基于CAS的SSO实现
?????? 其实网上这样的资料google一下一大把,本来是不想再做重复无谓的东西,但是实在是忍不住的发几句牢骚,写东西是给别人分享经验的,需要好好的去伪存真。软件在不断的升级,用法也会不断的改进,不要一直用老版本的方法在新版本上面使用,不但对别人帮助不大,反而会耽误时间,还不如直接去官网翻英文文档,即便是痛苦些,也比拿到过时的东西好呀
,看看网上的实现大部分都是那个2.x和3.x的cas混用,但是这样自己不觉得不合理么,现在JASIG上面根本没有yelu的包,在配置客户端的时候还要配置yelu什么的,不说废话了,把新版本的用法贴出来,希望其他童靴不要再和俺一样走弯路。
?
???? 搭建环境:
???????? 服务器端:cas-server-webapp-3.4.2.war?
???????? 客户端:cas-client-3.1.10(做简单的演示只需要modules下的cas-client-core-3.1.10.jar和commons-??????????????????? logging-1.1.jar就行了,不需要2.x下面的东西)
??????? JDK:jdk1.6.0_10
??????? tomcat:apache-tomcat-6.0.26
?
??
??? 首先、如果启用https那么就先用keytool生成下证书,导入到tomcat所用的JDK证书中,这些资料很多就不做详细说明了,只把可能遇到的问题写下
?? 1、keytool 不支持有空格的文件路径,特别是在导入证书的时候要注意
?? 2、导入证书的时候密码是默认的changit而不是自己证书的密码
?? 3、tomcat5.x和tomcat6.x启用SSL的方式不一样
?????? 6.x的方式(单项认证)
???
<Connector protocol="org.apache.coyote.http11.Http11Protocol" port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" SSLEnabled="true" keystoreFile="${keystore_path/${name}.keystore}" keystorePass="*****"/>?
其次、搭建CAS服务器,这个没什么特别的东西,把war放到webapp中就行了
?
最后、客户端的搭建,
?????? 1、把cas-client-core-3.1.10.jar和commons-logging-1.1.jar放到应用系统的lib中。
????? 2、在web.xml增加以下配置:
???????
<context-param> <param-name>serverName</param-name> <param-value>${应用系统地址}:${端口}</param-value> </context-param><filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class> org.jasig.cas.client.session.SingleSignOutFilter </filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class> org.jasig.cas.client.session.SingleSignOutHttpSessionListener </listener-class> </listener> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class> org.jasig.cas.client.authentication.AuthenticationFilter </filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://caoshuaibiao:8443/cas342/login</param-value> </init-param> </filter> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter </filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://caoshuaibiao:8443/cas342</param-value> </init-param> </filter> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class> org.jasig.cas.client.util.HttpServletRequestWrapperFilter </filter-class> </filter> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class> org.jasig.cas.client.util.AssertionThreadLocalFilter </filter-class> </filter> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> ?3、应用中得到通过CAS认证用户的方法
?
???
<%@ page import="org.jasig.cas.client.authentication.AttributePrincipal"%><%AttributePrincipal principal = (AttributePrincipal)request.getUserPrincipal(); String username = principal.getName(); %>
????????????
?
?
?
?
?????
1 楼 yinbinhome 2011-03-13 你很负责任啊!顶你!还是原创的好啊!