1.引言
在多服务统一帐号的应用集中,单点登录是必不可少的。CAS就是成熟的单点登录框架之一。
Github地址:https://github.com/apereo/cas。
现在我们就通过一系列快速简单的构建方式实现一个简单的单点登录系统集。
首先下载cas-overlay-template:https://github.com/apereo/cas-overlay-template ,这里我们使用5.3.x版本
# 拉去代码 git clone https://github.com/apereo/cas-overlay-template.git # 进入文件夹 cd cas-overlay-template # 切换分支 git checkout 5.3
2.准备工作
2.1.配置域名映射
打开host文件,配置cas域名映射。
windows:C:WindowsSystem32driversetc,linux:/etc/host
2.2.配置Keystore
配置keystore的目的是让tomcat支持https。
生成Keystore
keytool -genkey -alias tomcat -keyalg RSA -validity 3650 -keystore D:/keystore/tomcat.keystore
-alias tomcat :表示秘钥库的别名是tomcat,实际操作都用别名识别,所以这个参数很重要。你也可以去其他的别名。
-validity 3650:表示证书有效期10年。
-keystore D:/keystore/tomcat.keystore:指定keystore的存储路径为D:/keystore,名称为tomcat.keystore
秘钥库口令: changeit,这里建议输入changeit,因为证书库cacerts的缺省口令为changeit,这里方便统一。
名字与姓氏输入服务器域名。
其它回车,最后如果显示正确 输入 ‘y’ 就行了。
tomcat秘钥口令采用与秘钥库相同,因此也回车。
查看密匙库文件内容
keytool -list -keystore D:/keystore/tomcat.keystore
根据keystore生成crt文件
keytool -export -alias tomcat -file D:/keystore/tomcat.cer -keystore D:/keystore/tomcat.keystore -validity 3650
信任授权文件到jdk
keytool -import -keystore D:/java/jdk1.8/jre/lib/security/cacerts -file D:/keystore/tomcat.cer -alias tomcat -storepass changeit
证书库cacerts的缺省口令为changeit ,这也是为什么我上面的密码都是用的它,防止混淆,直接都设成一样的。
删除授权文件
keytool -delete -alias tomcat -keystore D:/java/jdk1.8/jre/lib/security/cacerts
查看cacerts中证书
keytool -list -v -keystore D:/java/jdk1.8/jre/lib/security/cacerts
2.3.修改tomcat的配置文件server.xml
打开tomcat安装目录的/conf/server.xml,添加以下内容
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="200" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="D:keystore omcat.keystore" keystorePass="changeit"/>
2.4.让浏览器信任证书
3.使用Overlay自定义服务端
overlay可以把多个项目war合并成为一个项目,并且如果项目存在同名文件,那么主项目中的文件将覆盖掉其他项目的同名文件。使用maven 的Overlay配置实现无侵入的改造cas。
3.1.打包Overlay
mvn clean package
执行完成后,在target下会生成cas.war
将war包进行解压
3.2.新建项目cas-server
pom.xml
在解压的war包中,拷贝pom.xml,路径:/cas/META-INF/maven/org.apereo.cas/cas-overlay
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.fdzang</groupId> <artifactId>cas-server</artifactId> <version>1.0-SNAPSHOT</version> <build> <plugins> <plugin> <groupId>com.rimerosolutions.maven.plugins</groupId> <artifactId>wrapper-maven-plugin</artifactId> <version>0.0.5</version> <configuration> <verifyDownload>true</verifyDownload> <checksumAlgorithm>MD5</checksumAlgorithm> </configuration> </plugin> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> <version>${springboot.version}</version> <configuration> <mainClass>${mainClassName}</mainClass> <addResources>true</addResources> <executable>${isExecutable}</executable> <layout>WAR</layout> </configuration> <executions> <execution> <goals> <goal>repackage</goal> </goals> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <version>2.6</version> <configuration> <warName>cas</warName> <failOnMissingWebXml>false</failOnMissingWebXml> <recompressZippedFiles>false</recompressZippedFiles> <archive> <compress>false</compress> <manifestFile>${manifestFileToUse}</manifestFile> </archive> <overlays> <overlay> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-webapp${app.server}</artifactId> </overlay> </overlays> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>3.3</version> </plugin> </plugins> <finalName>cas</finalName> </build> <properties> <cas.version>5.3.14</cas.version> <springboot.version>1.5.18.RELEASE</springboot.version> <!-- app.server could be -jetty, -undertow, -tomcat, or blank if you plan to provide appserver --> <app.server>-tomcat</app.server> <mainClassName>org.springframework.boot.loader.WarLauncher</mainClassName> <isExecutable>false</isExecutable> <manifestFileToUse> ${project.build.directory}/war/work/org.apereo.cas/cas-server-webapp${app.server}/META-INF/MANIFEST.MF </manifestFileToUse> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <repositories> <repository> <id>sonatype-releases</id> <url>http://oss.sonatype.org/content/repositories/releases/</url> <snapshots> <enabled>false</enabled> </snapshots> <releases> <enabled>true</enabled> </releases> </repository> <repository> <id>sonatype-snapshots</id> <url>https://oss.sonatype.org/content/repositories/snapshots/</url> <snapshots> <enabled>true</enabled> </snapshots> <releases> <enabled>false</enabled> </releases> </repository> <repository> <id>shibboleth-releases</id> <url>https://build.shibboleth.net/nexus/content/repositories/releases</url> </repository> </repositories> <profiles> <profile> <activation> <activeByDefault>true</activeByDefault> </activation> <id>default</id> <dependencies> <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-webapp${app.server}</artifactId> <version>${cas.version}</version> <type>war</type> <scope>runtime</scope> </dependency> <!-- ...Additional dependencies may be placed here... --> </dependencies> </profile> <profile> <activation> <activeByDefault>false</activeByDefault> </activation> <id>exec</id> <properties> <mainClassName>org.apereo.cas.web.CasWebApplication</mainClassName> <isExecutable>true</isExecutable> <manifestFileToUse></manifestFileToUse> </properties> <build> <plugins> <plugin> <groupId>com.soebes.maven.plugins</groupId> <artifactId>echo-maven-plugin</artifactId> <version>0.3.0</version> <executions> <execution> <phase>prepare-package</phase> <goals> <goal>echo</goal> </goals> </execution> </executions> <configuration> <echos> <echo>Executable profile to make the generated CAS web application executable.</echo> </echos> </configuration> </plugin> </plugins> </build> </profile> <profile> <activation> <activeByDefault>false</activeByDefault> </activation> <id>bootiful</id> <properties> <app.server>-tomcat</app.server> <isExecutable>false</isExecutable> </properties> <dependencies> <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-webapp${app.server}</artifactId> <version>${cas.version}</version> <type>war</type> <scope>runtime</scope> </dependency> </dependencies> </profile> <profile> <activation> <activeByDefault>false</activeByDefault> </activation> <id>pgp</id> <build> <plugins> <plugin> <groupId>com.github.s4u.plugins</groupId> <artifactId>pgpverify-maven-plugin</artifactId> <version>1.1.0</version> <executions> <execution> <goals> <goal>check</goal> </goals> </execution> </executions> <configuration> <pgpKeyServer>hkp://pool.sks-keyservers.net</pgpKeyServer> <pgpKeysCachePath>${settings.localRepository}/pgpkeys-cache</pgpKeysCachePath> <scope>test</scope> <verifyPomFiles>true</verifyPomFiles> <failNoSignature>false</failNoSignature> </configuration> </plugin> </plugins> </build> </profile> </profiles> </project>
其他文件
META-INF/spring.factories、application.properties、log4j2.xml,路径:casWEB-INFclasses
最终项目目录:
修改application.properties
server.ssl.enabled=true
server.ssl.key-store=file:D:/keystore/tomcat.keystore
server.ssl.key-store-password=changeit
server.ssl.key-password=changeit
server.ssl.keyAlias=tomcat
4.在IDEA配置Tomcat
点击Run-Edit Configurations…,添加tomcat,配置如下:
点击运行,第一次会出现如下情况,点击accept即可:
运行效果如下:
参考:https://blog.csdn.net/qq_34021712/article/details/80871015