CAS简单使用
- 从git下载cas,下载的是4.1.x版本。它是用maven管理Jar包的最后版本。
- 导入到idea中。
- 找到cas-server-webapp子项目,修改pom.xml,增加tomcat7 plugin启动
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.2</version>
<configuration>
<uriEncoding>UTF-8</uriEncoding>
<path>/cas</path>
<port>80</port>
<contextReloadable>false</contextReloadable>
</configuration>
</plugin>
1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
注:其本身提供了jetty的启动方式,但是默认修改配置密钥,所以不暂时不使用。
- 修改deployerConfigContext.xml文件,修改默认的用户名和密码。
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<property name="users">
<map>
<entry key="admin" value="123456"/>
</map>
</property>
</bean>
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
用tomcat7:run启动
浏览器输入http://localhost/cas/login,如果正常访问即表示cas-server搭建成功。
去除HTTPS认证
此时访问登录页面,会出现下面的提示
Non-secure Connection
You are currently accessing CAS over a non-secure connection. Single Sign On WILL NOT WORK. In order to have single sign on work, you MUST log in over HTTPS.
1
2
2
提示需要配置https认证,下面我们就把这个去掉。
- 修改deployerConfigContext.xml文件
#找到如下bean配置
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient"/>
#增加p:requireSecure="false"
<bean id="proxyAuthenticationHandler"
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" p:requireSecure="false"/>
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
- 修改ticketGrantingTicketCookieGenerator.xml修改p:cookieSecure=”false”
# 找到如下bean配置
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="true"
p:cookieMaxAge="-1"
p:cookieName="CASTGC"
p:cookiePath="/cas" />
#修改后为:
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="false"
p:cookieMaxAge="-1"
p:cookieName="CASTGC"
p:cookiePath="/cas" />
1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
- 修改warnCookieGenerator.xml修改p:cookieSecure=”false”
# 找到如下配置
<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="true"
p:cookieMaxAge="-1"
p:cookieName="CASPRIVACY"
p:cookiePath="/cas" />
# 修改后为:
<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="false"
p:cookieMaxAge="-1"
p:cookieName="CASPRIVACY"
p:cookiePath="/cas" />
1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
- 修改cas-server-webapp\src\main\resources\services\HTTPSandIMAPS-10000001.json下的文件增加http配置
# 找到如下配置
"@class" : "org.jasig.cas.services.RegexRegisteredService",
"serviceId" : "^(https|imaps)://.*",
"name" : "HTTPS and IMAPS",
"id" : 10000001,
# 修改成如下配置
"@class" : "org.jasig.cas.services.RegexRegisteredService",
"serviceId" : "^(https|imaps|http)://.*",
"name" : "HTTPS and IMAPS",
"id" : 10000001,
1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
注意
如果不增加http的配置,应用不无跳转到CAS的登录页面。
去掉登录页面的提示
去掉https验证后 保证了http访问也能进行正常交互。但是原生的cas server页面上的提示是不会根据设置自动消失的。只能我们手动去除。
- 基于spring boot配置cas
package cn.sibat.cas.demo.config;
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import javax.servlet.annotation.WebFilter;
import java.util.*;
/**
* CAS 过滤器
* @author: xiaojun
* @version: 2018/11/22
*/
@Configuration
public class CasConfig {
/**
* 登出监听器
* @return
*/
@Bean
public ServletListenerRegistrationBean singleSignOutHttpSessionListener() {
ServletListenerRegistrationBean registrationBean = new ServletListenerRegistrationBean();
registrationBean.setListener(new SingleSignOutHttpSessionListener());
return registrationBean;
}
/**
* 登出过滤器
* @return
*/
@Bean
public FilterRegistrationBean singleSignOutFilter() {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setFilter(new SingleSignOutFilter());
List<String> urlPatterns = new ArrayList<>();
urlPatterns.add("/*");
filterRegistrationBean.setUrlPatterns(urlPatterns);
filterRegistrationBean.setOrder(1); //登出过滤器的优先级要最高,否则登录会不生效。
return filterRegistrationBean;
}
/**
* 认证Filter
* @return
*/
@Bean
public FilterRegistrationBean authenticationFilter() {
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new AuthenticationFilter());
Map<String,String> initParameters = new HashMap<>();
initParameters.put("casServerLoginUrl","http://xiaojun02.sibat.cn:8761/cas/login");
initParameters.put("serverName", "http://xiaojun02.sibat.cn:8762");
authenticationFilter.setInitParameters(initParameters);
authenticationFilter.setOrder(2);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 设置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
/**
* 验证票据Filter
* @return
*/
@Bean
public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() {
FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter = new FilterRegistrationBean();
cas20ProxyReceivingTicketValidationFilter.setFilter(new Cas20ProxyReceivingTicketValidationFilter());
Map<String, String> initParameters = new HashMap<String, String>();
initParameters.put("casServerUrlPrefix", "http://xiaojun02.sibat.cn:8761/cas");
initParameters.put("serverName", "http://xiaojun02.sibat.cn:8762");
cas20ProxyReceivingTicketValidationFilter.setInitParameters(initParameters);
cas20ProxyReceivingTicketValidationFilter.setOrder(3);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 设置匹配的url
cas20ProxyReceivingTicketValidationFilter.setUrlPatterns(urlPatterns);
return cas20ProxyReceivingTicketValidationFilter;
}
/**
* 一个标准的过滤器
* @return
*/
@Bean
public FilterRegistrationBean casHttpServletRequestWrapperFilter(){
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new HttpServletRequestWrapperFilter());
authenticationFilter.setOrder(3);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 设置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111