cas 单点登录(SSO)实验之二: cas-client
参考文章:
http://my.oschina.net/indestiny/blog/200768#comments
http://wenku.baidu.com/view/0bcc0d01e87101f69e319595.html
接上一篇文章:
cas 单点登录(SSO)实验之一: jasig cas-server 安装
本文说明如何写一个web服务(cas-study),使用cas-server提供的验证服务。当用户访问这个cas-study服务,会使用上一节的cas-server来验证。为了说明问题,本文使用tomcat7,http:8080。本文全部内容在服务器B(Ubuntu14.04)上执行。
1 用Maven新建一个web工程
$ mvn archetype:generate -DgroupId=com.pepstack -DartifactId=cas-study -DarchetypeArtifactId=maven-archetype-webapp -DinteractiveMode=false -X
如果发现mvn命令停在下面这行:
[DEBUG] Searching for remote catalog: http://repo1.maven.org/maven2/archetype-catalog.xml就手动下载:http://repo1.maven.org/maven2/archetype-catalog.xml
把 archetype-catalog.xml 拷贝到下面的路径(2.x 根据实际情况而定):
~/.m2/repository/org/apache/maven/archetype/archetype-catalog/2.x然后重新执行(增加了选项-DarchetypeCatalog=local):
$ mvn archetype:generate -DgroupId=com.pepstack -DartifactId=cas-study -DarchetypeArtifactId=maven-archetype-webapp -DarchetypeCatalog=local -DinteractiveMode=false -X
输入下面的命令创建一个quickstart工程:
$ mvn archetype:generate -DgroupId=com.pepstack -DartifactId=quickstart -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false -X -DarchetypeCatalog=local
将quickstart工程的java和test目录复制到cas-study工程下:
$ cp -r quickstart/src/test cas-study/src/
$ cp -r quickstart/src/main/java cas-study/src/main
在cas-study目录下运行命令,编译war:
$ mvn clean compile install
$ mvn test
2 修改web工程
在cas-study目录下:
1) 按下面的内容修改pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.pepstack</groupId> <artifactId>cas-study</artifactId> <packaging>war</packaging> <version>1.0-SNAPSHOT</version> <name>cas-study Maven Webapp</name> <url>http://maven.apache.org</url> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>3.8.1</version> <scope>test</scope> </dependency> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.1.3</version> </dependency> <dependency> <!-- Jasig CAS Client For Java Core --> <groupId>org.jasig.cas.client</groupId> <artifactId>cas-client-core</artifactId> <version>3.2.1</version> <exclusions> <exclusion> <artifactId>servlet-api</artifactId> <groupId>javax.servlet</groupId> </exclusion> </exclusions> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> <scope>provided</scope> </dependency> </dependencies> <build> <finalName>cas-study</finalName> <plugins> <!-- $ mvn jetty:run --> <!-- <plugin> <groupId>org.mortbay.jetty</groupId> <artifactId>maven-jetty-plugin</artifactId> </plugin> --> <plugin> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-maven-plugin</artifactId> <version>9.1.0.v20131115</version> <configuration> <webApp> <contextPath>/cas-study</contextPath> </webApp> </configuration> </plugin> </plugins> </build> </project>
2) jetty 运行命令
$ mvn clean compile install
$ mvn jetty:run
然后打开浏览器输入:
http://localhost:8080/cas-study/
看到下面的内容:
Hello World!
3) Eclipse 工程
$ mvn eclipse:eclipse
然后:
eclipse>> import existing project
cas-study run as server
3 添加一个简单的serverlet
${project_dir}/src/main/java/com/pepstack/SimpleServlet.java
/**
* SimpleServlet.java
*/
package com.pepstack;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class SimpleServlet extends HttpServlet
{
@Override
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
throws ServletException, IOException {
final PrintWriter out = resp.getWriter();
out.println("<h1>SimpleServlet Executed</h1>");
out.flush();
out.close();
}
}
${project_dir}/src/main/webapp/WEB-INF/web.xml
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app>
<display-name>Archetype Created Web Application</display-name>
<servlet>
<servlet-name>simple</servlet-name>
<servlet-class>com.pepstack.SimpleServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>simple</servlet-name>
<url-pattern>/simple</url-pattern>
</servlet-mapping>
</web-app>
然后运行:
$ mvn clean compile install jetty:run
打开浏览器访问:
http://localhost:8080/cas-study/simple
显示:
SimpleServlet Executed
4 把服务器A(cas server)的证书添加到B
在上一篇文章中,我们已经在服务器A上生成了证书:ssotest.crt。这里需要把这个文件复制到服务器B。然后添加到jre中。假定证书在~/ssotest.crt,添加证书命令:
如有必要先删除:
$ rm -r /usr/local/java/jdk1.7.0_67/jre/lib/security/cacerts
再添加证书(ssotest.crt一定是服务器A上生成的证书):
$ keytool -import -keystore /usr/local/java/jdk1.7.0_67/jre/lib/security/cacerts -file ./ssotest.crt -alias ssotest
Enter keystore password: 123456
Re-enter new password: 123456
Owner: CN=repo.pepstack.com, OU=pepstack.com, O=pepstack.com, L=SHA, ST=SHA, C=CN
Issuer: CN=repo.pepstack.com, OU=pepstack.com, O=pepstack.com, L=SHA, ST=SHA, C=CN
Serial number: 2c324853
Valid from: Fri Aug 07 15:55:58 CST 2015 until: Thu Nov 05 15:55:58 CST 2015
Certificate fingerprints:
MD5: 49:77:8E:3C:6A:3E:67:0F:4A:F2:9F:AD:07:D5:1C:70
SHA1: 8A:B0:BF:96:46:7C:B7:DA:53:E4:10:40:49:EC:16:33:BA:66:81:D1
SHA256: 14:7F:01:D7:54:8A:64:C3:88:33:81:37:BD:0D:24:AD:D5:E7:A7:1B:CC:E1:84:36:AC:3B:E8:E3:0B:99:81:47
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9C 34 0B 19 6F 6E 4D 64 BF 77 EC 80 88 D8 E4 37 .4..onMd.w.....7
0010: F8 EF C3 71 ...q
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
5 修改web.xml,更改后的如下
<?xml version="1.0" encoding="UTF-8"?>
<web-app
version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<jsp-config>
<jsp-property-group>
<url-pattern>*.jsp</url-pattern>
<el-ignored>false</el-ignored>
</jsp-property-group>
</jsp-config>
<display-name>cas-study</display-name>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CasSingleSignOutFilter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CasSingleSignOutFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<!-- Cas Server URL -->
<param-name>casServerLoginUrl</param-name>
<param-value>https://repo.pepstack.com:8443/cas/login</param-value>
</init-param>
<init-param>
<!-- Cas Client URL -->
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CasTicketFilter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://repo.pepstack.com:8443/cas/</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CasTicketFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CasRequestWrapFilter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CasRequestWrapFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>AssertionThreadLocalFilter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AssertionThreadLocalFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>simple</servlet-name>
<servlet-class>com.pepstack.SimpleServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>simple</servlet-name>
<url-pattern>/simple</url-pattern>
</servlet-mapping>
</web-app>
其中:
1) repo.pepstack.com 是服务器A的hostname. 服务器B需要配置/etc/hosts:
192.168.122.18 repo.pepstack.com
2) localhost:8080 是服务器B的web服务。访问方式:http://localhost:8080/cas-study/
6 重新编译并运行cas-study
$ mvn clean compile install jetty:run
打开firefox浏览器,输入下面的地址:
http://localhost:8080/cas-study/
或者
http://localhost:8080/cas-study/simple
可以显示jasig的登录界面。如果已经登录过,直接显示网页内容。
打开chrome浏览器,仍然需要重新登录,因为不同的浏览器session不公用。