cas单点登录 （一） 服务端安装、配置部署与认证访问

cas 版本使用 5.2x

1.服务安装

cas服务安装（含秘钥生成）  本篇不介绍，可参考 https://blog.csdn.net/yelllowcong/article/details/78805420

2.下载cas服务端maven版 cas-overlay-template  当前版本5.2.x ,要求jdk8+

下载地址： https://github.com/apereo/cas-overlay-template

下载后的目录结构如下：

 3.启动和访问方式

  方式一：打包后，在target目录中形成cas.war ，放入第三方tomcat容器中运行
  在文件目录下执行 ./build.sh package
  
  方式二：cas内部嵌入tomcat启动
  pom.xml 中配置 ： <app.server>-tomcat<app.server>
  当前目录命令执行 ./build.sh run 
  访问地址：
   http://cas.server.name:8080/cas    
   https://cas.server.name:8443/cas    -- 此方式需要进行https相关配置，生成秘钥方法参考[1.服务安装]

4.自定义配置

新建src目录结构

配置application.properties(此处配置将覆盖原有配置，并生效)  配置项参考下图中application.properties, 

配置项列举：

##
# CAS Server Context Configuration
#
server.context-path=/cas
server.port=8445

server.max-http-header-size=2097152
server.use-forward-headers=true
server.connection-timeout=20000
server.error.include-stacktrace=ALWAYS

server.compression.enabled=true
server.compression.mime-types=application/javascript,application/json,application/xml,text/html,text/xml,text/plain

server.tomcat.max-http-post-size=2097152
server.tomcat.basedir=build/tomcat
server.tomcat.accesslog.enabled=true
server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms)
server.tomcat.accesslog.suffix=.log
server.tomcat.max-threads=10
server.tomcat.port-header=X-Forwarded-Port
server.tomcat.protocol-header=X-Forwarded-Proto
server.tomcat.protocol-header-https-value=https
server.tomcat.remote-ip-header=X-FORWARDED-FOR
server.tomcat.uri-encoding=UTF-8

spring.http.encoding.charset=UTF-8
spring.http.encoding.enabled=true
spring.http.encoding.force=true

##
# CAS Cloud Bus Configuration
#
spring.cloud.bus.enabled=false
# spring.cloud.bus.refresh.enabled=true
# spring.cloud.bus.env.enabled=true
# spring.cloud.bus.destination=CasCloudBus
# spring.cloud.bus.ack.enabled=true

endpoints.enabled=false
endpoints.sensitive=true

endpoints.restart.enabled=false
endpoints.shutdown.enabled=false

management.security.enabled=true
management.security.roles=ACTUATOR,ADMIN
management.security.sessions=if_required
management.context-path=/status
management.add-application-context-header=false

security.basic.authorize-mode=role
security.basic.enabled=false
security.basic.path=/cas/status/**

##
# CAS Web Application Session Configuration
#
server.session.timeout=300
server.session.cookie.http-only=true
server.session.tracking-modes=COOKIE

##
# CAS Thymeleaf View Configuration
#
spring.thymeleaf.encoding=UTF-8
spring.thymeleaf.cache=true
spring.thymeleaf.mode=HTML
##
# CAS Log4j Configuration
#
# logging.config=file:/etc/cas/log4j2.xml
# logging.config: D:/WorkSpaces_2018/cas/etc/cas/config/log4j2.xml
server.context-parameters.isLog4jAutoInitializationDisabled=true

##
# CAS AspectJ Configuration
#
spring.aop.auto=true
spring.aop.proxy-target-class=true

##
# CAS Authentication Credentials 默认静态认证用户 用户名：casuser 密码：Mellon
# 
cas.authn.accept.users=casuser::Mellon

 5.支持https配置

# 支持https协议
server.ssl.enabled=true
server.ssl.key-store=D:/keystore
server.ssl.key-store-password=xiweile
server.ssl.key-password=xiweile
server.ssl.key-alias=tomcat
# server.ssl.ciphers=
# server.ssl.client-auth=
# server.ssl.key-store-provider=
# server.ssl.key-store-type=
# server.ssl.protocol=
# server.ssl.trust-store=
# server.ssl.trust-store-password=
# server.ssl.trust-store-provider=
# server.ssl.trust-store-type=

 6. 支持jdbc 数据库用户认证

    pom.xml添加数据库驱动和cas jdbc支持依赖包

<!-- 数据库驱动 -->
<dependency>
    <groupId>mysql</groupId>
    <artifactId>mysql-connector-java</artifactId>
    <version>5.1.21</version>
</dependency>
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-jdbc-drivers</artifactId>
    <version>${cas.version}</version>
</dependency>
<!--jdbc认证需要添加的，这个是cas的依赖包-->
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-jdbc</artifactId>
    <version>${cas.version}</version>
</dependency>

    application.properties添加jdbc配置项

# 设置通过jdbc的方式来进行认证操作。
cas.authn.jdbc.query[0].sql=SELECT * FROM user WHERE username = ?
# select * from cms_auth_user where user_name=?
cas.authn.jdbc.query[0].healthQuery=
cas.authn.jdbc.query[0].isolateInternalQueries=false
cas.authn.jdbc.query[0].url=jdbc:mysql://127.0.0.1:3306/demo?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&useSSL=false
cas.authn.jdbc.query[0].failFast=true
cas.authn.jdbc.query[0].isolationLevelName=ISOLATION_READ_COMMITTED
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect
cas.authn.jdbc.query[0].leakThreshold=10
cas.authn.jdbc.query[0].propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.jdbc.query[0].batchSize=1
cas.authn.jdbc.query[0].user=root
cas.authn.jdbc.query[0].password=xiweile
cas.authn.jdbc.query[0].ddlAuto=create-drop
cas.authn.jdbc.query[0].maxAgeDays=180
cas.authn.jdbc.query[0].autocommit=false
cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
cas.authn.jdbc.query[0].idleTimeout=5000
cas.authn.jdbc.query[0].credentialCriteria=
cas.authn.jdbc.query[0].name=
cas.authn.jdbc.query[0].order=0
cas.authn.jdbc.query[0].dataSourceName=
cas.authn.jdbc.query[0].dataSourceProxy=false
#密码字段的信息
cas.authn.jdbc.query[0].fieldPassword=password
#加密策略 默认NONE未加密  可支持MD5 、 SHA
cas.authn.jdbc.query[0].passwordEncoder.type=NONE 

7. 允许客户端http访问，解决客户端出现“cas未认证授权服务不允许使用”问题

# 允许客户端使用http协议，防止出现“cas未认证授权服务不允许使用”
cas.tgc.secure=false
cas.serviceRegistry.initFromJson=true