自律自由

yaogang

0%

cas server 部署(SSO,基于数据库MD5密码验证)

发表于 更新于 分类于

####1.概述

1
2
第一次部署,很多不懂和可能理解错误的地方,如有误导请谅解!
作为小白,完全不懂cas,首先百度了解概念,然后去官网看一下,架构图非常清晰,但对于认证的原理不太懂,交给技术吧,然后就结合百度和官网文档进行部署,其实很简单,但是还是遇到很多问题,所以简单记录一下。

官网链接

架构说明

认证方式

1
2
3
4
5
6
#环境
os version:           CentOS release 6.9 (Final)
java version:         "1.8.0_141"
Server version:       Apache Tomcat/7.0.81
cas server version:   version: 4.2.7         #20181016最新版本为6.0.x:要求jdk11
db version:           oracle12.2.0.1|mysql 5.7.4

15397538113481539754416921

1
2
上面左边是架构图:    cas主要分为client和server,client一般拦截保护资源的访问请求重定向到cas server,再通过支持的协议进行交互,到达sso的目的。client、协议、认证方式都支持多种,比如ldap认证、数据库认证、ad认证,cas server是严重依赖spring Freamwork。
上面右边是web流程图: 主要是browser和client和server的交互流程,偏重开发,我本次主要部署cas server。

####2.准备war包
参考地址

maven工程下载地址

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
1.使用eclipse导入exist的maven工程,上面下载那个
2.修改pom.xml,加入:
------------------------------------------------------------
    <dependencies> 
        <dependency>
            <groupId>org.jasig.cas</groupId>
            <artifactId>cas-server-webapp</artifactId>
            <version>${cas.version}</version>
            <type>war</type>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>5.1.47</version>
        </dependency>
        <dependency>
            <groupId>org.jasig.cas</groupId>
            <artifactId>cas-server-support-jdbc</artifactId>
            <version>${cas.version}</version>
        </dependency>
    </dependencies>
------------------------------------------------------------
3.run as maven install(注意,这里直接添加mysql驱动,如果是oracle,由于驱动收费,maven找不到,没有自己装oracle驱动依赖,后面直接吧ojdbc6.jar放到了webapps/cas/WEB-INF/lib下面即可)
4.将jar拷贝到tomcat/webapps下面

####3.部署war包

1
2
3
4
5
6
7
8
9
10
11
12
1.先配置java,注意cas越新需要依赖的java也越新,此cas4.2.7只是1.7+,我使用1.8
2.配置tomcat https,其实使用http也行,只不过登录cas server时会有警告,但也能登录,不知道后面实现sso有没有影响
[tomcat配置https](https://www.jianshu.com/p/55079be27dc3)
3.新建默认cas配置文件:/etc/cas/cas.properties 或者自定义配置文件,修改tomcat7/webapps/cas/WEB-INF/spring-configuration/propertyFileConfigurer.xml文件最后面
4.创建自定义用户casuser: 在cas.properties文件中增加一行配置:
------------------------------------------------------------
accept.authn.users=casuser::Mellon
------------------------------------------------------------
5.启动tomcat,访问cas server
http://localhost:8080/cas/  或者https地址  https://lcoalhost/cas/ (前提是配置了443端口的https服务)
使用刚刚定义的用户 casuser/Mellon 即可显示登录成功

####4.配置数据库认证

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#mysql认证
1.先修改tomcat7/webapps/cas/WEB-INF/deployerConfigContext.xml 配置文件
将<alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" /> 注释
再添加:
------------------------------------------------------------
<bean id="dataSource"
  class="com.mchange.v2.c3p0.ComboPooledDataSource"
  p:driverClass="${database.driverClass}"
  p:jdbcUrl="${database.url}"
  p:user="${database.user}"
  p:password="${database.password}"
  p:initialPoolSize="${database.pool.minSize}"
  p:minPoolSize="${database.pool.minSize}"
  p:maxPoolSize="${database.pool.maxSize}"
  p:maxIdleTimeExcessConnections="${database.pool.maxIdleTime}"
  p:checkoutTimeout="${database.pool.maxWait}"
  p:acquireIncrement="${database.pool.acquireIncrement}"
  p:acquireRetryAttempts="${database.pool.acquireRetryAttempts}"
  p:acquireRetryDelay="${database.pool.acquireRetryDelay}"
  p:idleConnectionTestPeriod="${database.pool.idleConnectionTestPeriod}"
  p:preferredTestQuery="${database.pool.connectionHealthQuery}" />

<alias name="defaultPasswordEncoder" alias="passwordEncoder" />
<alias name="queryDatabaseAuthenticationHandler" alias="primaryAuthenticationHandler" />
<alias name="dataSource" alias="queryDatabaseDataSource" />
------------------------------------------------------------
2.在cas.properties文件中定义数据源值
------------------------------------------------------------
cas.authn.password.encoding.char=UTF-8    #配置密码编码
cas.authn.password.encoding.alg=MD5       #配置密码MD5加密(只会加密为小写)
#cas.authn.password.encoding.alg=SHA-256  #配置密码SHA-256加密
cas.jdbc.authn.query.sql=select pwd from cas_test where user=?    #查询密码字段即可
locale.default=zh_CN    #指定首页语言
# == Basic database connection pool configuration ==    #c3p0连接池数据源配置
database.driverClass=com.mysql.jdbc.Driver
database.url=jdbc:mysql://10.151.0.208:3306/multiple-srm-mobile-dev?useUnicode=true&characterEncoding=utf8&useSSL=true
database.user=root
database.password=handhand
database.pool.minSize=6
database.pool.maxSize=18
# Maximum amount of time to wait in ms for a connection to become
# available when the pool is exhausted
database.pool.maxWait=10000
# Amount of time in seconds after which idle connections
# in excess of minimum size are pruned.
database.pool.maxIdleTime=120
# Number of connections to obtain on pool exhaustion condition.
# The maximum pool size is always respected when acquiring
# new connections.
database.pool.acquireIncrement=6
# == Connection testing settings ==
# Period in s at which a health query will be issued on idle
# connections to determine connection liveliness.
database.pool.idleConnectionTestPeriod=30
# Query executed periodically to test health
database.pool.connectionHealthQuery=select 1 from dual
# == Database recovery settings ==
# Number of times to retry acquiring a _new_ connection
# when an error is encountered during acquisition.
database.pool.acquireRetryAttempts=5
# Amount of time in ms to wait between successive aquire retry attempts.
database.pool.acquireRetryDelay=2000
------------------------------------------------------------

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#oracle认证
#注意前面war中已经添加了mysql驱动,oracle需要自己添加相应的驱动到WEB-INF/lib下面

1. 同样,修改tomcat7/webapps/cas/WEB-INF/deployerConfigContext.xml 配置文件
------------------------------------------------------------
#配置和mysql的配置一样,省略
------------------------------------------------------------
2. 再修改cas.properties配置文件,添加数据源的值,密码加密方式,sql查询即可(要注意12c--jdbc:oracle:thin:@127.0.0.0:1521/xxx_dev,11g--jdbc:oracle:thin:@127.0.0.0:1521:xxx_dev)
------------------------------------------------------------
#accept.authn.users=casuser::Mellon
cas.authn.password.encoding.char=UTF-8
cas.authn.password.encoding.alg=MD5
#cas.authn.password.encoding.alg=SHA-256
cas.jdbc.authn.query.sql=select lower(MD5_USER_PASSWORD) from sys_user where user_name=upper(?)
cas.jdbc.authn.query.encode.alg=MD5
locale.default=zh_CN
#cas.principal.transform.upperCase=true
# == Basic database connection pool configuration ==
database.driverClass=oracle.jdbc.driver.OracleDriver
database.url=jdbc:oracle:thin:@127.0.0.0:1521/xxx_dev
database.user=*
database.password=*
database.pool.minSize=6
database.pool.maxSize=18
# Maximum amount of time to wait in ms for a connection to become
# available when the pool is exhausted
database.pool.maxWait=10000
# Amount of time in seconds after which idle connections
# in excess of minimum size are pruned.
database.pool.maxIdleTime=120
# Number of connections to obtain on pool exhaustion condition.
# The maximum pool size is always respected when acquiring
# new connections.
database.pool.acquireIncrement=6
# == Connection testing settings ==
# Period in s at which a health query will be issued on idle
# connections to determine connection liveliness.
database.pool.idleConnectionTestPeriod=30
# Query executed periodically to test health
database.pool.connectionHealthQuery=select 1 from dual
# == Database recovery settings ==
# Number of times to retry acquiring a _new_ connection
# when an error is encountered during acquisition.
database.pool.acquireRetryAttempts=5
# Amount of time in ms to wait between successive aquire retry attempts.
database.pool.acquireRetryDelay=2000
------------------------------------------------------------
#要注意cas加密的MD5密码为32位小写

重启tomcat即可通过数据库密码登录成功