- 从git下载cas,下载的是4.1.x版本。它是用maven管理Jar包的最后版本。
- 导入到idea中。
找到cas-server-webapp子项目,修改pom.xml,增加tomcat7 plugin启动
<plugin> <groupId>org.apache.tomcat.maven</groupId> <artifactId>tomcat7-maven-plugin</artifactId> <version>2.2</version> <configuration> <uriEncoding>UTF-8</uriEncoding> <path>/cas</path> <port>80</port> <contextReloadable>false</contextReloadable> </configuration> </plugin>注:其本身提供了jetty的启动方式,但是默认修改配置密钥,所以不暂时不使用。
修改deployerConfigContext.xml文件,修改默认的用户名和密码。
<bean id="primaryAuthenticationHandler" class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler"> <property name="users"> <map> <entry key="admin" value="123456"/> </map> </property> </bean>用tomcat7:run启动
去除HTTPS认证
此时访问登录页面,会出现下面的提示
Non-secure Connection
You are currently accessing CAS over a non-secure connection. Single Sign On WILL NOT WORK. In order to have single sign on work, you MUST log in over HTTPS.
提示需要配置https认证,下面我们就把这个去掉。
- 修改deployerConfigContext.xml文件
`xml
#找到如下bean配置
#增加p:requireSecure=”false”
- 修改ticketGrantingTicketCookieGenerator.xml修改p:cookieSecure=”false”
~~~ xml
# 找到如下bean配置
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="true"
p:cookieMaxAge="-1"
p:cookieName="CASTGC"
p:cookiePath="/cas" />
#修改后为:
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="false"
p:cookieMaxAge="-1"
p:cookieName="CASTGC"
p:cookiePath="/cas" />
~~~
- 修改warnCookieGenerator.xml修改p:cookieSecure=”false”
``` xml
# 找到如下配置
<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="true"
p:cookieMaxAge="-1"
p:cookieName="CASPRIVACY"
p:cookiePath="/cas" />
# 修改后为:
<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="false"
p:cookieMaxAge="-1"
p:cookieName="CASPRIVACY"
p:cookiePath="/cas" />
- 修改cas-server-webapp\src\main\resources\services\HTTPSandIMAPS-10000001.json下的文件增加http配置
~~~ json找到如下配置
“@class” : “org.jasig.cas.services.RegexRegisteredService”,
“serviceId” : “^(https|imaps)://.*”,
“name” : “HTTPS and IMAPS”,
“id” : 10000001,
修改成如下配置
“@class” : “org.jasig.cas.services.RegexRegisteredService”,
“serviceId” : “^(https|imaps|http)://.*”,
“name” : “HTTPS and IMAPS”,
“id” : 10000001,
::: warning 注意
如果不增加http的配置,应用不无跳转到CAS的登录页面。
:::
- 去掉登录页面的提示
去掉https验证后 保证了http访问也能进行正常交互。但是原生的cas server页面上的提示是不会根据设置自动消失的。只能我们手动去除。
8. 基于spring boot配置cas
~~~ java
package cn.sibat.cas.demo.config;
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import javax.servlet.annotation.WebFilter;
import java.util.*;
/**
* CAS 过滤器
* @author: xiaojun
* @version: 2018/11/22
*/
@Configuration
public class CasConfig {
/**
* 登出监听器
* @return
*/
@Bean
public ServletListenerRegistrationBean singleSignOutHttpSessionListener() {
ServletListenerRegistrationBean registrationBean = new ServletListenerRegistrationBean();
registrationBean.setListener(new SingleSignOutHttpSessionListener());
return registrationBean;
}
/**
* 登出过滤器
* @return
*/
@Bean
public FilterRegistrationBean singleSignOutFilter() {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setFilter(new SingleSignOutFilter());
List<String> urlPatterns = new ArrayList<>();
urlPatterns.add("/*");
filterRegistrationBean.setUrlPatterns(urlPatterns);
filterRegistrationBean.setOrder(1); //登出过滤器的优先级要最高,否则登录会不生效。
return filterRegistrationBean;
}
/**
* 认证Filter
* @return
*/
@Bean
public FilterRegistrationBean authenticationFilter() {
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new AuthenticationFilter());
Map<String,String> initParameters = new HashMap<>();
initParameters.put("casServerLoginUrl","http://xiaojun02.sibat.cn:8761/cas/login");
initParameters.put("serverName", "http://xiaojun02.sibat.cn:8762");
authenticationFilter.setInitParameters(initParameters);
authenticationFilter.setOrder(2);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 设置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
/**
* 验证票据Filter
* @return
*/
@Bean
public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() {
FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter = new FilterRegistrationBean();
cas20ProxyReceivingTicketValidationFilter.setFilter(new Cas20ProxyReceivingTicketValidationFilter());
Map<String, String> initParameters = new HashMap<String, String>();
initParameters.put("casServerUrlPrefix", "http://xiaojun02.sibat.cn:8761/cas");
initParameters.put("serverName", "http://xiaojun02.sibat.cn:8762");
cas20ProxyReceivingTicketValidationFilter.setInitParameters(initParameters);
cas20ProxyReceivingTicketValidationFilter.setOrder(3);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 设置匹配的url
cas20ProxyReceivingTicketValidationFilter.setUrlPatterns(urlPatterns);
return cas20ProxyReceivingTicketValidationFilter;
}
/**
* 一个标准的过滤器
* @return
*/
@Bean
public FilterRegistrationBean casHttpServletRequestWrapperFilter(){
FilterRegistrationBean authenticationFilter = new FilterRegistrationBean();
authenticationFilter.setFilter(new HttpServletRequestWrapperFilter());
authenticationFilter.setOrder(3);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/*");// 设置匹配的url
authenticationFilter.setUrlPatterns(urlPatterns);
return authenticationFilter;
}
}
