This article describes the configuration of the server side after work on preparation, certificate generation, etc. is completed.
- 1
Step 1: Copy all the certificate files except cacerts to the root directory of Tomcat, if the server side and client share a tomcat only need to copy once, otherwise several tomcat copies several times.
Step 2: Modify the Tomcat conf/server.xml configuration file to find the following configuration code:
<connector port= "8443" protocol= "http/1.1" sslenabled= "true"
maxthreads= "Scheme=" "https" secure= "true"
Clientauth= "false" sslprotocol= "TLS"/>
**************************************************************
Modified to:
<connector protocol= "Org.apache.coyote.http11.Http11NioProtocol"
port= "8443" minsparethreads= "5" maxsparethreads= "75"
Enablelookups= "true" disableuploadtimeout= "true"
Acceptcount= "maxthreads=" 200 "
Scheme= "https" secure= "true" sslenabled= "true"
Clientauth= "false" sslprotocol= "TLS"
Keystorefile= "D:/develop/tomcat7.0.55/server.keystore"
keystorepass= "Changeit"/>
[note] Here SSL port is 8443, if you want to access without the port number can be changed to the default port 443 , Keystorefile point to the Server.keystore file we copied, Keystorepass is the password information.
END
Step 1: Because the CAS default policy is username = password, that is, login succeeded, which is obviously unsafe, open the Tomcat installation directory by pressing Webapps/cas/web-inf find Deployerconfigcontext.xml modify the following two:
First place:
Will <bean class=
"Org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler"/>
Switch
<bean class= "Org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler" >
<property name= "DataSource" ref= "DataSource" ></property>
<property name= "SQL" value= "select password from Tbl_user where login_name=? ">
</property>
<property name= "Passwordencoder" ref= "Md5passwordencoder" ></property>
</bean>
*****************************************************************
Query the user name password from Tbl_user, the table structure is as follows.
Second place:
Add before </beans>
<bean id= "Audittrailmanager" class=
"Com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager"/>
<bean
Id= "Md5passwordencoder" class=
"Org.jasig.cas.authentication.handler.DefaultPasswordEncoder" >
<constructor-arg index= "0" >
<value>MD5</value>
</constructor-arg>
</bean>
<bean
Id= "DataSource" class= "Org.springframework.jdbc.datasource.DriverManagerDataSource" >
<property name= "Driverclassname" >
<value>com.microsoft.sqlserver.jdbc.SQLServerDriver
</value>
</property>
<property name= "url" >
<value>jdbc:sqlserver://localhost:1433;databasename=
</value>
</property>
<property name= "username" ><value>sa</value></property>
<propertyname= "Password" >
<value>databaseadmin</value>
</property>
</bean>
The SQLServer2008 database is used here, and if the other database is bold, the italic section needs to be modified.
The data table structure is as follows:
[note] The data source is SQL Server, done as the above configuration also to the database to establish the corresponding table, and the configuration of the field corresponding to the 32-bit MD5 encryption algorithm, the database must also use the password field MD5 encryption.
[Attached]:
admin888 32-bit MD5 cipher: 7fef6171469e80d32c0559f88b377245
Do not rush to run, missing jar package will be error ...
Step 2: Find the Cas-server-3.4.10/modules directory,
Copy the Cas-server-support-jdbc-3.4.10.jar and corresponding database driver packages to the CAs Lib directory.
Configuration complete, reboot tomcat, if error please check the configuration file or Jar package import is wrong!
Test: Username and password are entered 1
- 6
Then replace the user name password set in our database, if the login success indicates that the server-side configuration is successful!
END