CAS简单使用

  1. 从git下载cas,下载的是4.1.x版本。它是用maven管理Jar包的最后版本。
  2. 导入到idea中。
  3. 找到cas-server-webapp子项目,修改pom.xml,增加tomcat7 plugin启动
<plugin>
    <groupId>org.apache.tomcat.maven</groupId>
    <artifactId>tomcat7-maven-plugin</artifactId>
    <version>2.2</version>
    <configuration>
        <uriEncoding>UTF-8</uriEncoding>
        <path>/cas</path>
        <port>80</port>
        <contextReloadable>false</contextReloadable>
    </configuration>
</plugin>
1
2
3
4
5
6
7
8
9
10
11

注:其本身提供了jetty的启动方式,但是默认修改配置密钥,所以不暂时不使用。

  1. 修改deployerConfigContext.xml文件,修改默认的用户名和密码。
<bean id="primaryAuthenticationHandler"
          class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
    <property name="users">
        <map>
            <entry key="admin" value="123456"/>
        </map>
    </property>
</bean>
1
2
3
4
5
6
7
8
  1. 用tomcat7:run启动

  2. 浏览器输入http://localhost/cas/login,如果正常访问即表示cas-server搭建成功。

  3. 去除HTTPS认证

此时访问登录页面,会出现下面的提示

Non-secure Connection
You are currently accessing CAS over a non-secure connection. Single Sign On WILL NOT WORK. In order to have single sign on work, you MUST log in over HTTPS.
1
2

提示需要配置https认证,下面我们就把这个去掉。

  • 修改deployerConfigContext.xml文件
#找到如下bean配置
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient"/>

#增加p:requireSecure="false"
<bean id="proxyAuthenticationHandler"
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" p:requireSecure="false"/>
1
2
3
4
5
6
7
8
  • 修改ticketGrantingTicketCookieGenerator.xml修改p:cookieSecure=”false”
# 找到如下bean配置
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
        p:cookieSecure="true"
        p:cookieMaxAge="-1"
        p:cookieName="CASTGC"
        p:cookiePath="/cas" />
#修改后为:
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
    p:cookieSecure="false"
    p:cookieMaxAge="-1"
    p:cookieName="CASTGC"
    p:cookiePath="/cas" />
1
2
3
4
5
6
7
8
9
10
11
12
  • 修改warnCookieGenerator.xml修改p:cookieSecure=”false”
# 找到如下配置
<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
        p:cookieSecure="true"
        p:cookieMaxAge="-1"
        p:cookieName="CASPRIVACY"
        p:cookiePath="/cas" />
# 修改后为:
<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
        p:cookieSecure="false"
        p:cookieMaxAge="-1"
        p:cookieName="CASPRIVACY"
        p:cookiePath="/cas" />
1
2
3
4
5
6
7
8
9
10
11
12
  • 修改cas-server-webapp\src\main\resources\services\HTTPSandIMAPS-10000001.json下的文件增加http配置
# 找到如下配置
  "@class" : "org.jasig.cas.services.RegexRegisteredService",
  "serviceId" : "^(https|imaps)://.*",
  "name" : "HTTPS and IMAPS",
  "id" : 10000001,

# 修改成如下配置
  "@class" : "org.jasig.cas.services.RegexRegisteredService",
  "serviceId" : "^(https|imaps|http)://.*",
  "name" : "HTTPS and IMAPS",
  "id" : 10000001,
1
2
3
4
5
6
7
8
9
10
11

注意

如果不增加http的配置,应用不无跳转到CAS的登录页面。

  • 去掉登录页面的提示

    去掉https验证后 保证了http访问也能进行正常交互。但是原生的cas server页面上的提示是不会根据设置自动消失的。只能我们手动去除。

  1. 基于spring boot配置cas
package cn.sibat.cas.demo.config;

import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.servlet.annotation.WebFilter;
import java.util.*;

/**
 * CAS 过滤器
 * @author: xiaojun
 * @version: 2018/11/22
 */
@Configuration
public class CasConfig {

    /**
     * 登出监听器
     * @return
     */
    @Bean
    public ServletListenerRegistrationBean singleSignOutHttpSessionListener() {
        ServletListenerRegistrationBean registrationBean = new ServletListenerRegistrationBean();
        registrationBean.setListener(new SingleSignOutHttpSessionListener());
        return registrationBean;
    }

    /**
     * 登出过滤器
     * @return
     */
    @Bean
    public FilterRegistrationBean singleSignOutFilter() {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.setFilter(new SingleSignOutFilter());
        List<String> urlPatterns = new ArrayList<>();
        urlPatterns.add("/*");
        filterRegistrationBean.setUrlPatterns(urlPatterns);
        filterRegistrationBean.setOrder(1); //登出过滤器的优先级要最高,否则登录会不生效。
        return filterRegistrationBean;
    }

    /**
     * 认证Filter
     * @return
     */
    @Bean
    public FilterRegistrationBean authenticationFilter() {
        FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
        authenticationFilter.setFilter(new AuthenticationFilter());
        Map<String,String> initParameters = new HashMap<>();
        initParameters.put("casServerLoginUrl","http://xiaojun02.sibat.cn:8761/cas/login");
        initParameters.put("serverName", "http://xiaojun02.sibat.cn:8762");
        authenticationFilter.setInitParameters(initParameters);
        authenticationFilter.setOrder(2);
        List<String> urlPatterns = new ArrayList<String>();
        urlPatterns.add("/*");// 设置匹配的url
        authenticationFilter.setUrlPatterns(urlPatterns);
        return authenticationFilter;
    }


    /**
     * 验证票据Filter
     * @return
     */
    @Bean
    public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() {
        FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter = new FilterRegistrationBean();
        cas20ProxyReceivingTicketValidationFilter.setFilter(new Cas20ProxyReceivingTicketValidationFilter());
        Map<String, String> initParameters = new HashMap<String, String>();
        initParameters.put("casServerUrlPrefix", "http://xiaojun02.sibat.cn:8761/cas");
        initParameters.put("serverName", "http://xiaojun02.sibat.cn:8762");
        cas20ProxyReceivingTicketValidationFilter.setInitParameters(initParameters);
        cas20ProxyReceivingTicketValidationFilter.setOrder(3);
        List<String> urlPatterns = new ArrayList<String>();
        urlPatterns.add("/*");// 设置匹配的url
        cas20ProxyReceivingTicketValidationFilter.setUrlPatterns(urlPatterns);

        return cas20ProxyReceivingTicketValidationFilter;
    }

    /**
     * 一个标准的过滤器
     * @return
     */
    @Bean
    public FilterRegistrationBean casHttpServletRequestWrapperFilter(){
        FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
        authenticationFilter.setFilter(new HttpServletRequestWrapperFilter());
        authenticationFilter.setOrder(3);
        List<String> urlPatterns = new ArrayList<String>();
        urlPatterns.add("/*");// 设置匹配的url
        authenticationFilter.setUrlPatterns(urlPatterns);
        return authenticationFilter;
    }





}


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
上次更新: 3 个月前