Recent project needs, need to do a single sign-on function, because previously did not contact SSO, not very understanding, consult the data after choosing to use CAS as the research object. CAS is a single sign-on server developed by Yale University.
Learn from: http://blog.csdn.net/small_love/article/details/6664831 experience,
1. Development environment
2. The development steps are broadly divided into three parts
3. Generate a Certificate
The certificate is very important for this single sign-on, the certificate is the credentials of the server side and the client secure communication, this tutorial is just a demonstration, all use the JDK comes with the certificate Generator tool Keytool.
1. Generate a Certificate
Command: Keytool-genkey-alias sslverisign-keyalg rsa-keystore D:/keys/smallkey
Where Sslverisign is an alias of the generated certificate the custom D:/keys/smallkey is the generated path be sure to ensure that the generated path is present and Smallkey will create it yourself.
After the command executes, such as:
Where the name and surname of this best write your domain name, if you click on the test you can map a virtual domain name in the C:\Windows\System32\drivers\etc\hosts file.
Do not write IP where the Scarlet letter part is very important, it will be used later.
To configure the local virtual domain name: C:\Windows\System32\drivers\etc\hosts Find the Hosts file to open the edit input as follows:
Configuration when the file can not be modified sometimes can not save, from a Baidu bar has a solution.
2. Export the certificate
C:\>keytool-export-file D:/keys/ssl.crt-alias Sslverisign-keystore D:/keys/smallkey
SSL.CRT the name of the generated certificate
After execution such as:
Password is the first step of the password you set
3. Import the certificate into the client JDK
Command: Keytool-import-keystore C:\Java\jdk1.7.0_15\jre\lib\security\cacerts-file d:/keys/ssl.crt-alias sslverisign
EXECUTE as follows:
Import succeeded.
The problem that this step is prone to is:
1.keytool Error: Java.io.IOException:Keystore was tampered with, or password was incorrect
The solution to the error is to remove the Cacerts file under%java_home%\lib\security and execute the
2. There is also the location path of the JDK storage if there is a blank space will also cause the import certificate is not successful, prompt illegal (the default installation of the JDK, such as: C:\Program Files There are spaces will cause the import is unsuccessful), you need to be aware.
4. Configure the server side
1, download the service side of the CAS Cas-server-4.0.0-release.zip decompression, the extracted files in the Modules folder Cas-server-webapp-4.0.0.war file copy of the D:\ Apache-tomcat7\webapps directory and rename to Cas.war:http://downloads.jasig.org/cas/
2. Modify the D:\apache-tomcat7\conf\server.xml file to remove the comments between 83 and 93 lines of this file, modified to:
keystorefile="D:/keys/smallkey" <!--path to certificate generation---
keystorepass="Smalllove"/> <!--The password that was set when the certificate was generated --
After Setup is complete, manually start Tomcat:d:\apache-tomcat7\bin\startup.bat Click on the bat file to run.
If you run the following error, the startup is unsuccessful.
Critical: Failed to initialize end point associated with Protocolhandler ["http-apr-443"]
Java.lang.Exception:Connector attribute sslcertificatefile must be defined when using SSL with APR
Need to modify D:\apache-tomcat7\conf\server.xml to find the following comment out:
<listener classname= "Org.apache.catalina.core.AprLifecycleListener" sslengine= "on"/>
3, the above configuration complete access Https://www.deng.com:8443/cas appears the following page
Click Continue to browse this page, then appear
Since we are using the cas4.0 version, the default initial account is the password is Casuser Mellon before looking at a lot of tutorials with a version of 3.4 when the initial account and password is admin
After entering the account password, the following interface will appear to indicate the successful server-side configuration completed.
5. Configure the Client
Because I want to do test test two projects after landing can achieve a single point, in a separate deployment of a Tomcat server (plus a total of two pre-deployment modifications), if it is to unpack the package of Tomcat, the former Tomcat copy one out, open d:\ Apache-tomcat-7.0.40\conf\server.xml file, modify his port number to ensure that two Tomcat does not conflict after boot.
22nd Line modified after <server port= "8055" shutdown= "shutdown" > 70th to 74th modified <connector port= "18080" protocol= "http/ 1.1 " connectiontimeout=" 20000 " redirectport=" 18443 "/> 97th Row modified <connector port=" 18009 "protocol=" ajp/1.3 "redirectport=" 18443 "/>
Login new two Web project open the. xml file to configure the following information, my CAS server uses the default Tomcat port number, so the Web project I deployed after modifying the port on Tomcat 18080:
Two Web project configurations you can annotate the differences on the default index.html page.
1 <!--======================== Single Sign-on start ========================-2 <!--for single-point exit, the filter is for single-point logout, optional configuration--&G T 3 <listener> 4 <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener< /listener-class> 5 </listener> 6 7 <!--This filter is used for single-point logout, optional configuration. -8 <filter> 9 <filter-name>cas filter</filter-name> &L T;filter-class>org.jasig.cas.client.session.singlesignoutfilter</filter-class> </filter> &L T;filter-mapping> <filter-name>cas Single Sign out filter</filter-name> <url-pat Tern>/*</url-pattern> </filter-mapping> <!--The filter is responsible for the user's certification work, it must be enabled--and < ; filter>19 <filter-name>casfilter</filter-name>20 <filter-class>org.jasig.cas.client. Authentication. authenticationfilter</filter-class>21 <init-param>22 <param-name>casserverloginurl</param-name>23 <pa Ram-value>https://www.deng.com:8443/cas/login</param-value>24 <!--The server here is the IP-->25 of the service side </init-param>26 <init-param>27 <param-name>serverName</param-name> 28 <param-value>http://www.deng.com:18080</param-value> </init-param> </filter> <filter-mapping> <filter-name>casfilter</fil ter-name>33 <url-pattern>/*</url-pattern>34 </filter-mapping>35 <!--The filter is responsible for the T Icket calibration work, it must be enabled-->37 <filter> <filter-name>cas Validation filter</filter-name> 39 <filter-class> org.jasig.cas.client.validation.cas20proxyreceivingticketvalidationfilter< /filter-class> 41 <init-param> <param-name>casServerUrlPrefix</param-name> <param -value>https://www.deng.com:8443/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://www.deng.com:180 80</param-value> </init-param> </filter>50 <filter-mapping> 51 & Lt;filter-name>cas Validation filter</filter-name> <url-pattern>/*</url-pattern> 53 </filter-mapping> <!--The filter is responsible for implementing HttpServletRequest request packages, such as allowing developers to pass the HttpServletRequest Getremoteuser () party The login name for the SSO login user, optional configuration. -<filter> <filter-name>cas httpservletrequest Wrapper filter</filter-name> 58 <filter-class> ORG.JASIG.CAS.CLIENT.UTIL.HTTPSERVLETREQUESTWRAPPERFILTER</FILTER-CLASS&G T </filter> <filter-mapping> <filter-name>cas httpservletrequest Wrapper filte R</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 65 66 & lt;! -This filter allows developers to get the user's login name through Org.jasig.cas.client.util.AssertionHolder. such as Assertionholder.getassertion (). Getprincipal (). GetName (). -<filter> <filter-name>cas Assertion Thread Local filter</filter-name> 69 <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter-mapping> <filter-name>cas Assertion Thread Local filter</filter-name> 73 <url-pattern>/*</url-pattern> </filter-mapping> ===================== <!-- = = = End of Single Sign-on ========================
After the configuration is complete, manually launch the tomcat that the CAs belongs to, confirming that there are no errors, deploy two Web features in Eclipse, and then launch two projects for Tomcat deployment in Eclipse.
The blogger has built two simple functional projects called:
When you start the Web page, enter the address of any item in the project to test.
When turned on, it automatically jumps to the following screen, opening another project as well.
Login to the test account, after verification, will return to the project's index page. Opening another item will also jump to the corresponding index page. Will not be intercepted for landing. This illustrates the success of configuring a single point of landing.
5. Configure the database
Currently using the default account login, but what if you connect to the database? Below is how the CAS server configures the database. The database I'm using is MySQL
1. Open the CAS server that belongs to Tomcat to find D:\apache-tomcat7\webapps\cas\WEB-INF\lib. Add several dependent packages (Cas-server-support-jdbc-4.0.0.jar,commons-dbcp-1.4.jar,commons-pool-1.6.jar, Mysql-connector-java-5.0.8-bin.jar)
Where Cas-server-support-jdbc-4.0.0.jar can be found in the Cas-server-4.0.0\modules directory other needs to download the self.
Then add:
1 <bean id= "Primaryauthenticationhandler" class= " Org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler "> 2 <property name=" DataSource "ref=" DataSource "/> 3 <property name=" SQL "value=" select password from ms_user where user_code=? "/> <!--The above sentence to write yourself database SQL--
4 </bean>
5<!--MySQL Connecto R-->
6 <bean id= "DataSource" class= "Org.apache.commons.dbcp.BasicDataSource" > 7 <property name= " Driverclassname "> 8 <value>com.mysql.jdbc.Driver</value> 9 </property>10 < Property name= "url" >11 <value>jdbc:mysql://localhost:3306/test</value>12 </property >13 <property name= "username" >14 <value> Database account </value>15 </property>16 <property name= "password" >17 <value> Database password </value>18 </property>19 </ Bean>
After the modification is complete and then restarts the Tomcat Server CAs landing page on the CAS service, you need to log in to your database account to log in.
CAS server building and Java Project integration
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
