CAS学习笔记

前端之家收集整理的这篇文章主要介绍了CAS学习笔记前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

1 实验环境

1.1 CAS Server

FreeBSD + Diablo-JDK 1.5.0 + Tomcat 6.0 + CAS Server 3.2.1

IP地址:192.168.0.180

域名:www.test.com

1.2 CAS Client

Windows + JDK 1.5.10 + Tomcat 6.0 + JA-SIG CAS-Client-3.1.3

IP地址:192.168.0.116

1.3 CAS Server 端数据验证的数据库

数据库Postgresql 8.2

IP 地址192.168.0.180

数据库名称BH_PORTAL

名称citizen

表定义:

CREATE TABLE citizen

(

citizenid character varying(20) NOT NULL,

"password" character varying NOT NULL,160) none repeat scroll 0% 0%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"> question character varying,160) none repeat scroll 0% 0%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"> answer character varying,160) none repeat scroll 0% 0%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"> name character varying NOT NULL,160) none repeat scroll 0% 0%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"> CONSTRAINT citizen_pkey PRIMARY KEY (citizenid)

)

说明:其中citizenid用于登录ID”password”用于密码校验


2 环境搭建

2.1 CAS 服务器端

2.1.1 CAS服务器端生成HTTPS证书并注册

%JAVA_HOME%/jre/lib/security目录下运行如下Shell文件

#!/bin/csh

clear

keytool -delete -alias tomcatsso -keystore cacerts -storepass changeit

keytool -list -keystore cacerts -storepass changeit

keytool -genkey -keyalg RSA -alias tomcatsso -dname "cn=www.test.com" -keystore cacerts -storepass changeit

keytool -export -alias tomcatsso -file tomcatsso.crt -keystore cacerts -storepass changeit

keytool -import -alias tomcatsso -file tomcatsso.crt -keystore cacerts -storepass changeit

keytool -list -keystore cacerts -storepass changeit

说明:在生成key的过程,"cn=www.test.com" 中的www.test.comServer端的域名。

2.1.2 配置TomcatHTTPS服务

cacerts文件复制到TOMCATconf目录下

修改server.xml

<Connector port="8080" protocol="HTTP/1.1"

connectionTimeout="20000"

redirectPort="443" />

<Connector port="443" minSpareThreads="5" maxSpareThreads="75"

enableLookups="true" disableUploadTimeout="true"

acceptCount="100" maxThreads="200"

scheme="https" secure="true" SSLEnabled="true"

clientAuth="false" sslProtocol="TLS"

keystoreFile="conf/cacerts" keystorePass="changeit"

truststoreFile="conf/cacerts"/>

启动Tomcat,测试https://www.test.com:443

2.2 CAS客户端

2.2.1 复制证书

复制tomcatsso.crt 文件%JAVA_HOME%/jre/lib/security

2.2.2 导入证书

将证书tomcatsso.crt 文件导入到cacerts文件

keytool -import -alias tomcatsso -file tomcatsso.crt -keystore cacerts -storepass changeit


3 配置

3.1 服务器端

3.1.1 部署cas server

将下载的cas-server-webapp- 3.2.1 .war复制到TOMCATwebapps目录下,并改名为cas-server.war

3.1.2 修改认证方式

WEB-INF目录下修改deployerConfigContext.xml文件

将原来的

<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />

修改

<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">

<property name="dataSource" ref="dataSource" />

<property name="sql" value="select password from citizen where citizenid = ?" />

</bean>

<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">

<property name="driverClassName">

<value>org.postgresql.Driver</value>

</property>

<property name="url">

<value>jdbc:postgresql://192.168.0.180:5432/bh_portal</value>

</property>

<property name="username">

<value>pgsql</value>

</property>

<property name="password">

<value>javac</value>

</bean>

其目的是将原来的SimpleTestUsernamePasswordAuthenticationHandler认证改为根据数据库数据进行认证。

3.2 客户端应用

3.2.1 建立应用

partner1partner2

Partner1下建立子目录secure,在secure中写2个测试页面debug.jspindex.jsp

3.2.2 P artner1配置

编辑web.xml

<?xml version="1.0" encoding="ISO-8859-1"?>

<web-app xmlns="http://java.sun.com/xml/ns/javaee"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"

version="2.5">

<context-param>

<param-name>contextConfigLocation</param-name>

<param-value>/WEB-INF/classes/spring-appContext.xml</param-value>

</context-param>

<filter>

<filter-name>CAS Single Sign Out Filter</filter-name>

<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>

</filter>

<filter-mapping>

<url-pattern>/*</url-pattern>

</filter-mapping>

<listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>

</listener>

<filter-name>CAS Authentication Filter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

<init-param>

<param-name>targetBeanName</param-name>

<param-value>casAuthenticationFilter</param-value>

</init-param>

</filter>

<filter>

<filter-name>CAS Validation Filter</filter-name>

<param-value>casValidationFilter</param-value>

</filter>

<filter-name>CAS HttpServletRequestWrapperFilter</filter-name>

<param-value>casHttpServletRequestWrapperFilter</param-value>

<filter-mapping>

<filter-name>CAS Authentication Filter</filter-name>

<url-pattern>/secure/*</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>CAS Validation Filter</filter-name>

<url-pattern>/secure/*</url-pattern>

<listener>

<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>

</web-app>

编辑spring-appContext.xml文件

/WEB-INF/classes目录下创建spring-appContext.xml文件

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

xsi:schemaLocation="http://www.springframework.org/schema/beans

http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">

<bean id="casAuthenticationFilter"

class="org.jasig.cas.client.authentication.AuthenticationFilter">

<property name ="casServerLoginUrl" value="https://www.test.com:443/cas-server/login"/>

<property name ="serverName" value="http://192.168.0.116:8080"/>

</bean>

<bean id="casValidationFilter"

class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter">

<property name="ticketValidator">

<ref bean="Cas20ServiceTicketValidator"/>

</property>

<property name="useSession" value="true"/>

<property name="serverName" value="http://192.168.0.116:8080"/>

<property name="redirectAfterValidation" value="false"/>

</bean>

<bean id="Cas20ServiceTicketValidator" class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">

<constructor-arg index="0" value="https://www.test.com:443/cas-server" />

<bean id="casHttpServletRequestWrapperFilter"

class="org.jasig.cas.client.util.HttpServletRequestWrapperFilter"/>

</beans>

复制所需JAR

cas-client-core- 3.1.3 .jarspring.jar这两个JAR包复制到/WEB-INF/lib目录下

3.2.3 P artner2配置

partner1完全相同

3.2.4 gateway参数更改(用于实验三, 在实验一和实验二中不要修改

配置index.jspGateway参数

设置Gateway参数为false(默认值为false

web.xml文件

保持原有无需改变

spring-appContext.xml文件

AuthenticationFilter对应的Bean添加一个属性gateway,并显式的设置为false

<property name ="gateway" value="false"/>

配置debug.jspGateway参数

设置Gateway参数为true(默认值为false

web.xml文件

debug.jsp独立配置上面spring-appContext.xml文件中所提及到的3个过滤器AuthenticationFilter,Cas20ProxyReceivingTicketValidationFilter,HttpServletRequestWrapperFilter

spring-appContext.xml文件

AuthenticationFilter对应的Bean添加一个属性gateway并设置值为true

<property name ="gateway" value="true"/>


4 实验

4.1 实验一:单点登录

A. 访问http://192.168.0.116:8080/partner1/secure/index.jsp

B. 浏览器RedirectCAS服务器端,输入用户名和密码,点击确认

C. 在另外一个选项卡上访问http://192.168.0.116:8080/partner2/secure/index.jsp

4.2 实验二:单点登出

A. 访问http://192.168.0.116:8080/partner1/secure/index.jsp

B. 浏览器RedirectCAS服务器端,输入用户名和密码,点击确认

C. 在另外一个选项卡上访问http://192.168.0.116:8080/partner2/secure/index.jsp

D. 在另外一个选项卡上访问https://www.test.com:443/cas-server/logout,进行登出

E. 在另外一个选项卡上访问http://192.168.0.116:8080/partner2/secure/debug.jsp,确认登出成功

4.3 实验三:测试Gateway参数

A. 访问http://192.168.0.116:8080/partner1/secure/debug.jsp

B. 在另外一个选项卡上访问http://192.168.0.116:8080/partner1/secure/index.jsp

浏览器RedirectCAS服务器端,输入用户名和密码,点击确认 原文链接:https://www.f2er.com/postgresql/197358.html

猜你在找的Postgre SQL相关文章