数据库的数据进行cas登录

ps:我在运行过程中遇到一个错误 登录时一直在响应最后

页面反应是：CAS is Unavailable
There was an error trying to complete your request. Please notify your support desk or try again. 

有可能是防火墙的原因 我将防火墙关闭 重启就可以了