1、服务端(http)
-
部署
- 下载地址cas4.0.0服务端
- 解压并进入目录cas-server-4.0.0-release.zip\cas-server-4.0.0\modules,找到war包cas-server-webapp-4.0.0.war
- 将war包改名为cas,放到tomcat的webapps下发布项目
- 打开浏览器输入http://localhost:8080/cas,成功如下图
-
配置mysql连接
- 打开cas\WEB-INF\deployerConfigContext.xml
- 找到id为primaryAuthenticationHandler的bean,修改为
<bean id="primaryAuthenticationHandler" class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"> <property name="dataSource" ref="dataSource"></property> <property name="sql" value="select password from user where user_name=?"></property> </bean> - 添加数据源
<!-- 数据源配置 --> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName" value="com.mysql.jdbc.Driver"></property> <property name="url" value="jdbc:mysql://localhost:3306/ossm"></property> <property name="username" value="root"></property> <property name="password" value="123456"></property> </bean> - 添加jar包:
- 打开cas\cas-server-4.0.0\modules
- 复制cas-server-support-jdbc-4.0.0到项目的cas\WEB-INF\lib目录下
- 下载mysql驱动mysql-connector-java-5.0.2.jar,添加到cas\WEB-INF\lib目录下
- 重启tomcat
-
去掉https验证
- 打开cas/WEB-INF/deployerConfigContext.xml
增加参数p:requireSecure="false",是否需要安全验证,即HTTPS,false为不采用。修改后为:<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient"/><bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" p:requireSecure="false"/> - 打开cas/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml
p:cookieSecure="true"改成p:cookieSecure="false"<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" p:cookieSecure="true" p:cookieMaxAge="-1" p:cookieName="CASTGC" p:cookiePath="/cas" /> - 打开WEB-INF\spring-configuration\warnCookieGenerator.xml
将p:cookieSecure="true" 改成false<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" p:cookieSecure="true" p:cookieMaxAge="-1" p:cookieName="CASPRIVACY" p:cookiePath="/cas" />
- 打开cas/WEB-INF/deployerConfigContext.xml
2、客户端
- 在maven配置文件添加依赖
<!--cas客户端--> <dependency> <groupId>org.jasig.cas.client</groupId> <artifactId>cas-client-core</artifactId> <version>3.3.3</version> </dependency> <dependency> <groupId>xml-apis</groupId> <artifactId>xml-apis</artifactId> <version>1.4.01</version> </dependency> - 配置web.xml文件
<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置--> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <!-- 该过滤器用于实现单点登出功能,可选配置 --> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>CAS Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <!--casServer的登录访问路径--> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://localhost:8080/cas/login</param-value> </init-param> <!--casServer的根访问路径--> <!--需要将serverName的参数设置为本地登录系统使用的ip:port参数,登录后跳转的url(此项目)--> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8090</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 该过滤器负责对Ticket的校验工作,必须启用它 --> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class> org.jasig.cas.client.validation.Cas10TicketValidationFilter </filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://localhost:8080/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8090</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 该过滤器负责实现HttpServletRequest请求的包裹,比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。 --> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。比如AssertionHolder.getAssertion().getPrincipal().getName()。 --> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
3、报错
unable to find valid certification path to requested target
https证书问题,将证书导入到起作用的jdk里面
java.security.cert.CertificateException: No name match
生成证书的时候,“您的名字与姓氏是什么”应填写项目域名,比如localhost
java.lang.IllegalArgumentException: casServerUrlPrefix cannot be null.
客户端使用的cas-client-core版本不对,4.0.0的服务端应使用3.3
java.lang.NoClassDefFoundError: org/w3c/dom/ElementTraversal
添加依赖xml-apis
````
<dependency>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
<version>1.4.01</version>
</dependency>
````
