【SSO单点登录】9.CAS框架实现单点登录(二)

本文章由聚项云平台博客独家原创,转载请注明出处:http://blog.jxcode.com/?p=3201&preview=true

上一篇我们讲解了如何搭建CAS测试环境的具体准备工作和HTTPS证书的申请,本篇将重点讲解CAS服务端样例工程的部署以及客户端与服务端进行单点登录认证的操作。

1.部署CAS-Server
在CAS的官方GitHub地址中,有以下工程:
图9.1
其中名叫Overlay的项目可以用来生成一个可以直接用的war包,来部署服务端。
这个项目有gradle和maven版本,我们选择maven版本,下载地址:
https://github.com/apereo/cas-overlay-template
这里下载ZIP压缩包,解压:
图9.2
下载完的Overlay中的默认配置其实就可以直接构筑能够使用的war包,我们使用CMD控制台来进行打包:
图9.3
第一次打包过程稍微有点长,耐心等待一会。
构筑完成之后,我们可以在target下找到一个war包:
图9.4
这个就是CAS服务端的工程war包,我们将其放置在之前准备好的服务端的tomcat的webapps下:
图9.5
运行tomcat,在运行过程中还能看到编译CAS工程时的LOGO:
图9.6
注意,如果运行失败,请检查tomcat是否为8.5以上版本。
然后访问https://server.castest.com:8081/cas/login:
图9.7
其中默认账号为casuser,默认密码为Mellon 目前的配置仅有这一个用户。
CAS首页有一个警告,意思是目前只有一个写死的用户,需要配置可靠的认证用户数据源。
写死的用户信息的配置在cas工程文件夹的application.properties中(路径D:\Tomcat_test\apache-tomcat-8.5.31-server\webapps\cas\WEB-INF\classes):
图9.8
一般在企业开发中,肯定是需要数据库认证的,所以这里我们配置一下数据库认证机制,不去用它写死的账号密码。

首先修改pom.xml文件(路径D:\Tomcat_test\apache-tomcat-8.5.31-server\webapps\cas\META-INF\maven\org.apereo.cas\cas-overlay),在pom中引入数据库相关的jar包,注释掉用不到的jar包:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd ">
 <modelVersion>4.0.0</modelVersion>
 <groupId>org.apereo.cas</groupId>
 <artifactId>cas-overlay</artifactId>
 <packaging>war</packaging>
 <version>1.0</version>

<build>
 <plugins>
 <!--STEP1 注释掉无用组件
 <plugin>
 <groupId>com.rimerosolutions.maven.plugins</groupId>
 <artifactId>wrapper-maven-plugin</artifactId>
 <version>0.0.4</version>
 <configuration>
 <verifyDownload>true</verifyDownload>
 <checksumAlgorithm>MD5</checksumAlgorithm>
 </configuration>
 </plugin>-->
 <plugin>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-maven-plugin</artifactId>
 <version>${springboot.version}</version>
 <configuration>
 <mainClass>${mainClassName}</mainClass>
 <addResources>true</addResources>
 <executable>${isExecutable}</executable>
 <layout>WAR</layout>
 </configuration>
 <executions>
 <execution>
 <goals>
 <goal>repackage</goal>
 </goals>
 </execution>
 </executions>
 </plugin>
 <plugin>
 <groupId>org.apache.maven.plugins</groupId>
 <artifactId>maven-war-plugin</artifactId>
 <version>2.6</version>
 <configuration>
 <warName>cas</warName>
 <failOnMissingWebXml>false</failOnMissingWebXml>
 <recompressZippedFiles>false</recompressZippedFiles>
 <archive>
 <compress>false</compress>
 <manifestFile>${manifestFileToUse}</manifestFile>
 </archive>
 <overlays>
 <overlay>
 <groupId>org.apereo.cas</groupId>
 <artifactId>cas-server-webapp${app.server}</artifactId>
 </overlay>
 </overlays>
 </configuration>
 </plugin>
 <plugin>
 <groupId>org.apache.maven.plugins</groupId>
 <artifactId>maven-compiler-plugin</artifactId>
 <version>3.3</version>
 </plugin>
 </plugins>
 <finalName>cas</finalName>
 </build>

<properties>
 <cas.version>5.1.1</cas.version>
 <springboot.version>1.5.12.RELEASE</springboot.version>
 <!-- app.server could be -jetty, -undertow, -tomcat, or blank if you plan to provide appserver -->
 <app.server>-tomcat</app.server>

<mainClassName>org.springframework.boot.loader.WarLauncher</mainClassName>
 <isExecutable>false</isExecutable>
 <manifestFileToUse>${project.build.directory}/war/work/org.apereo.cas/cas-server-webapp${app.server}/META-INF/MANIFEST.MF</manifestFileToUse>

<maven.compiler.source>1.8</maven.compiler.source>
 <maven.compiler.target>1.8</maven.compiler.target>
 <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 </properties>

<repositories>
 <repository>
 <id>sonatype-releases</id>
 <url>http://oss.sonatype.org/content/repositories/releases/</url>
 <snapshots>
 <enabled>false</enabled>
 </snapshots>
 <releases>
 <enabled>true</enabled>
 </releases>
 </repository>
 <repository>
 <id>sonatype-snapshots</id>
 <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
 <snapshots>
 <enabled>true</enabled>
 </snapshots>
 <releases>
 <enabled>false</enabled>
 </releases>
 </repository>
 <repository>
 <id>shibboleth-releases</id>
 <url>https://build.shibboleth.net/nexus/content/repositories/releases</url>
 </repository>
 </repositories>

<profiles>
 <profile>
 <activation>
 <activeByDefault>true</activeByDefault>
 </activation>
 <id>default</id>
 <dependencies>
 <dependency>
 <groupId>org.apereo.cas</groupId>
 <artifactId>cas-server-webapp${app.server}</artifactId>
 <version>${cas.version}</version>
 <type>war</type>
 <scope>runtime</scope>
 </dependency>
 <!--STEP2 引入数据库认证相关 start-->
 <dependency>
 <groupId>org.apereo.cas</groupId>
 <artifactId>cas-server-support-jdbc</artifactId>
 <version>${cas.version}</version>
 </dependency>
 <dependency>
 <groupId>org.apereo.cas</groupId>
 <artifactId>cas-server-support-jdbc-drivers</artifactId>
 <version>${cas.version}</version>
 </dependency>
 <dependency>
 <groupId>mysql</groupId>
 <artifactId>mysql-connector-java</artifactId>
 <version>5.1.36</version>
 </dependency>
 <!--数据库认证相关 end-->
 </dependencies>
 </profile>

<profile>
 <activation>
 <activeByDefault>false</activeByDefault>
 </activation>
 <id>exec</id>
 <properties>
 <mainClassName>org.apereo.cas.web.CasWebApplication</mainClassName>
 <isExecutable>true</isExecutable>
 <manifestFileToUse></manifestFileToUse>
 </properties>
 <build>
 <plugins>
 <plugin>
 <groupId>com.soebes.maven.plugins</groupId>
 <artifactId>echo-maven-plugin</artifactId>
 <version>0.3.0</version>
 <executions>
 <execution>
 <phase>prepare-package</phase>
 <goals>
 <goal>echo</goal>
 </goals>
 </execution>
 </executions>
 <configuration>
 <echos>
 <echo>Executable profile to make the generated CAS web application executable.</echo>
 </echos>
 </configuration>
 </plugin>
 </plugins>
 </build>
 </profile>

<profile>
 <activation>
 <activeByDefault>false</activeByDefault>
 </activation>
 <id>bootiful</id>
 <properties>
 <app.server>-tomcat</app.server>
 <isExecutable>false</isExecutable>
 </properties>
 <dependencies>
 <dependency>
 <groupId>org.apereo.cas</groupId>
 <artifactId>cas-server-webapp${app.server}</artifactId>
 <version>${cas.version}</version>
 <type>war</type>
 <scope>runtime</scope>
 </dependency>
 </dependencies>
 </profile>

<!--STEP3 注释掉无用组件
 <profile>
 <activation>
 <activeByDefault>false</activeByDefault>
 </activation>
 <id>pgp</id>
 <build>
 <plugins>

<plugin>
 <groupId>com.github.s4u.plugins</groupId>
 <artifactId>pgpverify-maven-plugin</artifactId>
 <version>1.1.0</version>
 <executions>
 <execution>
 <goals>
 <goal>check</goal>
 </goals>
 </execution>
 </executions>
 <configuration>
 <pgpKeyServer>hkp://pool.sks-keyservers.net</pgpKeyServer>
 <pgpKeysCachePath>${settings.localRepository}/pgpkeys-cache</pgpKeysCachePath>
 <scope>test</scope>
 <verifyPomFiles>true</verifyPomFiles>
 <failNoSignature>false</failNoSignature>
 </configuration>
 </plugin>
 </plugins>
 </build>
 </profile>-->
 </profiles>
</project>

然后我们在mysql数据库中创建一个数据库”cas_test”,用户存放认证信息(这里使用了sqlyog图形界面工具):
图9.9
创建一个cas_user表:

CREATE TABLE `cas_user` (
 `id` int(11) NOT NULL AUTO_INCREMENT,
 `username` varchar(250) COLLATE utf8_bin NOT NULL,
 `password` varchar(250) COLLATE utf8_bin NOT NULL,
 PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin

该表中存放了用户的认证账号和密码:
图9.10
然后我们修改application.properties内容(在原基础上修改,注释掉一部分用不到的东西),配置我们的数据库:

##
# CAS Server Context Configuration
#
server.context-path=/cas
server.port=8443

#STEP 1添加认证服务
cas.serviceRegistry.initFromJson=true

#STEP 2注释掉签发证书开始
#server.ssl.key-store=file:/etc/cas/thekeystore
#server.ssl.key-store-password=changeit
#server.ssl.key-password=changeit
#STEP 2注释掉签发证书结束
# server.ssl.ciphers=
# server.ssl.client-auth=
# server.ssl.enabled=
# server.ssl.key-alias=
# server.ssl.key-store-provider=
# server.ssl.key-store-type=
# server.ssl.protocol=
# server.ssl.trust-store=
# server.ssl.trust-store-password=
# server.ssl.trust-store-provider=
#