欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

关于CAS单点登录的实例

程序员文章站 2022-03-13 22:06:38
...

1、如何实现sso与cas的环境搭建和使用。实现的结果:单点登录的时候,先验证用户身份,如果未验证用户身份,那么将跳转到第三方的验证登录界面,如果验证通过,将允许跳转到对应的请求链接

      CAS的官网:http://www.jasig.org/cas


2、环境的搭建:

    我们需要修改hots文件中的内容,添加域名,在文件 C:\Windows\System32\drivers\etc\hosts 文件中添加2条

   

127.0.0.1    server.zhang.com
127.0.0.1    client.zhang.com

server.zhang.com ----->对应cas server的tomcat,同时这个虚拟的域名还要用于生成证书

client.zhang.com--------->对应部署应用client客户端的tomcat

下一步:安装jdk,确保jdk环境正确

关于CAS单点登录的实例

配置好环境变量后,检查jdk环境是否配置正确。

下一步:配置并生成证书

打开cmd ,输入下面的命令:

keytool -genkey -alias ssocas -keyalg RSA -keystore e:/sso/ssocas


关于CAS单点登录的实例

 

      下一步导出证书:

keytool -export -file e:/sso/ssocas.crt -alias ssocas -keystore e:/sso/ssocas
关于CAS单点登录的实例

下一步:部署cas-server的tomcat;  

(1)、配置HTTPS

在文件 conf/server.xml文件找到:

<Connector port="8080" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               keystoreFile="e:/sso/ssocas" keystorePass="ssodemo"
               clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/>----------->keystoreFile也可以等于(e:/sso/ssocas.keystore)

保存后,启动tomcat访问  https://server.zhang.com:8080/.可以看到提示网站证书有问题,点击继续浏览后进入tomcat的首页。


下一步部署casServer:

CAS-Server 下载地址:http://www.jasig.org/cas/download
本文以cas-server-3.4.11-release.zip 为例,解压提取cas-server-3.4.11/modules/cas-server-webapp-3.4.11.war文件,把改文件copy到  \webapps\ 目下,并重命名为:cas.war.
启动tomcat,在浏览器地址栏输入:https://server.zhang.com:8080/cas/login ,回车

关于CAS单点登录的实例

CAS-server的默认验证规则:只要用户名和密码相同就认证通过(仅仅用于测试,生成环境需要根据实际情况修改),输入admin/admin 点击登录,就可以看到登录成功的页面:

退出时链接为:https://server.zhang.com:8080/cas/logout

看到上述页面表示CAS-Server已经部署成功


---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------部署客户端:

1、需要导入服务端生成的证书,用管理员身份打开cmd,进入到jdk的安装目录中;我的是这个----》C:\Program Files\Java\jdk1.7.0_67\jre\lib\security

执行一下命令:


keytool -import -keystore cacerts -file e:/sso/ssocas.crt -alias ssocas


关于CAS单点登录的实例

执行完后,已添加到了jdk中信任的证书。

---------------------------------------------------------------------

【如何删除从jdk中证书】

{

keytool -delete -alias ssocas -keystore cacerts -storepass ssodemo

}


-----------------------------------------------------------------

2、部署client

CAS-Client 下载地址:http://downloads.jasig.org/cas-clients/

以cas-client-3.2.1-release.zip 为例,解压提取cas-client-3.2.1/modules/cas-client-core-3.2.1.jar

借以tomcat默认自带的 webapps\examples 作为演示的简单web项目

-------下一步:-配置tomcat (如果是在同一台机器上,则另外启用一个tomcat)

    同一台机器时另起一个tomcat,需要修改

<Server port="8005" shutdown="SHUTDOWN">
改成
<Server port="8006" shutdown="SHUTDOWN">

<Connector port="18080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="18443" />
<Connector port="18009" protocol="AJP/1.3" redirectPort="18443" />

启动client的tomcat ,浏览器输入 http://client.zhang.com:18080/examples/servlets/ 回车:

没有报错说明配置启动成功。

下一步:接下来复制 client的lib包cas-client-core-3.2.1.jar到 \webapps\examples\WEB-INF\lib\目录下, 在\webapps\examples\WEB-INF\web.xml 文件中增加如下内容:


 

<!-- ======================== 单点登录开始 ======================== -->
		<!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置-->
		<listener>
			<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
		</listener>
 
		<!-- 该过滤器用于实现单点登出功能,可选配置。 -->
		<filter>
			<filter-name>CAS Single Sign Out Filter</filter-name>
			<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
		</filter>
		<filter-mapping>
			<filter-name>CAS Single Sign Out Filter</filter-name>
			<url-pattern>/*</url-pattern>
		</filter-mapping>
 
		<filter>
			<filter-name>CAS Filter</filter-name>
			<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
			<init-param>
				<param-name>casServerLoginUrl</param-name>
				<param-value>https://server.zhang.com:8080/cas/login</param-value>
			</init-param>
			<init-param>
				<param-name>serverName</param-name>
				<param-value>http://client.zhang.com:18080</param-value>
			</init-param>
		</filter>
		<filter-mapping>
			<filter-name>CAS Filter</filter-name>
			<url-pattern>/*</url-pattern>
		</filter-mapping>
		<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
		<filter>
			<filter-name>CAS Validation Filter</filter-name>
			<filter-class>
				org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
			<init-param>
				<param-name>casServerUrlPrefix</param-name>
				<param-value>https://server.zhang.com:808/cas</param-value>
			</init-param>
			<init-param>
				<param-name>serverName</param-name>
				<param-value>http://client.zhang.com:18080</param-value>
			</init-param>
		</filter>
		<filter-mapping>
			<filter-name>CAS Validation Filter</filter-name>
			<url-pattern>/*</url-pattern>
		</filter-mapping>
 
		<!--
			该过滤器负责实现HttpServletRequest请求的包裹,
			比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。
		-->
		<filter>
			<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
			<filter-class>
				org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
		</filter>
		<filter-mapping>
			<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
			<url-pattern>/*</url-pattern>
		</filter-mapping>
 
    <!--
		该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
		比如AssertionHolder.getAssertion().getPrincipal().getName()。
		-->
		<filter>
			<filter-name>CAS Assertion Thread Local Filter</filter-name>
			<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
		</filter>
		<filter-mapping>
			<filter-name>CAS Assertion Thread Local Filter</filter-name>
			<url-pattern>/*</url-pattern>
		</filter-mapping>
 
		<!-- ======================== 单点登录结束 ======================== -->

-----------------  启动后,输入:http://client.zhang.com.18080/example/如果没有验证用户身份,就会直接跳转到服务的登录界面,如果验证了,就会直接进入到相应的页面  

在servlet中获取到用户输入的用户名:

关于CAS单点登录的实例

-------

在创建这个web服务是,需要的包有:cas-client-core.3.3.3.jar  ,但是这个包还需要其他两个包: commons-lang-2.4.jar  slf4j-api-1.7.25.jar


------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

遇到的问题:

1、

严重: Servlet.service() for servlet [default] in context with path [/SSO] threw exception
java.lang.NullPointerException
    at java.lang.StringBuffer.indexOf(Unknown Source)
    at java.lang.StringBuffer.indexOf(Unknown Source)
    at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:169)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:100)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1132)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1539)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1495)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Unknown Source)

解决办法:在web.xml文件中的CASFilter 和CAS Validation Filter过滤器中的<init-param>      <param-name>serverName</param-name> 中的serverName改为service


2、

 十月 16, 2017 2:55:02 下午 org.apache.catalina.core.StandardWrapperValve invoke
严重: Servlet.service() for servlet [LoginServlet] in context with path [/SSO] threw exception
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:409)
    at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:45)
    at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:200)
    at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:206)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:180)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:100)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1132)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1539)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1495)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:395)
    ... 27 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 40 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
    at java.security.cert.CertPathBuilder.build(Unknown Source)
    ... 46 more

十月 16, 2017 3:02:23 下午 org.apache.catalina.core.StandardWrapperValve invoke
严重: Servlet.service() for servlet [LoginServlet] in context with path [/SSO] threw exception [Filter execution threw an exception] with root cause
java.lang.Error: Unresolved compilation problem:
    The method logout() is undefined for the type HttpServletRequest

    at org.jasig.cas.client.session.SingleSignOutHandler$Servlet30LogoutStrategy.logout(SingleSignOutHandler.java:380)
    at org.jasig.cas.client.session.SingleSignOutHandler.destroySession(SingleSignOutHandler.java:316)
    at org.jasig.cas.client.session.SingleSignOutHandler.process(SingleSignOutHandler.java:212)
    at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:99)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1132)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1539)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1495)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Unknown Source)

原因:证书导入不正确导致的,特别是同一台机器上,证书的导入。需要确定eclipse引用的jdk是不是你导入的证书的jdk,如果是用tomcat直接启动的,需要确认tomcat配置的jdk是不是你引入的证书的jdk.下面是eclipse中引用的jdk路径:


关于CAS单点登录的实例


参考文章:http://www.micmiu.com/enterprise-app/sso/sso-cas-sample/

http://www.kafeitu.me/sso/2010/11/05/sso-cas-full-course.html

--------------------完工-------------------------






相关标签: 单点登录