CAS Building for Java projects

Source: Internet
Author: User
Tags cas

CAS = central authentication Service, centralized authentication services, an independent start instruction protocol. CAS is an open source project launched by Yale University, designed to provide a reliable single sign-on approach to WEB applications, and CAS became a Ja-sig project in December 2004.

Baidu Encyclopedia: Http://baike.baidu.com/subview/18179/6392359.htm#viewPageContent

Examples of Use:

First, version

CAS Service version Cas-server-3.4.8-release

CAS Client Version Cas-client-3.2.1-release

Second, create a certificate

1. Generate the certificate with the Keytool that comes with the JDK.

Command: Keytool-genkey-alias bpmkey2-keyalg rsa-keystore D:/keys/bpmkey2

This command is to create a Bpmkey2 certificate.

Note that the path must exist, and the name and surname of the item can be written.

      

2. Export the certificate

Command: Keytool-export-file d:/keys/bpm.crt-alias bpmkey2-keystore D:/keys/bpmkey2

The password is the password that created the certificate.

      

3. Import the certificate into the client JDK

Command: Keytool-import-keystore C:\Java\jdk1.7.0_11\jre\lib\security\cacerts-file d:/keys/bpm.crt-alias Bpmkey2

The password creates the certificate password.

The path to the JDK is the path to the JDK used by the project.

      

Third, build CAS server

1.cas.war placing WebApps under unpacking

Download the service side of the CAs, unzip and copy the Cas-server-webapp-3.4.8.war files from the Modules folder in the extracted files to the Tomcat\webapps directory (preferably renamed Cas.war)

2. Modify Tomcat\conf\server.xml

Where keystorefile represents the path to the certificate, and Keystorepass is the password for the certificate.

       <ConnectorPort= "8443"Protocol= "Org.apache.coyote.http11.Http11Protocol"MaxThreads= "Max"sslenabled= "true"Scheme= "https"Secure= "true"ClientAuth= "false"Sslprotocol= "TLS"Keystorefile= "D:\keys\bpmkey"Keystorepass= "pass123"/>

3. Run Tomcat to access Https://linkey:8443/cas

The certificate has a problem, click Continue browsing.

Enter the user name and password consistent characters to log in.

      

Successful login indicates that the CAS server was successfully built.

      

Iv. Configuring the CAS client (own business system)

1. Add the client jar package to the project

Unzip the Cas-client-3.1.12.zip, and in the Modules folder there are the required jar packages, put the Cas-client-core-3.2.1.jar package under the project Web-inf/lib.

2. Configuring the Client Project Web. xml

<!--======================== Single Sign-on start ======================== -    <!--for single-point exit, this filter is used for single-point logout functions, optional configuration -    <Listener>        <Listener-class>Org.jasig.cas.client.session.SingleSignOutHttpSessionListener</Listener-class>    </Listener>    <!--This filter is used to implement the single-point logout function, optional configuration.  -    <Filter>        <Filter-name>CAS Single Sign Out Filter</Filter-name>        <Filter-class>Org.jasig.cas.client.session.SingleSignOutFilter</Filter-class>    </Filter>    <filter-mapping>        <Filter-name>CAS Single Sign Out Filter</Filter-name>        <Url-pattern>/*</Url-pattern>    </filter-mapping>    <!--This filter is responsible for the user's certification work and must be enabled -    <Filter>        <Filter-name>Casfilter</Filter-name>        <Filter-class>Org.jasig.cas.client.authentication.AuthenticationFilter</Filter-class>        <Init-param>            <Param-name>Casserverloginurl</Param-name>            <Param-value>Https://zealon:8443/cas/login</Param-value>            <!--the server here is the IP of the service side -        </Init-param>        <Init-param>            <Param-name>ServerName</Param-name>            <Param-value>http://zealon:8080</Param-value>        </Init-param>    </Filter>    <filter-mapping>        <Filter-name>Casfilter</Filter-name>        <Url-pattern>/*</Url-pattern>    </filter-mapping>    <!--the filter is responsible for verifying the ticket, and it must be enabled -    <Filter>        <Filter-name>CAS Validation Filter</Filter-name>        <Filter-class>Org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</Filter-class>        <Init-param>            <Param-name>Casserverurlprefix</Param-name>            <Param-value>Https://zealon:8443/cas</Param-value>        </Init-param>        <Init-param>            <Param-name>ServerName</Param-name>            <Param-value>http://zealon:8080</Param-value>        </Init-param>    </Filter>    <filter-mapping>        <Filter-name>CAS Validation Filter</Filter-name>        <Url-pattern>/*</Url-pattern>    </filter-mapping>        <!--the filter is responsible for implementing the package requested by the HttpServletRequest, such as allowing the developer to obtain the login name of the SSO login user through the HttpServletRequest getremoteuser () method, optional configuration.  -    <Filter>        <Filter-name>CAS HttpServletRequest Wrapper Filter</Filter-name>        <Filter-class>Org.jasig.cas.client.util.HttpServletRequestWrapperFilter</Filter-class>    </Filter>    <filter-mapping>        <Filter-name>CAS HttpServletRequest Wrapper Filter</Filter-name>        <Url-pattern>/*</Url-pattern>    </filter-mapping><!--======================== Single Sign-on end ======================== -
View Code

3. Commissioning

Enter the address of your project and you will be redirected to the CAS login page.

      

Click Sign In

      

OK, you can successfully login to your business system here.

CAS Building for Java projects

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.