cas 单点登录(SSO)实验之二: cas-client
參考文章:
http://my.oschina.net/indestiny/blog/200768#comments
http://wenku.baidu.com/view/0bcc0d01e87101f69e319595.html
接上一篇文章:
cas 单点登录(SSO)实验之中的一个: jasig cas-server 安装
本文说明怎样写一个web服务(cas-study)。使用cas-server提供的验证服务。当用户訪问这个cas-study服务。会使用上一节的cas-server来验证。
为了说明问题,本文使用tomcat7。http:8080。本文所有内容在服务器B(Ubuntu14.04)上执行。
1 用Maven新建一个webproject
$ mvn archetype:generate -DgroupId=com.pepstack -DartifactId=cas-study -DarchetypeArtifactId=maven-archetype-webapp -DinteractiveMode=false -X
假设发现mvn命令停在以下这行:
[DEBUG] Searching for remote catalog: http://repo1.maven.org/maven2/archetype-catalog.xmlhttp://repo1.maven.org/maven2/archetype-catalog.xml把 archetype-catalog.xml 拷贝到以下的路径(2.x 依据实际情况而定):
~/.m2/repository/org/apache/maven/archetype/archetype-catalog/2.x然后又一次执行(添加了选项-DarchetypeCatalog=local):
$ mvn archetype:generate -DgroupId=com.pepstack -DartifactId=cas-study -DarchetypeArtifactId=maven-archetype-webapp -DarchetypeCatalog=local -DinteractiveMode=false -X
输入以下的命令创建一个quickstartproject:
$ mvn archetype:generate -DgroupId=com.pepstack -DartifactId=quickstart -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false -X -DarchetypeCatalog=local
将quickstartproject的java和test文件夹拷贝到cas-studyproject下:
$ cp -r quickstart/src/test cas-study/src/
$ cp -r quickstart/src/main/java cas-study/src/main
在cas-study文件夹下执行命令,编译war:
$ mvn clean compile install
$ mvn test
2 改动webproject
在cas-study文件夹下:
1) 按以下的内容改动pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.pepstack</groupId> <artifactId>cas-study</artifactId> <packaging>war</packaging> <version>1.0-SNAPSHOT</version> <name>cas-study Maven Webapp</name> <url>http://maven.apache.org</url> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>3.8.1</version> <scope>test</scope> </dependency> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.1.3</version> </dependency> <dependency> <!-- Jasig CAS Client For Java Core --> <groupId>org.jasig.cas.client</groupId> <artifactId>cas-client-core</artifactId> <version>3.2.1</version> <exclusions> <exclusion> <artifactId>servlet-api</artifactId> <groupId>javax.servlet</groupId> </exclusion> </exclusions> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> <scope>provided</scope> </dependency> </dependencies> <build> <finalName>cas-study</finalName> <plugins> <!-- $ mvn jetty:run --> <!-- <plugin> <groupId>org.mortbay.jetty</groupId> <artifactId>maven-jetty-plugin</artifactId> </plugin> --> <plugin> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-maven-plugin</artifactId> <version>9.1.0.v20131115</version> <configuration> <webApp> <contextPath>/cas-study</contextPath> </webApp> </configuration> </plugin> </plugins> </build> </project>
2) jetty 执行命令
$ mvn clean compile install
$ mvn jetty:run
然后打开浏览器输入:
http://localhost:8080/cas-study/
看到以下的内容:
Hello World!
3) Eclipse project
$ mvn eclipse:eclipse
然后:
eclipse>> import existing project
cas-study run as server
3 加入一个简单的serverlet
${project_dir}/src/main/java/com/pepstack/SimpleServlet.java/**
* SimpleServlet.java
*/
package com.pepstack;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class SimpleServlet extends HttpServlet
{
@Override
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
throws ServletException, IOException {
final PrintWriter out = resp.getWriter();
out.println("<h1>SimpleServlet Executed</h1>");
out.flush();
out.close();
}
}
${project_dir}/src/main/webapp/WEB-INF/web.xml
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app>
<display-name>Archetype Created Web Application</display-name>
<servlet>
<servlet-name>simple</servlet-name>
<servlet-class>com.pepstack.SimpleServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>simple</servlet-name>
<url-pattern>/simple</url-pattern>
</servlet-mapping>
</web-app>然后执行:
$ mvn clean compile install jetty:run
打开浏览器訪问:
http://localhost:8080/cas-study/simple
显示:
SimpleServlet Executed
4 把服务器A(cas server)的证书加入到B
在上一篇文章中,我们已经在服务器A上生成了证书:ssotest.crt。
这里须要把这个文件拷贝到服务器B。
然后加入到jre中。假定证书在~/ssotest.crt。加入证书命令:
如有必要先删除:
$ rm -r /usr/local/java/jdk1.7.0_67/jre/lib/security/cacerts
再加入证书(ssotest.crt一定是服务器A上生成的证书):
$ keytool -import -keystore /usr/local/java/jdk1.7.0_67/jre/lib/security/cacerts -file ./ssotest.crt -alias ssotest
Enter keystore password: 123456
Re-enter new password: 123456
Owner: CN=repo.pepstack.com, OU=pepstack.com, O=pepstack.com, L=SHA, ST=SHA, C=CN
Issuer: CN=repo.pepstack.com, OU=pepstack.com, O=pepstack.com, L=SHA, ST=SHA, C=CN
Serial number: 2c324853
Valid from: Fri Aug 07 15:55:58 CST 2015 until: Thu Nov 05 15:55:58 CST 2015
Certificate fingerprints:
MD5: 49:77:8E:3C:6A:3E:67:0F:4A:F2:9F:AD:07:D5:1C:70
SHA1: 8A:B0:BF:96:46:7C:B7:DA:53:E4:10:40:49:EC:16:33:BA:66:81:D1
SHA256: 14:7F:01:D7:54:8A:64:C3:88:33:81:37:BD:0D:24:AD:D5:E7:A7:1B:CC:E1:84:36:AC:3B:E8:E3:0B:99:81:47
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9C 34 0B 19 6F 6E 4D 64 BF 77 EC 80 88 D8 E4 37 .4..onMd.w.....7
0010: F8 EF C3 71 ...q
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
5 改动web.xml。更改后的例如以下
<?xml version="1.0" encoding="UTF-8"?当中:> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <jsp-config> <jsp-property-group> <url-pattern>*.jsp</url-pattern> <el-ignored>false</el-ignored> </jsp-property-group> </jsp-config> <display-name>cas-study</display-name> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <filter> <filter-name>CasSingleSignOutFilter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter-mapping> <filter-name>CasSingleSignOutFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>CASFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <!-- Cas Server URL --> <param-name>casServerLoginUrl</param-name> <param-value>https://repo.pepstack.com:8443/cas/login</param-value> </init-param> <init-param> <!-- Cas Client URL --> <param-name>serverName</param-name> <param-value>http://localhost:8080</param-value> </init-param> </filter> <filter-mapping> <filter-name>CASFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>CasTicketFilter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://repo.pepstack.com:8443/cas/</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8080</param-value> </init-param> </filter> <filter-mapping> <filter-name>CasTicketFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>CasRequestWrapFilter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>CasRequestWrapFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>AssertionThreadLocalFilter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter-mapping> <filter-name>AssertionThreadLocalFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <servlet> <servlet-name>simple</servlet-name> <servlet-class>com.pepstack.SimpleServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>simple</servlet-name> <url-pattern>/simple</url-pattern> </servlet-mapping> </web-app>
1) repo.pepstack.com 是服务器A的hostname. 服务器B须要配置/etc/hosts:
192.168.122.18 repo.pepstack.com
2) localhost:8080 是serverB的web服务。
訪问方式:http://localhost:8080/cas-study/
6 又一次编译并执行cas-study
$ mvn clean compile install jetty:run打开firefox浏览器,输入以下的地址:
http://localhost:8080/cas-study/
或者
http://localhost:8080/cas-study/simple
能够显示jasig的登录界面。假设已经登录过。直接显示网页内容。
打开chrome浏览器,仍然须要又一次登录,由于不同的浏览器session不公用。