作者:郁雯佩菱2 | 来源:互联网 | 2023-09-01 20:29
单点登录(SingleSignOn),简称为SSO,是目前比较流行的企业业务整合的解决方案之一。SSO的定义是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统Cent
单点登录(Single Sign On),简称为 SSO,是目前比较流行的企业业务整合的解决方案之一。SSO的定义是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统
Centos7安装cas系统
(1) 上传cas.war到Centos机器的tomcat/webapps目录下
(2) 端口修改
vim /usr/local/tomcat/apache-tomcat-7.0.52/conf/web.xml
vim /usr/local/tomcat/apache-tomcat-7.0.52/webapps/cas/WEB-INF/cas.properties
(3) 去除https认证
1) 修改cas的WEB-INF/deployerConfigContext.xml
vim /usr/local/tomcat/apache-tomcat-7.0.52/webapps/cas/WEB-INF/deployerConfigContext.xml
2) 修改cas的/WEB-INF/spring-configuration/ticketGrantingTicketCOOKIEGenerator.xml
参数p:COOKIESecure="true",同理为HTTPS验证相关,TRUE为采用HTTPS验证,FALSE为不采用https验证。
参数p:COOKIEMaxAge="-1",是COOKIE的最大生命周期,-1为无生命周期,即只在当前打开的窗口有效,关闭或重新打开其它窗口,仍会要求验证。可以根据需要修改为大于0的数字,比如3600等,意思是在3600秒内,打开任意窗口,都不需要验证
vim /usr/local/tomcat/apache-tomcat-7.0.52/webapps/cas/WEB-INF/spring-configuration/ticketGrantingTicketCOOKIEGenerator.xml
3) 修改cas的WEB-INF/spring-configuration/warnCOOKIEGenerator.xml
vim /usr/local/tomcat/apache-tomcat-7.0.52/webapps/cas/WEB-INF/spring-configuration/warnCOOKIEGenerator.xml
(4) cas认证数据源配置
1) 修改cas服务端中web-inf下deployerConfigContext.xml ,添加如下配置
class="com.mchange.v2.c3p0.ComboPooledDataSource"
p:driverClass="com.mysql.jdbc.Driver"
p:jdbcUrl="jdbc:mysql://127.0.0.1:3306/db?characterEncoding=utf8"
p:user="user"
p:password="password" />
class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
c:encodingAlgorithm="MD5"
p:characterEncoding="UTF-8" />
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
p:dataSource-ref="dataSource"
p:sql="select password from tb_user where username = ?"
p:passwordEncoder-ref="passwordEncoder"/>
2)
3) 导入jar包
cp -r c3p0-0.9.1.2.jar /usr/local/tomcat/apache-tomcat-7.0.52/webapps/cas/WEB-INF/lib
cp -r cas-server-support-jdbc-4.0.0.jar /usr/local/tomcat/apache-tomcat-7.0.52/webapps/cas/WEB-INF/lib
cp -r mysql-connector-java-5.1.32.jar /usr/local/tomcat/apache-tomcat-7.0.52/webapps/cas/WEB-INF/lib
(5) 替换cas登录页面
1) 将css js等文件夹拷贝到 cas目录下
2) 将工程登录页拷贝到cas系统下WEB-INF\view\jsp\default\ui 目录下,并重命名为casLoginView.jsp(先重命名cas系统原casLoginView.jsp)
3) 添加指令
<%@ page pageEncoding="UTF-8" %>
<%@ page cOntentType="text/html; charset=UTF-8" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
4) 修改form标签
5) 修改登录框
accesskey="${userNameAccessKey}" path="username" autocomplete="off" htmlEscape="true"
placeholder="邮箱/用户名/手机号" class="span2 input-xfat" />
accesskey="${passwordAccessKey}" htmlEscape="true" autocomplete="off"
placeholder="请输入密码" class="span2 input-xfat" />
6) 修改登录按钮
7) 错误提示,在form内表单添加
8) 修改错误提示
vim /usr/local/tomcat/apache-tomcat-7.0.52/webapps/cas/WEB-INF/cas-servlet.xml
9) 在messages_zh_CN.properties添加以下内容
vim /usr/local/tomcat/apache-tomcat-7.0.52/webapps/cas/WEB-INF/classes/messages_zh_CN.properties
authenticationFailure.AccountNotFoundException=\u7528\u6237\u4E0D\u5B58\u5728.
authenticationFailure.FailedLoginException=\u5BC6\u7801\u9519\u8BEF.
spring-security整合cas
(1) 添加依赖
org.springframework.security
spring-security-web
org.springframework.security
spring-security-config
javax.servlet
servlet-api
provided
org.springframework.security
spring-security-cas
org.jasig.cas.client
cas-client-core
org.slf4j
log4j-over-slf4j
(2) 授权认证类
import java.util.ArrayList;
import java.util.List;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
public class UserDetailServiceImpl implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
System.out.println("UserDetailsServiceImpl : " + username);
// 角色授权
List authorities = new ArrayList();
GrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
authorities.add(authority);
return new User(username, "", authorities);
}
}
(3) spring-security.xml
xmlns:dubbo="http://code.alibabatech.com/schema/dubbo" xmlns:cOntext="http://www.springframework.org/schema/context"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://code.alibabatech.com/schema/dubbo http://code.alibabatech.com/schema/dubbo/dubbo.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
class="org.springframework.security.cas.ServiceProperties">
class="org.springframework.security.cas.web.CasAuthenticationFilter">
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<beans:bean
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:bean
class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
value="an_id_for_this_auth_provider_only" />
class="com.xxx.user.service.impl.UserDetailServiceImpl" />
class="org.jasig.cas.client.session.SingleSignOutFilter" />
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:bean
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
(4) web.xml
home-index.html
CharacterEncodingFilter
class>org.springframework.web.filter.CharacterEncodingFilterclass>
encoding
utf-8
CharacterEncodingFilter
/*
xxx-user-web
org.springframework.web.servlet.DispatcherServlet
contextConfigLocation
classpath:spring/springmvc.xml
1
xxx-user-web
*.do
contextConfigLocation
classpath:spring/spring-security.xml
org.springframework.web.context.ContextLoaderListener
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
(5) 页面登出代码
(6) 获取登录名
@RestController
public class UserController {
@RequestMapping("/findLoginUser")
public void findLoginUser(){
String name = SecurityContextHolder.getContext().getAuthentication().getName();
System.out.println(name);
}
}