Deploying a CAS server to implement custom JDBC validation

1 installation
1.1 System Configuration
The following software environments are required:
1. JDK 1.4.2 or higher
2. Tomcat 5.X 1.2 tomcat configuration, enabling SSL
1. Generate a key for Tomcat for use in SSL communications on the machine where CAS is to be installed:

Keytool–genkey–alias Tomcat–keyalg RSA
The key password and other parameters need to be entered (the first parameter, CN, must be set to the CAS machine name, native uses localhost test), and the. KeyStore key file is generated in the user directory.

2. Export Key file:

Keytool–export–file Server.crt–alias Tomcat
You need to enter the password you set in the previous step, and the result will generate SERVER.CRT trust in the current directory.

3. Import the key for the client's JVM:

Keytool–import–keystore $JAVA _home\jre\lib\security\cacerts
–file Server.crt–alias Tomcat
When entering a password, note that the password is "Changeit".
4. Modify the server-side Tomcat configuration file to enable SSL. Modify the $catalina_home\conf\server.xml, remove the comment about the SSL section, and add the keystorepass= "password" in the connector field (password is the password in the 1 and 2 steps). Keystorefile= "Keystorepath" (You can copy the. KeyStore generated by the first step to the $catalina_home\conf, so keystorefile= "Conf/.keystore").

5. Restart Tomcat to test whether https://server:8443 can be accessed (server should be replaced with machine name or IP address).

1.3 CAS Server Installation

Download the CAs Server 3.0.4, copy the Cas.war to $catalina_home\webapps, and of course now the user password Authentication handler in CAs is very rudimentary, and the product must rewrite this part of the code to generate a new cas.jar. You should see the CAS login interface when you can test whether the CAS was successfully deployed by accessing Https://localhost:8443/cas.

1.4 CAS Client Deployment

Using Tomcat's Servlets-examples ($CATALINA _home\webapps\servlets-examples) and Jsp-examples ($CATALINA _home\ webapps\ jsp-examples), download the latest version of Java CAS Client, and copy Casclient.jar to the Web-inf directory of these two projects under LIB (You need to create this directory). Modify the web-inf\ Web.xml for the two items and add the following filter:

<!--CAS Filters
<filter>
<filter-name>casfilter</filter-name>
< Filter-class>edu.yale.its.tp.cas.client.filter.casfilter</filter-class>
<init-param>
< Param-name>edu.yale.its.tp.cas.client.filter.loginurl</param-name>
<param-value>https:// Server:8443/cas/login</param-value>
</init-param><!--The server here is the ip--> of the service side;
< Init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateurl</param-name>
< Param-value>https://sername:8443/cas/proxyvalidate</param-value>
</init-param><!-- The sername here is the hostname of the server and must be the
<init-param>
<param-name> Edu.yale.its.tp.cas.client.filter.servername</param-name>
<param-value>client:port</ param-value><!--Client:port is the address and port that CAs needs to intercept, typically the IP and port--> that Tomcat initiates;
</init-param>
</filter>

<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/servlet/*</url-pattern><!--settings Here are for Servlets-examples, Jsp-examples set to/*-->
</filter-mapping>

2 Test
Reboot Tomcat, navigate to Servlets-examples, and perform any of the examples that will be redirected to the CAS landing page, and then to Jsp-examples, which will also be redirected to the CAS landing page At this time login (the default authentication handler only require Username=password, you can choose any user name), login will enter the Jsp-examples, continue to navigate to Servlets-examples, execute any one of the examples do not need to enter the password.
Add:

Deploy CAs on multiple machines: These machines must be in the same domain; The server-side generates the certificate and the client imports the certificate (operations see).

PHP Client: Using the Esup-phpcas client, verify that some of the PHP code is as follows:
Import Phpcas Lib
Include_once (' cas/cas.php ');
Initialize Phpcas
Phpcas::client (cas_version_2_0, ' freeserver.test-toodou.com ', 8443, '/cas ');
Force CAS Authentication
Phpcas::forceauthentication ();
At this step, the user has been authenticated by the CAS server
And the user ' s login name can is read with Phpcas::getuser ().

Logout if desired
if (Isset ($_request[' logout ')) {
Phpcas::logout ();
}
After the login is completed, the CAS server automatically redirects back to this page.

CAS server to database connection: in the actual environment we need to validate the user's validity in the database and configure the JDBC connection in CAs.

First, we need to create our own database validator, of course, we can also use the Cas-server-jdbc.jar provided by Jasig, where we modify the CAS-SERVER-JDBC source to meet their needs. And deploy MySQL's JDBC driver and modified jar to cas%/web_inf/lib/.

Modify%cas%/web_inf/deployerconfigcontext ... XML, where a section on validators is as follows:
......................................
<bean class= "Org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler" >
<property name= "SQL" value= "select PSW from user where username=?"/>
<property name= "DataSource" ref= "DataSource"/>
</bean>
</list>
</property>
</bean>

<bean id= "DataSource" class= "Org.springframework.jdbc.datasource.DriverManagerDataSource" Close ">
<property name= "Driverclassname" ><value>com.mysql.jdbc.Driver</value></property>
<property name= "url" ><value>jdbc:mysql://192.168.1.246:3306/toodou</value></property>
<property name= "username" ><value>username</value></property>
<property name= "Password" ><value>********</value></property>
</bean>

trackback:http://tb.blog.csdn.net/trackback.aspx?postid=1503239