CAS-单点登录环境安装+JDBC支持配置

由于工作原因，很久没有写点东西了。

写在另一个博客上：

http://cid-5c0c98dd2e25c135.spaces.live.com/blog/cns!5C0C98DD2E25C135!128.entry

哎，space太慢了，很久没有使用了，还不容易使用一次啊，还赶上了逼迁啊。算了，还是使用国内的吧。

可恶的网易，这技术文章也要阉割，好吧，我直接贴出来。

 

 

一：软件准备

apache-tomcat-6.0.26

mysql5.1

cas-server-3.4.2.1-release

cas-client-3.1.10-release

 

二：安装数据库

参见在win7下安装绿色版mysql

三：配置cas-服务端

1）将cas.war文件拷贝到tomcat webapps目录下面

2）增加jdbc数据库支持

将Mysql数据库驱动（mysql-connector-java-5.1.13-bin.jar）拷贝到apache-tomcat-6.0.26\lib目录，或者拷贝apache-tomcat-6.0.26\webapps\cas\WEB-INF\lib目录

为了方便我将驱动包拷贝到了apache-tomcat-6.0.26\lib目录。

修改文件：deployerConfigContext.xml

<property name="authenticationHandlers">
			<list>
				<!--
					| This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
					| a server side SSL certificate.
					+-->
				<!--
				<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
					p:httpClient-ref="httpClient" />
				-->
				
				<!--
					| This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS 
					| into production.  The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
					| where the username equals the password.  You will need to replace this with an AuthenticationHandler that implements your
					| local authentication strategy.  You might accomplish this by coding a new such handler and declaring
					| edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
					+-->
				<!-- 	
				<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
				-->
				
				<!-- jdbc  -->
				<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
					<property name="sql" value="select sPassword from tbosstaff where sStaffAccount=?" />
          <property name="dataSource" ref="dataSource" />
				</bean>
				
				
			</list>
		</property>
	</bean>

增加数据源配置

  <!-- jdbc DataSource -->
        <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" >
                <property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
                <property name="url"><value>jdbc:mysql://localhost:3306/dzyw-cas</value></property>
                <property name="username"><value>root</value></property>
                <property name="password"><value></value></property>
        </bean>

四：配置cas-客户端

以tomcat里面的docs应用作为客户端来完成本次配置

1）在docs/WEB-INF下面建立lib文件夹

2）将cas-client-core-3.1.10.jar和commons-logging-1.1.jar拷贝到docs/WEB-INF/lib下面

3）权限认证过滤器配置

修改web.xml文件

<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
   version="2.5"> 

  <display-name>Tomcat Documentation</display-name>
  <description>
     Tomcat Documentation.
  </description>
  
  <filter>
  	<filter-name>CAS Authentication Filter</filter-name>
  	<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
  	<init-param>
  		<param-name>casServerLoginUrl</param-name>
  		<param-value>http://localhost:8081/cas/login</param-value>
  	</init-param>
		<init-param>
			<param-name>serverName</param-name>
			<param-value>http://localhost:8081</param-value>
		</init-param>
</filter>

<filter-mapping>
      <filter-name>CAS Authentication Filter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>


</web-app>

4）登出配置

A）使用过滤器的方式

B）使用监听器的方式

四：测试

1）测试是否是否能够登录系统

使用ie访问http://localhost:8081/docs ，会自动切换到CAS-OSS的登录页面，输入数据库中保存的用户名和密码，则可以正常跳转到docs。

五：思考问题

1）数据库的密码使用加密的方式，cas怎么配置？

2）本问中的数据源使用的是简单的jdbc连接，实际项目总可能需要使用JNDI或者数据库连接池这些配置应该怎么配置？

3）怎么将登录者的信息在整个环境中传递？

4）怎么对CAS服务端做压力测试。