【SSO单点登录】9.CAS框架实现单点登录(二)

本文章由聚项云平台博客独家原创,转载请注明出处:http://blog.jxcode.com/?p=3201&preview=true

上一篇我们讲解了如何搭建CAS测试环境的具体准备工作和HTTPS证书的申请,本篇将重点讲解CAS服务端样例工程的部署以及客户端与服务端进行单点登录认证的操作。

1.部署CAS-Server
在CAS的官方GitHub地址中,有以下工程:
图9.1
其中名叫Overlay的项目可以用来生成一个可以直接用的war包,来部署服务端。
这个项目有gradle和maven版本,我们选择maven版本,下载地址:
https://github.com/apereo/cas-overlay-template
这里下载ZIP压缩包,解压:
图9.2
下载完的Overlay中的默认配置其实就可以直接构筑能够使用的war包,我们使用CMD控制台来进行打包:
图9.3
第一次打包过程稍微有点长,耐心等待一会。
构筑完成之后,我们可以在target下找到一个war包:
图9.4
这个就是CAS服务端的工程war包,我们将其放置在之前准备好的服务端的tomcat的webapps下:
图9.5
运行tomcat,在运行过程中还能看到编译CAS工程时的LOGO:
图9.6
注意,如果运行失败,请检查tomcat是否为8.5以上版本。
然后访问https://server.castest.com:8081/cas/login:
图9.7
其中默认账号为casuser,默认密码为Mellon 目前的配置仅有这一个用户。
CAS首页有一个警告,意思是目前只有一个写死的用户,需要配置可靠的认证用户数据源。
写死的用户信息的配置在cas工程文件夹的application.properties中(路径D:\Tomcat_test\apache-tomcat-8.5.31-server\webapps\cas\WEB-INF\classes):
图9.8
一般在企业开发中,肯定是需要数据库认证的,所以这里我们配置一下数据库认证机制,不去用它写死的账号密码。

首先修改pom.xml文件(路径D:\Tomcat_test\apache-tomcat-8.5.31-server\webapps\cas\META-INF\maven\org.apereo.cas\cas-overlay),在pom中引入数据库相关的jar包,注释掉用不到的jar包:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd ">
 <modelVersion>4.0.0</modelVersion>
 <groupId>org.apereo.cas</groupId>
 <artifactId>cas-overlay</artifactId>
 <packaging>war</packaging>
 <version>1.0</version>

<build>
 <plugins>
 <!--STEP1 注释掉无用组件
 <plugin>
 <groupId>com.rimerosolutions.maven.plugins</groupId>
 <artifactId>wrapper-maven-plugin</artifactId>
 <version>0.0.4</version>
 <configuration>
 <verifyDownload>true</verifyDownload>
 <checksumAlgorithm>MD5</checksumAlgorithm>
 </configuration>
 </plugin>-->
 <plugin>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-maven-plugin</artifactId>
 <version>${springboot.version}</version>
 <configuration>
 <mainClass>${mainClassName}</mainClass>
 <addResources>true</addResources>
 <executable>${isExecutable}</executable>
 <layout>WAR</layout>
 </configuration>
 <executions>
 <execution>
 <goals>
 <goal>repackage</goal>
 </goals>
 </execution>
 </executions>
 </plugin>
 <plugin>
 <groupId>org.apache.maven.plugins</groupId>
 <artifactId>maven-war-plugin</artifactId>
 <version>2.6</version>
 <configuration>
 <warName>cas</warName>
 <failOnMissingWebXml>false</failOnMissingWebXml>
 <recompressZippedFiles>false</recompressZippedFiles>
 <archive>
 <compress>false</compress>
 <manifestFile>${manifestFileToUse}</manifestFile>
 </archive>
 <overlays>
 <overlay>
 <groupId>org.apereo.cas</groupId>
 <artifactId>cas-server-webapp${app.server}</artifactId>
 </overlay>
 </overlays>
 </configuration>
 </plugin>
 <plugin>
 <groupId>org.apache.maven.plugins</groupId>
 <artifactId>maven-compiler-plugin</artifactId>
 <version>3.3</version>
 </plugin>
 </plugins>
 <finalName>cas</finalName>
 </build>

<properties>
 <cas.version>5.1.1</cas.version>
 <springboot.version>1.5.12.RELEASE</springboot.version>
 <!-- app.server could be -jetty, -undertow, -tomcat, or blank if you plan to provide appserver -->
 <app.server>-tomcat</app.server>

<mainClassName>org.springframework.boot.loader.WarLauncher</mainClassName>
 <isExecutable>false</isExecutable>
 <manifestFileToUse>${project.build.directory}/war/work/org.apereo.cas/cas-server-webapp${app.server}/META-INF/MANIFEST.MF</manifestFileToUse>

<maven.compiler.source>1.8</maven.compiler.source>
 <maven.compiler.target>1.8</maven.compiler.target>
 <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 </properties>

<repositories>
 <repository>
 <id>sonatype-releases</id>
 <url>http://oss.sonatype.org/content/repositories/releases/</url>
 <snapshots>
 <enabled>false</enabled>
 </snapshots>
 <releases>
 <enabled>true</enabled>
 </releases>
 </repository>
 <repository>
 <id>sonatype-snapshots</id>
 <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
 <snapshots>
 <enabled>true</enabled>
 </snapshots>
 <releases>
 <enabled>false</enabled>
 </releases>
 </repository>
 <repository>
 <id>shibboleth-releases</id>
 <url>https://build.shibboleth.net/nexus/content/repositories/releases</url>
 </repository>
 </repositories>

<profiles>
 <profile>
 <activation>
 <activeByDefault>true</activeByDefault>
 </activation>
 <id>default</id>
 <dependencies>
 <dependency>
 <groupId>org.apereo.cas</groupId>
 <artifactId>cas-server-webapp${app.server}</artifactId>
 <version>${cas.version}</version>
 <type>war</type>
 <scope>runtime</scope>
 </dependency>
 <!--STEP2 引入数据库认证相关 start-->
 <dependency>
 <groupId>org.apereo.cas</groupId>
 <artifactId>cas-server-support-jdbc</artifactId>
 <version>${cas.version}</version>
 </dependency>
 <dependency>
 <groupId>org.apereo.cas</groupId>
 <artifactId>cas-server-support-jdbc-drivers</artifactId>
 <version>${cas.version}</version>
 </dependency>
 <dependency>
 <groupId>mysql</groupId>
 <artifactId>mysql-connector-java</artifactId>
 <version>5.1.36</version>
 </dependency>
 <!--数据库认证相关 end-->
 </dependencies>
 </profile>

<profile>
 <activation>
 <activeByDefault>false</activeByDefault>
 </activation>
 <id>exec</id>
 <properties>
 <mainClassName>org.apereo.cas.web.CasWebApplication</mainClassName>
 <isExecutable>true</isExecutable>
 <manifestFileToUse></manifestFileToUse>
 </properties>
 <build>
 <plugins>
 <plugin>
 <groupId>com.soebes.maven.plugins</groupId>
 <artifactId>echo-maven-plugin</artifactId>
 <version>0.3.0</version>
 <executions>
 <execution>
 <phase>prepare-package</phase>
 <goals>
 <goal>echo</goal>
 </goals>
 </execution>
 </executions>
 <configuration>
 <echos>
 <echo>Executable profile to make the generated CAS web application executable.</echo>
 </echos>
 </configuration>
 </plugin>
 </plugins>
 </build>
 </profile>

<profile>
 <activation>
 <activeByDefault>false</activeByDefault>
 </activation>
 <id>bootiful</id>
 <properties>
 <app.server>-tomcat</app.server>
 <isExecutable>false</isExecutable>
 </properties>
 <dependencies>
 <dependency>
 <groupId>org.apereo.cas</groupId>
 <artifactId>cas-server-webapp${app.server}</artifactId>
 <version>${cas.version}</version>
 <type>war</type>
 <scope>runtime</scope>
 </dependency>
 </dependencies>
 </profile>

<!--STEP3 注释掉无用组件
 <profile>
 <activation>
 <activeByDefault>false</activeByDefault>
 </activation>
 <id>pgp</id>
 <build>
 <plugins>

<plugin>
 <groupId>com.github.s4u.plugins</groupId>
 <artifactId>pgpverify-maven-plugin</artifactId>
 <version>1.1.0</version>
 <executions>
 <execution>
 <goals>
 <goal>check</goal>
 </goals>
 </execution>
 </executions>
 <configuration>
 <pgpKeyServer>hkp://pool.sks-keyservers.net</pgpKeyServer>
 <pgpKeysCachePath>${settings.localRepository}/pgpkeys-cache</pgpKeysCachePath>
 <scope>test</scope>
 <verifyPomFiles>true</verifyPomFiles>
 <failNoSignature>false</failNoSignature>
 </configuration>
 </plugin>
 </plugins>
 </build>
 </profile>-->
 </profiles>
</project>

然后我们在mysql数据库中创建一个数据库”cas_test”,用户存放认证信息(这里使用了sqlyog图形界面工具):
图9.9
创建一个cas_user表:

CREATE TABLE `cas_user` (
 `id` int(11) NOT NULL AUTO_INCREMENT,
 `username` varchar(250) COLLATE utf8_bin NOT NULL,
 `password` varchar(250) COLLATE utf8_bin NOT NULL,
 PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin

该表中存放了用户的认证账号和密码:
图9.10
然后我们修改application.properties内容(在原基础上修改,注释掉一部分用不到的东西),配置我们的数据库:

##
# CAS Server Context Configuration
#
server.context-path=/cas
server.port=8443

#STEP 1添加认证服务
cas.serviceRegistry.initFromJson=true

#STEP 2注释掉签发证书开始
#server.ssl.key-store=file:/etc/cas/thekeystore
#server.ssl.key-store-password=changeit
#server.ssl.key-password=changeit
#STEP 2注释掉签发证书结束
# server.ssl.ciphers=
# server.ssl.client-auth=
# server.ssl.enabled=
# server.ssl.key-alias=
# server.ssl.key-store-provider=
# server.ssl.key-store-type=
# server.ssl.protocol=
# server.ssl.trust-store=
# server.ssl.trust-store-password=
# server.ssl.trust-store-provider=
# server.ssl.trust-store-type=

#STEP 3注释tomcat参数开始
#server.max-http-header-size=2097152
#server.use-forward-headers=true
#server.connection-timeout=20000
#server.error.include-stacktrace=ALWAYS

#server.compression.enabled=true
#server.compression.mime-types=application/javascript,application/json,application/xml,text/html,text/xml,text/plain

#server.tomcat.max-http-post-size=2097152
#server.tomcat.basedir=build/tomcat
#server.tomcat.accesslog.enabled=true
#server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms)
#server.tomcat.accesslog.suffix=.log
#server.tomcat.max-threads=10
#server.tomcat.port-header=X-Forwarded-Port
#server.tomcat.protocol-header=X-Forwarded-Proto
#server.tomcat.protocol-header-https-value=https
#server.tomcat.remote-ip-header=X-FORWARDED-FOR
#server.tomcat.uri-encoding=UTF-8
#STEP 3注释tomcat参数结束

spring.http.encoding.charset=UTF-8
spring.http.encoding.enabled=true
spring.http.encoding.force=true

##
# CAS Cloud Bus Configuration
#
spring.cloud.bus.enabled=false
# spring.cloud.bus.refresh.enabled=true
# spring.cloud.bus.env.enabled=true
# spring.cloud.bus.destination=CasCloudBus
# spring.cloud.bus.ack.enabled=true

endpoints.enabled=false
endpoints.sensitive=true

endpoints.restart.enabled=false
endpoints.shutdown.enabled=false

management.security.enabled=true
management.security.roles=ACTUATOR,ADMIN
management.security.sessions=if_required
management.context-path=/status
management.add-application-context-header=false

security.basic.authorize-mode=role
security.basic.enabled=false
security.basic.path=/cas/status/**

##
# CAS Web Application Session Configuration
#
server.session.timeout=300
server.session.cookie.http-only=true
server.session.tracking-modes=COOKIE

##
# CAS Thymeleaf View Configuration
#
spring.thymeleaf.encoding=UTF-8
#STEP 4 将cache的true改为false
spring.thymeleaf.cache=false
spring.thymeleaf.mode=HTML
##
# CAS Log4j Configuration
#
# logging.config=file:/etc/cas/log4j2.xml
server.context-parameters.isLog4jAutoInitializationDisabled=true

##
# CAS AspectJ Configuration
#
spring.aop.auto=true
spring.aop.proxy-target-class=true

##
# CAS Authentication Credentials
#
#STEP5 注释掉写死的用户 改用jdbc的用户 START
#cas.authn.accept.users=casuser::Mellon

cas.authn.jdbc.query[0].sql=select * from cas_user where username=?
cas.authn.jdbc.query[0].healthQuery=
cas.authn.jdbc.query[0].isolateInternalQueries=false
cas.authn.jdbc.query[0].url=jdbc:mysql://127.0.0.1:3306/cas_test?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&useSSL=false
cas.authn.jdbc.query[0].failFast=true
cas.authn.jdbc.query[0].isolationLevelName=ISOLATION_READ_COMMITTED
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect
cas.authn.jdbc.query[0].leakThreshold=10
cas.authn.jdbc.query[0].propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.jdbc.query[0].batchSize=1
cas.authn.jdbc.query[0].user=root
cas.authn.jdbc.query[0].maxAgeDays=180
cas.authn.jdbc.query[0].password=1234
cas.authn.jdbc.query[0].autocommit=false
cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
cas.authn.jdbc.query[0].idleTimeout=5000
cas.authn.jdbc.query[0].fieldPassword=password

#多属性
cas.authn.attributeRepository.jdbc[0].singleRow=true
cas.authn.attributeRepository.jdbc[0].order=0
cas.authn.attributeRepository.jdbc[0].url=jdbc:mysql://127.0.0.1:3306/cas_test?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&useSSL=false
cas.authn.attributeRepository.jdbc[0].username=username
cas.authn.attributeRepository.jdbc[0].user=root
cas.authn.attributeRepository.jdbc[0].password=1234
cas.authn.attributeRepository.jdbc[0].sql=select * from cas_user where {0}
cas.authn.attributeRepository.jdbc[0].dialect=org.hibernate.dialect.MySQLDialect
cas.authn.attributeRepository.jdbc[0].ddlAuto=none
cas.authn.attributeRepository.jdbc[0].driverClass=com.mysql.jdbc.Driver
cas.authn.attributeRepository.jdbc[0].leakThreshold=10
cas.authn.attributeRepository.jdbc[0].propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.attributeRepository.jdbc[0].batchSize=1
cas.authn.attributeRepository.jdbc[0].healthQuery=SELECT 1
cas.authn.attributeRepository.jdbc[0].failFast=true

注意:
cas.authn.accept.users=casuser::Mellon这个配置记得删掉,这就是那个写死的用户
cas.authn.jdbc.query[0]这些配置就是数据库验证相关的内容
在cas.authn.jdbc.query[0].sql中,程序会把你登录时输入的用户名作为参数传进去
cas.authn.jdbc.query[0].fieldPassword则是指明那一列对应的是你输入的密码

我们把POM文件内容复制到之前下载的cas-overlay-template-master中(备份一下原来的):
图9.11
然后使用CMD进入控制台,然后打开cas-overlay-template-master所在位置,然后使用build package重新构建:
图9.12
打包完之后会有一个新的war包,我们重新部署:
图9.13
替换application.properties为上面的内容。
然后重启tomcat,可以看到重新编译的工程的lib下编译了新的jar包(路径D:\Tomcat_test\apache-tomcat-8.5.31-server\webapps\cas\WEB-INF\lib):

图9.14

然后重启tomcat,发现首页的警告没有了:
图9.15
然后输入一个数据库的账号密码,点击登录,发现认证成功:
图9.16
说明我们的数据库认证配置成功了。
如果输入错误的密码,则会报错:
图9.17
有关CAS的服务端的搭建就讲到这里,下一篇会讲解客户端的搭建,以及客户端与服务端之间的交互过程。

未经允许不得转载:博客 » 【SSO单点登录】9.CAS框架实现单点登录(二)

赞 (2)

评论 0

评论前必须登录!

登陆 注册