cas server 系统部署

发布于 2023-04-20 00:09:34 字数 8607 浏览 101 评论 0

cas server 部署（SSO，基于数据库MD5密码验证）

1.概述

第一次部署，很多不懂和可能理解错误的地方，如有误导请谅解！

作为小白，完全不懂cas，首先百度了解概念，然后去官网看一下，架构图非常清晰，但对于认证的原理不太懂，交给技术吧，然后就结合百度和官网文档进行部署，其实很简单，但是还是遇到很多问题，所以简单记录一下。

# 环境
os version:           CentOS release 6.9 (Final)
java version:         "1.8.0_141"
Server version:       Apache Tomcat/7.0.81
cas server version:   version: 4.2.7         #20181016最新版本为6.0.x：要求jdk11
db version:           oracle12.2.0.1|mysql 5.7.4

上面左边是架构图： cas 主要分为 client 和 server，client 一般拦截保护资源的访问请求重定向到 cas server，再通过支持的协议进行交互，到达sso的目的。client、协议、认证方式都支持多种，比如 ldap 认证、数据库认证、ad 认证，cas server 是严重依赖 spring Freamwork。

上面右边是web流程图：主要是 browser 和 client 和 server 的交互流程，偏重开发，我本次主要部署cas server。

2.准备war包

1.使用 eclipse 导入 exist 的 maven 工程，上面下载那个
2.修改 pom.xml，加入：

<dependencies> 
    <dependency>
        <groupId>org.jasig.cas</groupId>
        <artifactId>cas-server-webapp</artifactId>
        <version>${cas.version}</version>
        <type>war</type>
        <scope>runtime</scope>
    </dependency>
    <dependency>
        <groupId>mysql</groupId>
        <artifactId>mysql-connector-java</artifactId>
        <version>5.1.47</version>
    </dependency>
    <dependency>
        <groupId>org.jasig.cas</groupId>
        <artifactId>cas-server-support-jdbc</artifactId>
        <version>${cas.version}</version>
    </dependency>
</dependencies>

3.run as maven install（注意，这里直接添加mysql驱动，如果是oracle，由于驱动收费，maven 找不到，没有自己装 oracle 驱动依赖，后面直接吧 ojdbc6.jar 放到了 webapps/cas/WEB-INF/lib 下面即可）

4.将 jar 拷贝到 tomcat/webapps下面

3.部署 war 包

1.先配置 java，注意cas越新需要依赖的java也越新，此cas4.2.7只是1.7+，我使用1.8
2.配置tomcat https,其实使用http也行，只不过登录cas server时会有警告，但也能登录，不知道后面实现 sso 有没有影响，tomcat 配置 https

3.新建默认 cas 配置文件：/etc/cas/cas.properties 或者自定义配置文件，修改tomcat7/webapps/cas/WEB-INF/spring-configuration/propertyFileConfigurer.xml文件最后面

4.创建自定义用户casuser：在 cas.properties 文件中增加一行配置：

accept.authn.users=casuser::Mellon

5.启动 tomcat，访问 cas server，http://localhost:8080/cas/ 或者 https 地址 https://lcoalhost/cas/ （前提是配置了443端口的 https 服务）使用刚刚定义的用户 casuser/Mellon 即可显示登录成功

4.配置数据库认证

mysql 认证

1.先修改 tomcat7/webapps/cas/WEB-INF/deployerConfigContext.xml 配置文件，将 <alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" /> 注释，再添加：

<bean
 
  p:driverClass="${database.driverClass}"
  p:jdbcUrl="${database.url}"
  p:user="${database.user}"
  p:password="${database.password}"
  p:initialPoolSize="${database.pool.minSize}"
  p:minPoolSize="${database.pool.minSize}"
  p:maxPoolSize="${database.pool.maxSize}"
  p:maxIdleTimeExcessConnections="${database.pool.maxIdleTime}"
  p:checkoutTimeout="${database.pool.maxWait}"
  p:acquireIncrement="${database.pool.acquireIncrement}"
  p:acquireRetryAttempts="${database.pool.acquireRetryAttempts}"
  p:acquireRetryDelay="${database.pool.acquireRetryDelay}"
  p:idleConnectionTestPeriod="${database.pool.idleConnectionTestPeriod}"
  p:preferredTestQuery="${database.pool.connectionHealthQuery}" />

<alias name="defaultPasswordEncoder" alias="passwordEncoder" />
<alias name="queryDatabaseAuthenticationHandler" alias="primaryAuthenticationHandler" />
<alias name="dataSource" alias="queryDatabaseDataSource" />

2.在 cas.properties 文件中定义数据源值

cas.authn.password.encoding.char=UTF-8    #配置密码编码
cas.authn.password.encoding.alg=MD5       #配置密码MD5加密（只会加密为小写）
#cas.authn.password.encoding.alg=SHA-256  #配置密码SHA-256加密
cas.jdbc.authn.query.sql=select pwd from cas_test where user=?	#查询密码字段即可
locale.default=zh_CN	#指定首页语言
# == Basic database connection pool configuration ==	#c3p0连接池数据源配置
database.driverClass=com.mysql.jdbc.Driver
database.url=jdbc:mysql://10.151.0.208:3306/multiple-srm-mobile-dev?useUnicode=true&amp;characterEncoding=utf8&useSSL=true
database.user=root
database.password=handhand
database.pool.minSize=6
database.pool.maxSize=18
# Maximum amount of time to wait in ms for a connection to become
# available when the pool is exhausted
database.pool.maxWait=10000
# Amount of time in seconds after which idle connections
# in excess of minimum size are pruned.
database.pool.maxIdleTime=120
# Number of connections to obtain on pool exhaustion condition.
# The maximum pool size is always respected when acquiring
# new connections.
database.pool.acquireIncrement=6
# == Connection testing settings ==
# Period in s at which a health query will be issued on idle
# connections to determine connection liveliness.
database.pool.idleConnectionTestPeriod=30
# Query executed periodically to test health
database.pool.connectionHealthQuery=select 1 from dual
# == Database recovery settings ==
# Number of times to retry acquiring a _new_ connection
# when an error is encountered during acquisition.
database.pool.acquireRetryAttempts=5
# Amount of time in ms to wait between successive aquire retry attempts.
database.pool.acquireRetryDelay=2000

oracle 认证

注意前面 war 中已经添加了 mysql 驱动，oracle 需要自己添加相应的驱动到 WEB-INF/lib 下面

同样，修改 tomcat7/webapps/cas/WEB-INF/deployerConfigContext.xml 配置文件

# 配置和mysql的配置一样，省略

再修改 cas.properties 配置文件，添加数据源的值，密码加密方式，sql 查询即可（要注意 12c--jdbc:oracle:thin:@127.0.0.0:1521/xxx_dev，11g--jdbc:oracle:thin:@127.0.0.0:1521:xxx_dev）

# accept.authn.users=casuser::Mellon
cas.authn.password.encoding.char=UTF-8
cas.authn.password.encoding.alg=MD5
#cas.authn.password.encoding.alg=SHA-256
cas.jdbc.authn.query.sql=select lower(MD5_USER_PASSWORD) from sys_user where user_name=upper(?)
cas.jdbc.authn.query.encode.alg=MD5
locale.default=zh_CN
#cas.principal.transform.upperCase=true
# == Basic database connection pool configuration ==
database.driverClass=oracle.jdbc.driver.OracleDriver
database.url=jdbc:oracle:thin:@127.0.0.0:1521/xxx_dev
database.user=*
database.password=*
database.pool.minSize=6
database.pool.maxSize=18
# Maximum amount of time to wait in ms for a connection to become
# available when the pool is exhausted
database.pool.maxWait=10000
# Amount of time in seconds after which idle connections
# in excess of minimum size are pruned.
database.pool.maxIdleTime=120
# Number of connections to obtain on pool exhaustion condition.
# The maximum pool size is always respected when acquiring
# new connections.
database.pool.acquireIncrement=6
# == Connection testing settings ==
# Period in s at which a health query will be issued on idle
# connections to determine connection liveliness.
database.pool.idleConnectionTestPeriod=30
# Query executed periodically to test health
database.pool.connectionHealthQuery=select 1 from dual
# == Database recovery settings ==
# Number of times to retry acquiring a _new_ connection
# when an error is encountered during acquisition.
database.pool.acquireRetryAttempts=5
# Amount of time in ms to wait between successive aquire retry attempts.
database.pool.acquireRetryDelay=2000

要注意 cas 加密的 MD5 密码为 32 位小写，重启 tomcat 即可通过数据库密码登录成功

分享到QQ

分享到微博