1、各framework版本信息
JDK 8
Tomcat 7
SpringMVC-4.2.0.RELEASE
Spring Security 4.2.0.RELEASE
CAS-Client 3.3.3
CAS-Server 4.0.0
2、MAVEN的pom.xml
3、配置CAS-Server
1)、下载CAS-Server的Zip包[http://developer./cas/]
解压后将modules文件夹中的[cas-server-webapp-4.0.0.war]放到tomcat的webapps文件夹中、重命名为cas.war。
启动tomcat、解压war包、浏览器中输入[http://localhost:8080/cas/]
打开CAS-Server的登录画面、输入默认用户名/密码:[casuser/Mellon]、提示[login success]即登录成功。
2)、修改CAS-Server配置文件、支持数据库登录校验
打开[../tomcat/webapps/cas/WEB-INF/deployerConfigContext.xml]文件
完成的配置文件
同时需要将[c3p0-0.9.1.2.jar]、[cas-server-support-jdbc-4.0.0.jar](CAS-Servier的module目录中)、[mysql-connector-java-5.x.xx-bin.jar]放入[WEB-INF/lib]目录中。重新启动Tomcat、打开CAS登录画面验证是否可以进行数据库校验。
注意:1、修改配置文件中的sql文匹配自己的数据库。
2、密码列采用MD5加密、注意数据匹配
4、配置CAS-Client
1)、web.xml的配置
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>classpath:/config/spring/spring.xml, classpath:/config/spring/spring-cas.xml</param-value>
- </context-param>
-
- <filter>
- <filter-name>CAS Single Sign Out Filter</filter-name>
- <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
- </filter>
-
- <filter-mapping>
- <filter-name>CAS Single Sign Out Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
- <filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
-
- <!--
- - Loads the root application context of this web app at startup.
- - The application context is then available via
- - WebApplicationContextUtils.getWebApplicationContext(servletContext).-->
- <listener>
- <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
- </listener>
-
2)、完整的spring-cas.xml
- <?xml version="1.0" encoding="UTF-8"?>
- <beans xmlns="http://www./schema/beans"
- xmlns:xsi="http://www./2001/XMLSchema-instance"
- xmlns:p="http://www./schema/p"
- xmlns:context="http://www./schema/context"
- xmlns:sec="http://www./schema/security"
- xsi:schemaLocation="http://www./schema/beans
- http://www./schema/beans/spring-beans-4.2.xsd
- http://www./schema/context
- http://www./schema/context/spring-context-4.2.xsd
- http://www./schema/security
- http://www./schema/security/spring-security-4.0.xsd"
- default-lazy-init="true">
-
-
- <!-- 浏览权限设定,根据自己的情况修改 -->
- <sec:http auto-config="false" use-expressions="false" disable-url-rewriting="false"
- entry-point-ref="casProcessingFilterEntryPoint">
- <sec:headers disabled="true"/>
- <sec:csrf disabled="false"/>
- <sec:intercept-url pattern="/static/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
- <sec:intercept-url pattern="/**" access="ROLE_USER"/>
- <sec:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter" />
- <sec:logout logout-success-url="/static/html/logout-success.html"/>
- <sec:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
- <sec:custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
- </sec:http>
-
- <!-- This filter handles a Single Logout Request from the CAS Server -->
- <bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
-
- <!-- This filter redirects to the CAS Server to signal Single Logout should be performed -->
- <bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
- <constructor-arg value="http://localhost:8081/cas/logout"/>
- <constructor-arg>
- <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
- </constructor-arg>
- <property name="filterProcessesUrl" value="/logout/cas"/>
- </bean>
-
- <sec:authentication-manager alias="authenticationManager">
- <sec:authentication-provider ref="casAuthenticationProvider"/>
- </sec:authentication-manager>
-
- <bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
- <property name="authenticationManager" ref="authenticationManager"/>
- <!-- 认证失败返回的页面(非403错误)
- <property name="authenticationFailureHandler">
- <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
- <property name="defaultFailureUrl" value="/static/html/errors/403.html"/>
- </bean>
- </property>-->
- <!-- 认证成功返回的页面,此处做了修改,这个类是继续之前的操作。默认的类是设置一个固定的页面
- <property name="authenticationSuccessHandler">
- <bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"/>
- </property>-->
- </bean>
-
- <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
- <!-- 单点登录服务器登录URL -->
- <property name="loginUrl" value="http://localhost:8081/cas/login"/>
-
- <property name="serviceProperties" ref="serviceProperties"/>
- </bean>
-
- <bean id="userDetailsManager" class="cn.co.xxx.xxxx.xxxx.xxxx.x.UserDetailsManager"/>
-
- <bean id="casAuthenticationProvider"
- class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
- <property name="authenticationUserDetailsService">
- <bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
- <constructor-arg ref="userDetailsManager" />
- </bean>
- </property>
- <property name="serviceProperties" ref="serviceProperties"/>
- <property name="ticketValidator">
- <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
- <constructor-arg index="0" value="http://localhost:8081/cas"/>
- </bean>
- </property>
- <property name="key" value="an_id_for_this_auth_provider_only"/>
- </bean>
-
- <!--
- <security:user-service id="userService">
- <security:user name="joe" password="joe" authorities="ROLE_USER" />
- ...
- </security:user-service>
- -->
-
- <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
- <!--[login/cas]是Spring Security 4.0后修改的地址、跟3.X版本完全不同、请勿修改-->
- <property name="service" value="http://localhost:8080/workflow/login/cas"/>
-
- <property name="sendRenew" value="false"/>
- </bean>
- </beans>
-
3)、UserDetailsManager
4)、logout地址
http://localhost:8080/workflow/logout/cas
5)、https
如果CAS-Server端使用https、请按照普通https配置方式修改即可、注意客户端jre中需要导入证书。同时spring-cas.xml中关于server端的连接需要改为https.
重新启动客户端服务、即可正常访问。
参考资料:[http://docs./spring-security/site/docs/4.0.2.RELEASE/reference/htmlsingle/#get-source]
|