• CAS (2) —— Mac下配置CAS到Tomcat(客户端)


    CAS (2) —— Mac下配置CAS到Tomcat(客户端)


    tomcat版本: tomcat-8.0.29

    jdk版本: jdk1.8.0_65

    cas版本: cas4.1.2
    cas-client-3.4.1

    参考来源:

    CAS实现单点登录(SSO)经典完整教程

    CAS 4.0 配置开发手册

    cas客户端应用实现

    使用 CAS 在 Tomcat 中实现单点登录

    Tomcat (1) —— Mac下配置Tomcat Https/SSL

    【高可用HA】Apache (2) —— Mac下安装多个Apache Tomcat实例

    目标架构

    下载

    首先登陆jasig网站http://downloads.jasig.org/,下载相应的cas版本。

    由于网站只提供源码包而不提供发布包,所以需要自己下载来编译。

    cas会为不同的客户端消费者提供client包,这里我们选择java-client作为演示。

    编译客户端所需要的jar

    java-cas-client-cas-client-3.4.1 Richard$ mvn clean install -Dmaven.test.skip
    

    然后下载供测试的客户端示例代码(jasig在github上为我们提供了一个简易的客户端demo)

    $ git clone https://github.com/UniconLabs/cas-sample-java-webapp.git
    

    配置

    客户端

    • 设置

    参照以下文章为Tomcat配置好Https

    Tomcat (1) —— Mac下配置Tomcat Https/SSL

    【高可用HA】Apache (2) —— Mac下安装多个Apache Tomcat实例

    • 编译部署

    然后编译我们的示例项目

    :cas-sample-java-webapp Richard$ mvn clean install -Dmaven.test.skip
    

    pom.xml

    <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>iamlabs.unicon.net</groupId>
    <artifactId>cas-sample-java-webapp</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <packaging>war</packaging>
    <name>CAS Example Java Web App</name>
    <description>A sample web application that exercises the CAS protocol features via the Java CAS Client.</description>
    <build>
    	<finalName>cas-sample-java-webapp</finalName>
    	<plugins>
    		<plugin>
    			<groupId>org.apache.maven.plugins</groupId>
    			<artifactId>maven-compiler-plugin</artifactId>
    			<version>2.5.1</version>
    			<configuration>
    				<source>1.6</source>
    				<target>1.6</target>
    			</configuration>
    		</plugin>
    	</plugins>
    </build>
    
    <dependencies>
    
    	<dependency>
    		<groupId>commons-logging</groupId>
    		<artifactId>commons-logging</artifactId>
    		<version>1.1.1</version>
    	</dependency>
    
    	<dependency>
    		<groupId>log4j</groupId>
    		<artifactId>log4j</artifactId>
    		<version>1.2.16</version>
    	</dependency>
    	<dependency>
    		<groupId>org.opensaml</groupId>
    		<artifactId>opensaml1</artifactId>
    		<version>1.1</version>
    	</dependency>
    	
    	<dependency>
    		<groupId>javax.servlet</groupId>
    		<artifactId>javax.servlet-api</artifactId>
    		<version>3.1.0</version>
    		<scope>provided</scope>
    	</dependency>
    
    	<dependency>
    		<groupId>org.jasig.cas.client</groupId>
    		<artifactId>cas-client-core</artifactId>
      		<version>3.2.1</version>
    		<exclusions>
    			<exclusion>
    				<groupId>javax.servlet</groupId>
    				<artifactId>servlet-api</artifactId>
    			</exclusion>
    		</exclusions>
    	</dependency>
    
    	<dependency>
    		<groupId>commons-codec</groupId>
    		<artifactId>commons-codec</artifactId>
    		<version>1.6</version>
    	</dependency>
    
    	<dependency>
    		<groupId>org.apache.santuario</groupId>
    		<artifactId>xmlsec</artifactId>
    		<version>1.4.3</version>
    	</dependency>
    </dependencies>
    

    将编译生成的war包部署到我们的Tomcat容器中:

    项目主要包括两个页面

    index.jsp(供登陆)

    <%@page contentType="text/html"%>
    <%@page pageEncoding="UTF-8"%>
    <%@ page import="java.util.Map" %>
    <%@ page import="java.util.Iterator" %>
    <%@ page import="java.util.List" %>
    <%@ page import="org.jasig.cas.client.authentication.AttributePrincipal" %>
    
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    	"http://www.w3.org/TR/html4/loose.dtd">
    
    <html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>CAS Example Java Web App</title>
    </head>
    <body>
    
    <h1>CAS Example Java Web App</h1>
    <p>A sample web application that exercises the CAS protocol features via the Java CAS Client.</p>
    <hr>
    
    <p><b>Authenticated User Id:</b> <a href="../cas1/logout.jsp" title="Click here to log out"><%= request.getRemoteUser() %></a></p>
    
    <%
    if (request.getUserPrincipal() != null) {
      AttributePrincipal principal = (AttributePrincipal) request.getUserPrincipal();
      
      /*
      final String password = principal.getPassword();
      if (password != null) {
        out.println("<p><b>User Credentials:</b> " + password + "</p>");
      }
      */
      
      final Map attributes = principal.getAttributes();
      
      if (attributes != null) {
        Iterator attributeNames = attributes.keySet().iterator();
        out.println("<b>Attributes:</b>");
        
        if (attributeNames.hasNext()) {
          out.println("<hr><table border='3pt' width='100%'>");
          out.println("<th colspan='2'>Attributes</th>");
          out.println("<tr><td><b>Key</b></td><td><b>Value</b></td></tr>");
    
          for (; attributeNames.hasNext();) {
            out.println("<tr><td>");
            String attributeName = (String) attributeNames.next();
            out.println(attributeName);
            out.println("</td><td>");
            final Object attributeValue = attributes.get(attributeName);
    
            if (attributeValue instanceof List) {
              final List values = (List) attributeValue;
              out.println("<strong>Multi-valued attribute: " + values.size() + "</strong>");
              out.println("<ul>");
              for (Object value: values) {
                out.println("<li>" + value + "</li>");
              }
              out.println("</ul>");
            } else {
              out.println(attributeValue);
            }
            out.println("</td></tr>");
          }
          out.println("</table>");
        } else {
          out.print("No attributes are supplied by the CAS server.</p>");
        }
      } else {
        out.println("<pre>The attribute map is empty. Review your CAS filter configurations.</pre>");
      }
    } else {
        out.println("<pre>The user principal is empty from the request object. Review the wrapper filter configuration.</pre>");
    }
    %>
    
    </body>
    </html>
    

    logout.jsp(注销)

    <%@page contentType="text/html"%>
    <%@page pageEncoding="UTF-8"%>
    <%@ page import="java.util.Map" %>
    <%@ page import="java.util.Iterator" %>
    <%@ page import="org.jasig.cas.client.authentication.AttributePrincipal" %>
    
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    	"http://www.w3.org/TR/html4/loose.dtd">
    
    <%
    	session.invalidate();
    %>
    
    <html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>CAS Example Java Web App</title>
    </head>
    <body>
    	<h1>CAS Example Java Web App</h1>
        <p>Application session is now invalidated. You may also issue a request to "/cas/logout" to destroy the CAS SSO Session as well.</p>
        <hr>
        
    	<a href="../cas1/index.jsp">Back to Home</a>
    </body>
    </html>
    
    • 配置CAS Authentication Filter

    web.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
    <filter>
    	<filter-name>CAS Authentication Filter</filter-name>
    	<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
    	<!-- <filter-class>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class> -->
    	<!-- <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> -->
    	<init-param>
    		<param-name>casServerLoginUrl</param-name>
    		<param-value>https://sso.hoau.com:8433/cas/login</param-value>
    	</init-param>
    	<init-param>
    		<param-name>serverName</param-name>
    		<param-value>https://app1.hoau.com:8413</param-value>
    	</init-param>
    </filter>
    
    <filter>
    	<filter-name>CAS Validation Filter</filter-name>
    	<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
    	<!-- <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class> -->	
    	<!-- <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>	-->	
    	<init-param>
    		<param-name>casServerUrlPrefix</param-name>
    		<param-value>https://sso.hoau.com:8433/cas</param-value>
    	</init-param>
    	<init-param>
    		<param-name>serverName</param-name>
    		<param-value>https://app1.hoau.com:8413</param-value>
    	</init-param>
    	<init-param>
    		<param-name>redirectAfterValidation</param-name>
    		<param-value>true</param-value>
    	</init-param>
    	<init-param>
    		<param-name>useSession</param-name>
    		<param-value>true</param-value>
    	</init-param>
    	<init-param>
    		<param-name>acceptAnyProxy</param-name>
    		<param-value>true</param-value>
    	</init-param>
    	<!--
    	<init-param>
    		<param-name>proxyReceptorUrl</param-name>
    		<param-value>/cas1/proxyUrl</param-value>
    	</init-param>
    	<init-param>
    		<param-name>proxyCallbackUrl</param-name>
    		<param-value>https://app1.hoau.com:8413/cas1/index.jsp</param-value>
    	</init-param>
    	-->
    </filter>
    
    <filter>
    	<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    	<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
    </filter>
    
    <filter-mapping>
    	<filter-name>CAS Validation Filter</filter-name>
    	<url-pattern>/*</url-pattern>
    </filter-mapping>
    
    <filter-mapping>
    	<filter-name>CAS Authentication Filter</filter-name>
    	<url-pattern>/*</url-pattern>
    </filter-mapping>
    
    <filter-mapping>
    	<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    	<url-pattern>/*</url-pattern>
    </filter-mapping>
    
    <welcome-file-list>
    	<welcome-file>
            index.jsp
    </welcome-file>
    </welcome-file-list>
    </web-app>
    
    * 以上web.xml配置中有四处需要注意的地方
    1. cas目标服务器登陆页面的配置

       <init-param>
       	<param-name>casServerLoginUrl</param-name>
       	<param-value>https://sso.hoau.com:8433/cas/login</param-value>
       </init-param>
      
    2. 本机服务器的地址(即当前node-a)

       <init-param>
       	<param-name>serverName</param-name>
       	<param-value>https://app1.hoau.com:8413</param-value>
       </init-param>
      
    3. "Cas20ProxyReceivingTicketValidationFilter"

      2.x和3.x以前也有其他的Ticket校验方式,这里官方推荐用Cas20Proxy

       <filter>
       <filter-name>CAS Validation Filter</filter-name>
       <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
       <init-param>
       	<param-name>casServerUrlPrefix</param-name>
       	<param-value>https://sso.hoau.com:8433/cas</param-value>
       </init-param>
       <init-param>
       	<param-name>serverName</param-name>
       	<param-value>https://app1.hoau.com:8413</param-value>
       </init-param>
      
    4. 暂时将proxyReceptorUrl和proxyCallbackUrl注释掉,因为这里没有使用代理

       <!--
       <init-param>
       	<param-name>proxyReceptorUrl</param-name>
       	<param-value>/cas1/proxyUrl</param-value>
       </init-param>
       <init-param>
       	<param-name>proxyCallbackUrl</param-name>
       	<param-value>https://app1.hoau.com:8413/cas1/index.jsp</param-value>
       </init-param>
       -->
      

    测试

    尝试访问

    https://app1.hoau.com:8413/cas1
    

    * 抱歉此处配图为node-b的

    并使用我们在数据库里面预埋的数据"test01/psw01"登陆

    使用相同方式将cas2部署到node-b节点,并指向cas的SSO服务器

    *扩展

    我们清空浏览器的cache和cookie,按照下列步骤操作

    1. 访问"https://app1.hoau.com:8413/cas1"

      系统会将我们重定向到"https://sso.hoau.com:8433/cas/login"。

    2. 输入用户名密码"test01/psw01"

      登陆成功

    3. 访问"https://app2.hoau.com:8423/cas2"

      系统会自动登陆使用用户名密码"test01/psw01"。

    问题来了

    这就是达到了SSO的效果,但是为什么是这样,原理是什么

    结束

  • 相关阅读:
    [swustoj 411] 售货员的难题
    白书P61
    白书P60
    [ZOJ 3471] Most Powerful
    [HDU 3001] Travelling
    [转] acmer必看的26个对acm态度
    [HDU 1254] 推箱子
    [POJ 3311] Hie with the Pie
    [POJ 3254] Corn Fields
    power
  • 原文地址:https://www.cnblogs.com/richaaaard/p/5045433.html
Copyright © 2020-2023  润新知