Deploy CAS server for customized JDBC Verification

1 Installation
1.1 System Configuration
The following software environments are required:
1. JDK 1.4.2 or higher
2. Tomcat 5.x

1.2 tomcat configuration, enabling SSL
1. Generate a key for SSL communication for Tomcat on the machine on which CAS is to be installed:

Keytool-genkey-alias tomcat-keyalg RSA
In this case, you need to enter the key password and other parameters (the first parameter CN must be set to the CAS machine name, and the local machine uses localhost for testing), and The. keystore key file will be generated in the user directory.

2. Export the key file:

Keytool-export-file server. CRT-alias Tomcat
Enter the password set in the previous step. The server. CRT trust is generated in the current directory.

3. Import the key for the client's JVM:

Keytool-import-keystore $ java_home/JRE/lib/security/cacerts
-File Server. CRT-alias Tomcat
When entering the password, note that the password is "changeit ".
4. Modify the tomcat configuration file on the server and enable SSL. Modify $ catalina_home/CONF/server. XML, remove the notes about the SSL section, you need to add keystorepass = "password" in the connector field (password is the password in step 1 and step 2 ), keystorefile = "keystorepath" (which can be generated in the first step. copy the keystore to $ catalina_home/CONF. In this way, keystorefile = "CONF /. keystore ").

5. Restart Tomcat and test whether https: // server: 8443 can be accessed (the server should be replaced with the machine name or IP address ).

1.3 install CAS Server

Download CAS server 3.0.4 and copy the CAS. War file to $ catalina_home/webapps. Of course, the User Password Authentication handler in CAS is very simple and must be rewritten in productization.CodeTo generate a new CAS. jar. In this case, you can access https: // localhost: 8443/CAS to test whether CAS has been successfully deployed. The CAS logon interface should be displayed.

1.4 CAS client deployment

Use Tomcat's built-in servlets-examples ($ catalina_home/webapps/Servlets-examples) and JSP-examples ($ catalina_home/webapps/JSP-examples) for testing, download the latest version of Java CAS client. jar is copied to the Lib of the WEB-INF directory of the two projects (this directory needs to be created ). Modify the WEB-INF/Web. xml of two projects and add the following filter:

<! -- CAS filters -->
<Filter>
<Filter-Name> casfilter </filter-Name>
<Filter-class> edu. Yale. Its. Tp. Cas. Client. Filter. casfilter </filter-class>
<Init-param>
<Param-Name> edu. Yale. Its. Tp. Cas. Client. Filter. loginurl </param-Name>
<Param-value> https: // server: 8443/CAS/login </param-value>
</Init-param> <! -- The server here is the IP address of the server -->
<Init-param>
<Param-Name> edu. Yale. Its. Tp. Cas. Client. Filter. validateurl </param-Name>
<Param-value> https: // sername: 8443/CAS/proxyvalidate </param-value>
</Init-param> <! -- The sername here is the host name of the server, and must be -->
<Init-param>
<Param-Name> edu. Yale. Its. Tp. Cas. Client. Filter. servername </param-Name>
<Param-value> client: Port </param-value> <! -- Client: port is the address and port to be intercepted by CAS. Generally, it is the IP address and port started by Tomcat. -->
</Init-param>
</Filter>

<Filter-mapping>
<Filter-Name> casfilter </filter-Name>
<URL-pattern>/servlet/* </url-pattern> <! -- The settings here are for servlets-examples, and for JSP-examples, set it to/* -->
</Filter-mapping>

2 Test
Restart tomcat, locate servlets-examples, and redirect any example to the CAS logon page. Then, locate JSP-examples and redirect to the CAS logon page; login at this time (the default authentication handler only requires username = password, you can select any user name); after login, it will enter JSP-examples; Continue to locate servlets-examples, you do not need to enter a password for executing any example.

Supplement:

Deploy CAS on multiple machines: these machines must be in the same domain; the server generates a certificate and the client imports the certificate (see the operation above ).

PHP client: Use the esup-phpcas client. Verify that some PHP code is as follows:
// Import phpcas lib
Include_once ('cas/CAS. php ');
// Initialize phpcas
Phpcas: client (cas_version_2_0, 'freeserver .test-toodou.com ', 8443,'/CAS ');
// Force CAS Authentication
Phpcas: forceauthentication ();
// At this step, the user has been authenticated by the CAS Server
// And the user's login name can be read with phpcas: getuser ().

// Logout if desired
If (isset ($ _ request ['logout']) {
Phpcas: Logout ();
}
After logon, the CAS server automatically redirects back to this page.

CAS server and database connection: in the actual environment, we need to go to the database to verify the user's validity and configure the JDBC connection in CAS.

First, we need to create our own database validators, of course we can also use the cas-server-jdbc.jar provided by JASIG, here we modified the CAS-server-jdbc source code to meet their needs. Deploy the JDBC driver and modified jar of MySQL to CAS %/web_inf/lib /.

Modify % CAS %/web_inf/deployerconfigcontext.. xml. The following is a section about the validators:
......................................
<Bean class = "org. JASIG. Cas. adaptors. JDBC. querydatabaseauthenticationhandler">
<Property name = "SQL" value = "select psw from user where username =? "/>
<Property name = "datasource" ref = "datasource"/>
</Bean>
</List>
</Property>
</Bean>

COM. mySQL. JDBC. driver
JDBC: mysql: // 192.168.1.246: 3306/toodou
username
*********