1、下载CAS服务器
CAS 官网:http://www.jasig.org/cas 下载,这可能需要FQ
CAS下载:http://downloads.jasig.org/cas/
2、应用CAS
1)下载 CAS 服务器最新版:cas-server-3.5.2-release.zip
2)解压程序包
3)复制 cas-server-3.5.2/modules/cas-server-webapp-3.5.2.war 到 Tomcat 的 webapps 目录下,并重命名为 ROOT.war
3、创建密钥库
1 | keytool -genkeypair -alias "cas" -keyalg "RSA" -keystore "F:syncjavaKeyscas.keystore" |
4、导出到证书文件
1、“名字与姓氏”应该是域名,若输成了姓名,和真正运行的时候域名不符,会出问题;
1 | keytool -export-alias cas -file "F:syncjavaKeyscas.crt" -keystore "F:syncjavaKeyscas.keystore" |
5、为JVM导入证书
1 | keytool -import -keystore "%JAVA_HOME%jrelibsecuritycacerts" -file "F:syncjavaKeyscas.crt" -alias cas |
1)可能遇到以下错误 (删除cacerts)
1 | java.io.IOException:Keystore was tampered with, or password was incorrect |
1 | keytool -delete-keystore "%JAVA_HOME%jrelibsecuritycacerts" -alias cas //删除操作 |
2)没有导入证书
1 | javax.net.ssl.SSLException: java.lang.RuntimeException:Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty |
3)创建密钥库的时候没有填localhost为你的名字,注意cas server有用到ca证书
1 | javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:No name matching localhost found |
注意:你有多个java环境的时候
6、修改tomcat配置
clientAuth:设置是否双向验证,默认为false,设置为true代表双向验证
keystoreFile:服务器证书文件路径
keystorePass:服务器证书密码
truststoreFile:用来验证客户端证书的根证书,此例中就是服务器证书
truststorePass:根证书密码
1 | < Connectorport = "8443" protocol = "org.apache.coyote.http11.Http11Protocol" maxThreads = "150" SSLEnabled = "true" scheme = "https" secure = "true" clientAuth = "false" sslProtocol = "TLS" /> |
1)找到以下配置加入keystoreFile、keystorePass
7、登录cas服务器
1)https://localhost:8443/login(注意是HTTPS)
2)账号密码相同即登录成功
3)退出时:https://localhost:8443/login
8、修改密码
1)为了能访问数据库还得做如下配置:WEB-INFO/deployerConfigContext.xml
1 2 3 4 5 6 7 8 9 10 | <!--注释 --> < bean class = "org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> <!--加入 --> < bean class = "org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler" > < property name = "dataSource" ref = "dataSource" ></ property > < property name = "sql" value = "select password from users where userName=?" ></ property > <!--<property name="passwordEncoder" ref="MD5PasswordEncoder"></property> --> </ bean > |
2)在最下面加入
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | < bean id = "dataSource" class = "org.springframework.jdbc.datasource.DriverManagerDataSource" > < property name = "driverClassName" > < value >com.mysql.jdbc.Driver</ value > </ property > < property name = "url" > </ value > </ property > < property name = "username" > < value >root</ value > </ property > < property name = "password" > < value >123456</ value > </ property > </ bean > < bean id = "MD5PasswordEncoder" class = "org.jasig.cas.authentication.handler.DefaultPasswordEncoder" > < constructor-argindex => < value >MD5</ value > </ constructor-arg > </ bean > |
3)然后从解压目录下拷贝cas-server-support-jdbc-3.5.2.jar,再下载mysql-connector-java-5.1.26-bin.jar,将这两个文件拷贝到%CATALINA_HOME%/webapps/cas/WEB-INF/lib目录下
注:数据库确定有t_cas_user表,id, userName,password