cas server和client搭建
下载地址:GitHub - apereo/cas-overlay-template at 5.3Apereo CAS WAR Overlay template. Contribute to apereo/cas-overlay-template development by creating an account on GitHub.https://github.com/apereo/cas-ov
·
cas-server
https://github.com/apereo/cas-overlay-template/tree/5.3解压压缩包,执行打包命令:
./build.sh package
再把cas.war放到tomcat 的webapp下
执行:http://localhost:8080/cas/login ,初始用户名:casuser, 密码:Mellon
配置cas server https访问:
用java自带keytool命令生成证书:
keytool -genkey -alias uums -keyalg RSA -keypass 123456 -storepass 123456 -ext san=ip:192.168.2.6 -keystore D:\apache-tomcat-9.0.62\cert\uums.keystore -validity 3600-ext san=ip:192.168.2.6 这个特别重要,这个ip是cas-client端的ip,如果不配置,cas-client通过ip就访问不了cas-server
tomcat conf\server.xml种配置:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:\apache-tomcat-9.0.62\cert\uums.keystore" keystorePass="123456"/>cas server端其实这样就可以了
cas-client
下面这两步特别重要:否则cas-client通过ip访问不了cas-server
1、导出证书
keytool -export -trustcacerts -alias uums -file D:\apache-tomcat-9.0.62\cert\uums.cer -keystore D:\apache-tomcat-9.0.62\cert\uums.keystore -storepass 123456这个uums.keystore就是cas-server种tomcat配置的那个证书
2、把证书导入到cas client所在的Jre环境中
keytool -import -alias uums -file D:\apache-tomcat-9.0.62\cert\uums.cer -keystore ..\jre\lib\security\cacertsmaven配置:
<dependency>
<groupId>net.unicon.cas</groupId>
<artifactId>cas-client-autoconfig-support</artifactId>
<version>1.4.0-GA</version>
</dependency>配置文件cas.properties:
server-url-prefix=https://192.168.2.6:8443/cas
server-login-url=https://192.168.2.6:8443/cas/login
client-host-url=http://localhost:9003/index
server-logout-url =https://192.168.2.6:8443/cas/logout
client-logout-url =https://192.168.2.6:8443/cas/logout?service=http://localhost:9003/logout/success
validation-type=cas
server-name=http://localhost:9003配置类:
package com.oumuv.cas.conf;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.PropertySource;
import org.springframework.stereotype.Component;
@PropertySource("cas.properties")
@ConfigurationProperties
@Component
public class CASConfig {
private String serverUrlPrefix;
private String serverLoginUrl;
private String clientHostUrl;
private String serverLogoutUrl;
private String validationType;
private String serverName;
private String clientLogoutUrl;
public String getServerUrlPrefix() {
return serverUrlPrefix;
}
public void setServerUrlPrefix(String serverUrlPrefix) {
this.serverUrlPrefix = serverUrlPrefix;
}
public String getServerLoginUrl() {
return serverLoginUrl;
}
public void setServerLoginUrl(String serverLoginUrl) {
this.serverLoginUrl = serverLoginUrl;
}
public String getClientHostUrl() {
return clientHostUrl;
}
public void setClientHostUrl(String clientHostUrl) {
this.clientHostUrl = clientHostUrl;
}
public String getServerLogoutUrl() {
return serverLogoutUrl;
}
public void setServerLogoutUrl(String serverLogoutUrl) {
this.serverLogoutUrl = serverLogoutUrl;
}
public String getValidationType() {
return validationType;
}
public void setValidationType(String validationType) {
this.validationType = validationType;
}
public String getServerName() {
return serverName;
}
public void setServerName(String serverName) {
this.serverName = serverName;
}
public String getClientLogoutUrl() {
return clientLogoutUrl;
}
public void setClientLogoutUrl(String clientLogoutUrl) {
this.clientLogoutUrl = clientLogoutUrl;
}
}
package com.oumuv.cas.conf;
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.EventListener;
import java.util.HashMap;
import java.util.Map;
@Configuration
public class CASAutoConfig {
@Autowired
private CASConfig casConfig;
//用户用户登出拦截
@Bean
public FilterRegistrationBean filterSingleRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new SingleSignOutFilter());
// 设定匹配的路径
registration.addUrlPatterns("/logout");
Map<String,String> initParameters = new HashMap<String, String>();
initParameters.put("casServerUrlPrefix", casConfig.getServerLogoutUrl());
registration.setInitParameters(initParameters);
// 设定加载的顺序
registration.setOrder(1);
return registration;
}
//去cas server中验证ticket的是否有效
@Bean
public FilterRegistrationBean filterValidationRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new Cas30ProxyReceivingTicketValidationFilter());
// 设定匹配的路径
registration.addUrlPatterns("/*");
Map<String,String> initParameters = new HashMap<String, String>();
initParameters.put("casServerUrlPrefix", casConfig.getServerUrlPrefix());
initParameters.put("serverName", casConfig.getServerName());
initParameters.put("useSession", "true");
registration.setInitParameters(initParameters);
// 设定加载的顺序
registration.setOrder(1);
return registration;
}
//主要是看当前session是否存在用户信息,如不存在,则进行cas登录
@Bean
public FilterRegistrationBean filterAuthenticationRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new AuthenticationFilter());
// 设定匹配的路径
registration.addUrlPatterns("/*");
Map<String,String> initParameters = new HashMap<String, String>();
initParameters.put("casServerLoginUrl", casConfig.getServerLoginUrl());
initParameters.put("serverName", casConfig.getServerName());
// initParameters.put("ignorePattern", "/logout/success");
//表示过滤所有,SimpleUrlPatternMatcherStrategy过滤规则类
initParameters.put("ignoreUrlPatternType", "com.oumuv.cas.utils.SimpleUrlPatternMatcherStrategy");
registration.setInitParameters(initParameters);
// 设定加载的顺序
registration.setOrder(1);
return registration;
}
@Bean
public FilterRegistrationBean filterWrapperRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new HttpServletRequestWrapperFilter());
// 设定匹配的路径
registration.addUrlPatterns("/*");
// 设定加载的顺序
registration.setOrder(1);
return registration;
}
@Bean
public ServletListenerRegistrationBean<EventListener> singleSignOutListenerRegistration(){
ServletListenerRegistrationBean<EventListener> registrationBean = new ServletListenerRegistrationBean<EventListener>();
registrationBean.setListener(new SingleSignOutHttpSessionListener());
registrationBean.setOrder(1);
return registrationBean;
}
}
在网上翻阅了很多帖子都没有说清楚,cas client怎么能通过ip访问cas-server端的,由于以前项目中部署过,大致如下:
Authing 是一款以开发者为中心的全场景身份云产品,集成了所有主流身份认证协议,为企业和开发者提供完善安全的用户认证和访问管理服务
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)