速动画教程第二十九集 单点登录CAS的使用方法

Posted on 2007-04-02 01:36 oksonic 阅读(10295) 评论(13)  编辑  收藏 所属分类: java
 

速动画教程第二十九集

单点登录CAS的使用方法


  下载地址: http://www.oksonic.cn

一.环境

a)         Windows 2003 sp1

b)        JDK1.5.0_11

c)        Tomcat 5.5.23

d)        MySql5.0

二.准备

a)         cas-server-3.0.6.zip 下载地址:http://www.ja-sig.org/products/cas/index.html

b)        cas-client-java-2.1.1.zip 下载地址:同上

c)        安装完jdkjre后,需要配置JAVA_HOMEPATH=%JAVA_HOME%\bin

三.步骤

a)        配置Tomcat使用SSL安全认证

                         i.              使用命令提示符进入到Tomcat安装目录

                       ii.              生成服务端密匙执行以下命令

                     keytool -genkey -alias 别名keyalg RSA -keypass changeit -storepass changeit                           -keystore server.keystore

例:keytool -genkey -alias casserver -keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore

运行后出现提示信息:

输入keystore密码:changeit      这里也填入主机名

您的名字与姓氏是什么?

 [Unknown] localhost           这里一定要填写正确的主机名

您的组织单位名称是什么?

 [Unknown] oksonic

您的组织名称是什么?

 [Unknown] oksonic

您所在的城市或区域名称是什么?

 [Unknown] kunming

您所在的州或省份名称是什么?

 [Unknown] yunnan

该单位的两字母国家代码是什么

 [Unknown] cn

CN=localhost, OU=oksonic, O=oksonic, L=kunming, ST=yunnan, C=cn 正确吗?

 [] y

完成后会在Tomcat目录生成一个名为casserver的文件

                      iii.              生成服务端证书执行以下命令

                            keytool -export -alias casserver -storepass changeit -file server.cer                                     -keystore server.keystore

                            命令执行后生成一个server.cer的证书文件

 

                     iv.              生成客户端密匙执行以下命令

                            keytool -genkey -alias casclient -keyalg RSA -keypass changeit -storepass                                  changeit -keystore client.keystore

                       v.              生成客户端证书执行以下命令

                            keytool -export -alias casclient -storepass changeit -file client.cer                                        -keystore client.keystore

                            命令执行后生成一个server.cer的证书文件

                     vi.              导入证书文件到cacerts 文件中,执行以下命令

                            keytool -import -trustcacerts -alias server -file server.cer -keystore                                      cacerts -storepass changeit

 

                            keytool -import -trustcacerts -alias client -file client.cer -keystore                                        cacerts -storepass changeit

                            cacerts文件,拷贝到<JAVA_HOME>\jre\lib\security目录下

 

                    vii.              拷贝cas-server-3.0.6.zip包内的target目录下的cas.war文件到Tomcat目录下的webapps目录下

                  viii.              修改Tomcat的配置文件server.xml把以下补注释的内容打开

<Connector port="8443" maxHttpHeaderSize="8192"

               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

               enableLookups="false" disableUploadTimeout="true"

               acceptCount="100" scheme="https" secure="true"

               clientAuth="false" sslProtocol="TLS" />

加入红字部份后的内容如下:

         <Connector port="8443" maxHttpHeaderSize="8192"

keystorePass="changeit" keystoreFile="/server.keystore"

               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

               enableLookups="false" disableUploadTimeout="true"

               acceptCount="100" scheme="https" secure="true"

               clientAuth="false" sslProtocol="TLS" />

 

b)        配置客户端应用

                         i.              使用Tomcat的例子jsp-examples来做客户端

                       ii.              打开项目中的web.xml文件,加入以下配置信息

                     <filter>
                             <filter-name>CASFilter</filter-name>
                              <filter-class>
                                    edu.yale.its.tp.cas.client.filter.CASFilter
                             </filter-class>
                             <init-param>
                             <param-name>
                                    edu.yale.its.tp.cas.client.filter.loginUrl
                            </param-name>
                             <param-value>
https://localhost:8443/cas/login</param-value>
                            </init-param> 
                            <init-param>
                               <param-name>
                                          edu.yale.its.tp.cas.client.filter.validateUrl
                                   </param-name>
                            <param-value>
                                  
https://localhost:8443/cas/proxyValidate
                            </param-value>
                     </init-param>
                     <init-param>
                            <param-name>
                                    edu.yale.its.tp.cas.client.filter.serverName
                            </param-name>
                                   <param-value>
localhost:8080</param-value>
                      </init-param>
              </filter>

              <filter-mapping>
              <filter-name>CASFilter</filter-name>
                     <url-pattern>
/ *</url-pattern>
               </filter-mapping>

 

              拷贝cas-client-java-2.1.1.zip包中的casclient.jar到项目的lib目录下

 

              现在可以启动Tomcat来测试一下是否能够进入到登录页

c)         配置CAS使用数据库进行验证

                         i.              MySql中的Test库中新建app_user

       CREATE TABLE `app_user` (
                  `username` varchar(30) NOT NULL default '',
                  `password` varchar(45) NOT NULL default '',
                  PRIMARY KEY  (`username`)
         ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
添加以下用户:
         INSERT INTO `app_user` (`username`,`password`) VALUES

                    ('oksonic','oksonic'),

                    ('oksonic1','oksonic1');

 

                      ii.              修改cas项目中的deployerConfigContext.xml文件

<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
注释掉该行,在其下加入:
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
                            <property name="sql" value="select password from
app_user where username=?" />
                            <property name="dataSource" ref="dataSource" />

                     </bean>
并添加一个bean
    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" destroy-method="close">
       <property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
       <property name="url"><value>jdbc:mysql://localhost:3306/test</value></property>
       <property name="username"><value>test</value></property>
       <property name="password"><value>test</value></property>
    </bean>
拷贝cas-server-jdbc-3.0.6.jarmysql-connector-java-3.1.11-bin.jarwebapps/cas/WEB-INF/lib下。

Feedback

# re: 速动画教程第二十九集 单点登录CAS的使用方法  回复  更多评论   

2007-04-02 13:30 by wuxj888java
我前一阵子也使用了cas作为单点登陆实现方式,但我的用户登陆密码是用MD5加密,我想在cas验证的时候能有MD5进行解密比较密码,也就是你上面的
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="sql" value="select password from app_user where username=?" />
<property name="dataSource" ref="dataSource" />
</bean>
我想其中password取出怎么进行解密?

# re: 速动画教程第二十九集 单点登录CAS的使用方法[未登录]  回复  更多评论   

2007-04-02 15:20 by oksonic
MD5现在没有解密方法.

# re: 速动画教程第二十九集 单点登录CAS的使用方法  回复  更多评论   

2007-04-02 17:11 by wuxj888java
我说的不清楚,我的意思是我的password是加密的,我怎么用明文在cas中与它进行校验?

# re: 速动画教程第二十九集 单点登录CAS的使用方法  回复  更多评论   

2007-04-03 16:30 by asdfasdf
@wuxj888java
直接把明文再次加密就可以判断啦,MD5现在是没有解密 方法的

# re: 速动画教程第二十九集 单点登录CAS的使用方法[未登录]  回复  更多评论   

2007-04-12 11:31 by alpha
HTTP Status 500 -

--------------------------------------------------------------------------------

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

javax.servlet.ServletException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/proxyValidate">https://localhost:8443/cas/proxyValidate] ticket=[ST-5-T2Xm7ANbGlIGxSSKPTyNRD1iTXUjZ1ApaDY-20] service=[http%3A%2F%2Flocalhost%3A8888%2Fjsp-examples%2F] errorCode=[INVALID_SERVICE] errorMessage=[ticket 'ST-5-T2Xm7ANbGlIGxSSKPTyNRD1iTXUjZ1ApaDY-20' does not match supplied service] renew=false entireResponse=[<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas">http://www.yale.edu/tp/cas'>
<cas:authenticationFailure code='INVALID_SERVICE'>
ticket 'ST-5-T2Xm7ANbGlIGxSSKPTyNRD1iTXUjZ1ApaDY-20' does not match supplied service
</cas:authenticationFailure>
</cas:serviceResponse>
]]]]
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)


root cause

edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/proxyValidate">https://localhost:8443/cas/proxyValidate] ticket=[ST-5-T2Xm7ANbGlIGxSSKPTyNRD1iTXUjZ1ApaDY-20] service=[http%3A%2F%2Flocalhost%3A8888%2Fjsp-examples%2F] errorCode=[INVALID_SERVICE] errorMessage=[ticket 'ST-5-T2Xm7ANbGlIGxSSKPTyNRD1iTXUjZ1ApaDY-20' does not match supplied service] renew=false entireResponse=[<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas">http://www.yale.edu/tp/cas'>
<cas:authenticationFailure code='INVALID_SERVICE'>
ticket 'ST-5-T2Xm7ANbGlIGxSSKPTyNRD1iTXUjZ1ApaDY-20' does not match supplied service
</cas:authenticationFailure>
</cas:serviceResponse>
]]]]
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:62)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)


note The full stack trace of the root cause is available in the Apache Tomcat/5.5.16 logs.


--------------------------------------------------------------------------------


我按你的步骤做有这样的错误,请教是什么原因阿

# re: 速动画教程第二十九集 单点登录CAS的使用方法[未登录]  回复  更多评论   

2007-04-12 11:34 by alpha
就是在验证后不能返回到正确的页面,不知道什么地方做错了

# re: 速动画教程第二十九集 单点登录CAS的使用方法  回复  更多评论   

2007-06-07 21:01 by bearhunter
very good

# re: 速动画教程第二十九集 单点登录CAS的使用方法  回复  更多评论   

2007-07-05 10:44 by jjs
重写这个类就可以了
org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler
先将明码md5加密再与数据库比较

# re: 速动画教程第二十九集 单点登录CAS的使用方法  回复  更多评论   

2007-08-14 11:45 by 同声翻译公司
您好,我们公司是一家中国境内的专业翻译公司,从事各专业翻译服务,包括笔译、口译、同声传译和同声传译设备租赁等。我们需要招聘兼职翻译、同传译员和外籍英文校对人员,不知道是否有时间。

希望有机会合作.
郭先生

北京华译网翻译公司
中国专家翻译网
地址:北京海淀区太阳园17号楼405室(北三环西路大钟寺东侧)邮编:100098
电话:010-82115891 82115892 传真010-82130386
上海:上海漕溪北路38号20G (东方商厦后面实业公寓南楼)
电话:021-34240860 34240925 传真:021-34240925

同传租赁 同声传译翻译公司 同声传译设备租赁 同声传译 同声传译设备租赁 同传租赁 北京同传设备租赁 上海同声传译设备租赁 同声传译

# re: 速动画教程第二十九集 单点登录CAS的使用方法  回复  更多评论   

2007-08-26 20:46 by feticiste-galleria-foto@mbxogid11.cn
http://www.giovani-leccatrici-di-sborra.ebxogid11.cn attraente gratuito http://www.maturi-uomini-scopano-giovani.ebxogid11.cn vecchie nudiste com http://www.fotomontaggi-star.qbxogid11.cn freddissimo perfetto fighetta

# re: 速动画教程第二十九集 单点登录CAS的使用方法  回复  更多评论   

2007-11-11 21:14 by feticiste-galleria-foto@mbxogid11.cn
http://www.foto-fiche-bionde.wftzxu02.cn piedini sborrati http://www.grosse-fighe-gratis.wftzxu02.cn piedi e mature http://www.madri-che-scopano.kcdebc02.cn vibratori grandi

# 怎么我成功登录后,抛出如下错误呢?//re: 速动画教程第二十九集 单点登录CAS的使用方法[未登录]  回复  更多评论   

2008-03-10 14:41 by ken
exception

javax.servlet.ServletException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:255)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)

# 怎么我成功登录后,抛出如下错误呢?//re: 速动画教程第二十九集 单点登录CAS的使用方法[未登录]  回复  更多评论   

2008-03-10 14:41 by ken
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:219)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)


root cause

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sun.security.validator.PKIXValidator.doBuild(Unknown Source)
sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
sun.security.validator.Validator.validate(Unknown Source)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:219)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)


只有注册用户登录后才能发表评论。


网站导航:
 

posts - 35, comments - 1104, trackbacks - 0, articles - 0

Copyright © oksonic