首页国产中文字幕,国产乱伦一,成人免费无码激情AV片,殴美一级黑人,日本色播网址,中文久久,超碰操朝鲜女人网,欧美日韩黄色大片

點(diǎn)擊上方藍(lán)色字體，選擇“標(biāo)星公眾號(hào)”

優(yōu)質(zhì)文章，第一時(shí)間送達(dá)

CAS介紹

CAS是一個(gè)單點(diǎn)登錄框架，由耶魯大學(xué)的一個(gè)組織開(kāi)發(fā)。CAS是一個(gè)開(kāi)源項(xiàng)目，代碼目前是在github上管理。單點(diǎn)登錄：Single Sign On,簡(jiǎn)稱(chēng)SSO，SSO使得在多個(gè)應(yīng)用系統(tǒng)中，用戶(hù)只需要登錄一次就可以訪問(wèn)所有相互信任的應(yīng)用系統(tǒng)。通俗理解為一個(gè)應(yīng)用登錄了，其他被授權(quán)的應(yīng)用不用再登錄。之前也寫(xiě)過(guò)一篇sso單點(diǎn)登錄,用redis實(shí)現(xiàn)的,有興趣可以翻翻

cas下載地址:https://github.com/apereo/cas/releases

cas服務(wù)搭建

我們案例下載使用的是CAS4.2,采用HTTPS協(xié)議處理用戶(hù)請(qǐng)求。搭建HTTPS需要咱們生成對(duì)應(yīng)的證書(shū)信息。當(dāng)然也可以通過(guò)配置使其支持http協(xié)議,但畢竟http協(xié)議不安全,所以我們還是學(xué)一下如何搭建本地HTTPS服務(wù).

1.生成秘鑰庫(kù)

keytool -genkey -alias shemuel -keyalg RSA -keystore E:/javaee/cas/keystory/shemeul
其中-alias后面的是密鑰庫(kù)別名,最后的shemeul是要生成的密鑰庫(kù)文件.

命令運(yùn)行后密鑰庫(kù)就生成了,接著就是導(dǎo)出這個(gè)密鑰的證書(shū),運(yùn)行如下命令:

keytool -export -trustcacerts -alias shemuel -file E:/javaee/cas/keystory/shemuel.cer -keystore E:/javaee/cas/keystory/shemuel
前面的路徑是要導(dǎo)出證書(shū)的位置,后面的路徑是之前密鑰庫(kù)的路徑

將證書(shū)導(dǎo)入到JDK證書(shū)庫(kù)

剛才的操作會(huì)根據(jù)我們的秘鑰庫(kù)生成一個(gè)證書(shū)，緊接著我們需要將該證書(shū)導(dǎo)入到JDK的證書(shū)庫(kù)里才能使用。

keytool -import -trustcacerts -alias shemuel -file E:/javaee/cas/keystory/shemuel.cer -keystore "F:/Java/jdk1.8.0_131/jre/lib/security/cacerts"

要求輸入密鑰庫(kù)口令:注意這個(gè)密鑰庫(kù)是jdk的密鑰庫(kù),口令密碼為:changeit

2.tomcat發(fā)布cas服務(wù)端項(xiàng)目

在githib上下載cas服務(wù)端項(xiàng)目 https://github.com/apereo/cas/releases

解壓一個(gè)tomcat，放到D:\workspace\cas\目錄下，把剛才我們下載的cas解壓打開(kāi)target目錄下有個(gè)cas.war 拷貝到tomcat的webapps目錄并解壓，刪除war包。

下載的cas解壓目錄下還有一個(gè)文件target\war\work\org.jasig.cas\cas-server-webapp\WEB-INF\cas.properties，把他拷貝到webapps\cas\WEB-INF目錄下。

修改spring-configuration\propertyFileConfigurer.xml，把location="file:/etc/cas/cas.properties"換成剛才cas.properties的絕對(duì)路徑。

    <util:properties id="casProperties" location="file:D:/workspace/cas/apache-tomcat-8.5.16/webapps/cas/WEB-INF/cas.properties" />

修改tomcat的conf/server.xml，加入如下代碼

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
        maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
        clientAuth="false" sslProtocol="TLS"
        keystoreFile="E:\javaee\cas\keystory\shemuel" 
        keystorePass="123456" />

啟動(dòng)tomcat, bin目錄下的 startup.bat

訪問(wèn) https://shemuel:8443/cas/login

我這里的本地hosts配置了 127.0.0.1 對(duì)應(yīng) shemuel了,有興趣也可以配置一下.

訪問(wèn)后可能出現(xiàn)瀏覽器安全提示,因?yàn)槲覀兊淖C書(shū)是本地的,沒(méi)交錢(qián)所以會(huì)出現(xiàn)警告,添加個(gè)例外繼續(xù)訪問(wèn),看到如下界面就說(shuō)明成功了

登錄名:casuser 密碼:Mellon

這是cas自帶的一個(gè)登錄用戶(hù),我們可以配置數(shù)據(jù)庫(kù)信息,使用我們自己的數(shù)據(jù)庫(kù)表用戶(hù)登錄

3.配置cas數(shù)據(jù)庫(kù)連接池

打開(kāi)webapps\cas\WEB-INF\deployerConfigContext.xml
把32行的<alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" /> 注釋掉。
將如下代碼拷貝到deployerConfigContext.xml中

<!--配置加密算法-->
  <bean id="MD5PasswordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" autowire="byName">
   <constructor-arg  value="MD5"/>
  </bean>
  
  <!--查詢(xún)數(shù)據(jù)所采用什么加密方式-->
  <bean id="queryDatabaseAuthenticationHandler" name="primaryAuthenticationHandler" class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
   <property name="passwordEncoder" ref="MD5PasswordEncoder"/>
  </bean>
  
  <!--名字叫dataSource的Bean取別名叫queryDatabaseDataSource-->
  <alias name="dataSource" alias="queryDatabaseDataSource"/>
  
  <!--配置數(shù)據(jù)源-->
  <bean id="dataSource"
    class="com.mchange.v2.c3p0.ComboPooledDataSource"
    p:driverClass="com.mysql.jdbc.Driver"
    p:jdbcUrl="jdbc:mysql://127.0.0.1:3306/springsecurity?useUnicode=true&amp;characterEncoding=UTF-8&amp;zeroDateTimeBehavior=convertToNull"
    p:user="root"
    p:password="123456"
    p:initialPoolSize="6"
    p:minPoolSize="6"
    p:maxPoolSize="18"
    p:maxIdleTimeExcessConnections="120"
    p:checkoutTimeout="10000"
    p:acquireIncrement="6"
    p:acquireRetryAttempts="5"
    p:acquireRetryDelay="2000"
    p:idleConnectionTestPeriod="30"
    p:preferredTestQuery="select 1"/>
  <!--end  從數(shù)據(jù)庫(kù)中的用戶(hù)表中讀取 -->

把如下jar包拷貝到lib下

配置查詢(xún)語(yǔ)句

修改cas.properties 220行，去掉注釋?zhuān)薷娜缦拢?/span>

修改cas.properties 220行，去掉注釋?zhuān)薷娜缦拢?br>
    cas.jdbc.authn.query.sql=select password from users where username=?

由于此時(shí)我們指定的加密算法為md5了，所以我們需要重新增加一條md5加密的數(shù)據(jù)到數(shù)據(jù)庫(kù)去。

INSERT INTO users(username,password,enabled)VALUES('itheima',(SELECT MD5('123456')),'true');

重啟tomcat，用itheima登錄成功。

CSA實(shí)現(xiàn)單點(diǎn)登錄功能

新建一個(gè)maven工程，配置一下CAS相關(guān)過(guò)濾器，然后訪問(wèn)首頁(yè)。

pom依賴(lài)

    <dependency>
      <groupId>org.jasig.cas.client</groupId>
      <artifactId>cas-client-core</artifactId>
      <version>3.3.3</version>
    </dependency>
    <dependency>
   <groupId>javax.servlet</groupId>
   <artifactId>servlet-api</artifactId>
   <version>2.5</version>
   <scope>provided</scope>
 </dependency>
 <build>
  <plugins>
   <!-- 配置Tomcat插件 -->
   <plugin>
    <groupId>org.apache.tomcat.maven</groupId>
    <artifactId>tomcat7-maven-plugin</artifactId>
    <configuration>
     <port>70</port>
     <!-- http://127.0.0.1:{port}/{path} -->
     <path>/</path>
    </configuration>
   </plugin>

   <plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-compiler-plugin</artifactId>
    <version>3.1</version>
    <configuration>
     <source>1.8</source>
     <target>1.8</target>
    </configuration>
   </plugin>
  </plugins>
 </build>

web.xml

<!-- 用于單點(diǎn)退出，該過(guò)濾器用于實(shí)現(xiàn)單點(diǎn)登出功能，可選配置 -->
  <listener>
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
  </listener>
  <!-- 該過(guò)濾器用于實(shí)現(xiàn)單點(diǎn)登出功能，可選配置。 -->
  <filter>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <!-- 該過(guò)濾器負(fù)責(zé)用戶(hù)的認(rèn)證工作，必須啟用它 -->
  <filter>
    <filter-name>CASFilter</filter-name>
    <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
    <init-param>
      <param-name>casServerLoginUrl</param-name>
       <!--這是cas 服務(wù)端登陸認(rèn)證地址 -->
      <param-value>https://shemuel:8443/cas/login</param-value>
     
    </init-param>
    <init-param>
      <param-name>serverName</param-name>
      <param-value>http://shemuel:70</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>CASFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  
  
  <!--登陸成功后cas server會(huì)重定向到之前要訪問(wèn)的頁(yè)面並攜帶一個(gè)ticket,該ticket需要重新進(jìn)行校驗(yàn)認(rèn)證。 以下過(guò)濾器負(fù)責(zé)對(duì)Ticket的校驗(yàn)工作，必須啟用它 -->
  <filter>
    <filter-name>CAS Validation Filter</filter-name>
    <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
    <init-param>
      <param-name>casServerUrlPrefix</param-name>
      <param-value>https://shemuel:8443/cas</param-value>
    </init-param>
    <init-param>
      <param-name>serverName</param-name>
      <param-value>http://shemuel:70</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <!-- 該過(guò)濾器負(fù)責(zé)實(shí)現(xiàn)HttpServletRequest請(qǐng)求的包裹， 比如允許開(kāi)發(fā)者通過(guò)HttpServletRequest的getRemoteUser()方法獲得SSO登錄用戶(hù)的登錄名，可選配置。 -->
  <filter>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <filter-class>
      org.jasig.cas.client.util.HttpServletRequestWrapperFilter
    </filter-class>
  </filter>
  <filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <!-- 該過(guò)濾器使得開(kāi)發(fā)者可以通過(guò)org.jasig.cas.client.util.AssertionHolder來(lái)獲取用戶(hù)的登錄名。 比如AssertionHolder.getAssertion().getPrincipal().getName()。 -->
  <filter>
    <filter-name>CAS Assertion Thread Local Filter</filter-name>
    <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>CAS Assertion Thread Local Filter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

tomcat運(yùn)行，端口70,出現(xiàn)如下報(bào)錯(cuò)

上面錯(cuò)誤的原因是因?yàn)镃AS默認(rèn)值接受HTTPS有IMAPS協(xié)議請(qǐng)求的認(rèn)證，我們需要把HTTP也給加上去。

打開(kāi)下載的cas項(xiàng)目: cas\WEB-INF\classes\services\HTTPSandIMAPS-10000001.json，修改第3行

"serviceId" : "^(https|imaps)://.*",

改成

"serviceId" : "^(https|imaps|http)://.*",

保存，并重新啟動(dòng)即可。

拷貝casclient-demo1 模擬兩個(gè)客戶(hù)端

拷貝casclien-demo1 改名casclient-demo2 部署，tomcat端口18083，進(jìn)行單點(diǎn)測(cè)試。一個(gè)站點(diǎn)登錄后另外一個(gè)站點(diǎn)就不需要登錄了。

如果運(yùn)營(yíng)一旦出現(xiàn)如下錯(cuò)誤，請(qǐng)調(diào)整tomcat的JDK，和生成秘鑰的JDK保持一致，不要用SDK即可。

java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:407)
 org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:45)
 org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:200)
 org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:206)
 org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:161)
 org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:100)

 Root Cause
 
 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
  sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
  sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
  sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
  sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
  sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
  sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
  sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
  sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
  sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
  sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
  sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
  sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
  sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
  sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
  sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
  sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
  org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:393)
  org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:45)
  org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:200)
  org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:206)
  org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:161)
  org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:100)
 
 Root Cause
 
 sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
  sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
  sun.security.validator.Validator.validate(Validator.java:260)
  sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
  sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
  sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
  sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
  sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
  sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
  sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
  sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
  sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
  sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
  sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
  sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
  sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
  sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
  sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
  sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
  org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:393)
  org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:45)
  org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:200)
  org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:206)
  org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:161)
  org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:100)

cas服務(wù)端和兩個(gè)客戶(hù)端都啟動(dòng)后,我們?cè)L問(wèn)其中一個(gè)客戶(hù)端登錄后,另一個(gè)客戶(hù)端就不需要登錄了說(shuō)明成功!

至此簡(jiǎn)易的單點(diǎn)登錄系統(tǒng)就完成了,后面會(huì)介紹springsecurity 如何整合cas

————————————————

版權(quán)聲明：本文為CSDN博主「Shemuel_Deng」的原創(chuàng)文章，遵循CC 4.0 BY-SA版權(quán)協(xié)議，轉(zhuǎn)載請(qǐng)附上原文出處鏈接及本聲明。

原文鏈接：

https://blog.csdn.net/qq_35249342/article/details/86488393

粉絲福利：Java從入門(mén)到入土學(xué)習(xí)路線圖

??????

??長(zhǎng)按上方微信二維碼 2 秒

感謝點(diǎn)贊支持下哈

CAS實(shí)現(xiàn)SSO單點(diǎn)登錄案例(整合SpringSecurity)