- 浏览: 8991 次
- 性别:
- 来自: 北湾村
最新评论
-
amd157:
jsessionid是验证后写入的了。验证还是用ticket的 ...
搭建cas-server-3.3.1时把一些会错误的过程记下来了 -
kobe学java:
用 localhost 就会是ticket了 但是报错java ...
搭建cas-server-3.3.1时把一些会错误的过程记下来了 -
lhx222:
你好,我想知道,登录后地址栏附加的jsessionid是否解决 ...
搭建cas-server-3.3.1时把一些会错误的过程记下来了
根据网上的几个不同的教程,感谢javaeye里朋友提供了学习文档,搭建CAS,其中把一些会错误的过程记下来了,不过感觉比网上的教程简单,没有重新下载jsse,同时cas客户端的包也是直接用cas-server-3.3.1-release.zip包里的cas-server-3.3.1\modules\cas-server-webapp-3.3.1.war这里的lib目录下cas-client-core-3.1.3.jar.
不过有个疑惑,怎么我这个做法,在登录时去CAS服务端验证通过后在路径的后面显示jsessionid ,不是网上所说的显示ticket,不知大家是怎么样.
1.环境配置:
apache-tomcat-6.0.18
jdk1.6.0_11
cas-server-3.3.1-release.zip
spring2.5
本机用户名:bellone
浏览器:IE6
2.生成密钥:
C:\Program Files\Java\jdk1.6.0_11\bin>keytool -genkey -alias tomcatsso -keypass
changeit -keyalg RSA
输入keystore密码:
再次输入新密码:
[注:这里的密码为changeit,记得在敲上面keytool时注意后面的密码要一样]您的名字与姓氏是什么?
[Unknown]: bellone
[注:网上有说要用本机的名字,不过我试着用localhost好像也可以]
您的组织单位名称是什么?
[Unknown]: doone
您的组织名称是什么?
[Unknown]: doone
您所在的城市或区域名称是什么?
[Unknown]: fj
您所在的州或省份名称是什么?
[Unknown]: fz
该单位的两字母国家代码是什么
[Unknown]: cn
CN=bellone, OU=doone, O=doone, L=fj, ST=fz, C=cn 正确吗?
[否]: y
[注:这里输入y,不是yes,网上也有说输入"是",生成文件在C:/Documents and Settings/wull/.keystore,其中wull为XP的用户名]
3.从keystore中导出别名为tomcatsso的证书:
C:\Program Files\Java\jdk1.6.0_11\bin>keytool -export -alias tomcatsso -keypass
changeit -file tomcatsso_server.crt
输入keystore密码:
保存在文件中的认证 <tomcatsso_server.crt>
4.将tomcatsso.crt导入jre的可信任证书仓库:
C:\Program Files\Java\jdk1.6.0_11\bin>keytool -import -file tomcatsso_server.cr
-keypass changeit -keystore ..\jre\lib\security\cacerts
[注:..\jre\lib\security\cacerts路径要注意是jdk目录下的那个jre]
输入keystore密码:
所有者:CN=bellone, OU=doone, O=doone, L=fj, ST=fz, C=cn
签发人:CN=bellone, OU=doone, O=doone, L=fj, ST=fz, C=cn
序列号:49bce9e3
有效期: Sun Mar 15 19:43:31 CST 2009 至Sat Jun 13 19:43:31 CST 2009
证书指纹:
MD5:18:9F:BB:CA:54:B9:48:39:51:18:79:F8:59:25:42:CB
SHA1:D7:ED:A9:55:0E:3E:76:9C:8C:FC:18:7E:37:49:10:6C:F7:99:8A:A3
签名算法名称:SHA1withRSA
版本: 3
信任这个认证? [否]: y
认证已添加至keystore中
5. 配置Tomcat6.0.18中HTTPS服务
在apache-tomcat-6.0.18\conf\server.xml修改如下:
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:/Documents and Settings/wull/.keystore" keystorePass="changeit"
truststoreFile="C:/Program Files/Java/jdk1.6.0_11/jre/lib/security/cacerts"
clientAuth="false" sslProtocol="TLS"/>
[注:keystoreFile与truststoreFile的路径指向,我是直接采用原生成的文件目录,网上说是.keystore可以拷贝到tomcat里面]
6.配置服务端
将下载cas-server-3.3.1-release.zip/包里的\modules\cas-server-webapp-3.3.1.war拷贝到apache-tomcat-6.0.18\webapps 启动tomcat.
在地址栏里输入:
https://localhost:8443/cas-server/login
随便输入:bellone/bellone就可以登录成功了.
7.配置客户端
我借用了tomcat里的examples工程,
cas-server-3.3.1-release.zip包里的cas-server-3.3.1\modules\cas-server-webapp-3.3.1.war这里的lib目录下cas-client-core-3.1.3.jar.因为在web.xml的设置过滤器要用到,其工作原理可以简单了认为用户访问examples时,触发过滤器转发到CAS服务端,通过https验证成功后又返回到examples.
因为用到spring2.5,网上也有很多人反应监听有问题,也有的报
严重: Error listenerStart
Context [/countries] startup failed due to previous errors
等错误码,应该是少了spring相关的包,所用到相关包(这些都可以在spring的开源包里找到)如下:
asm-2.2.3.jar
asm-commons-2.2.3.jar
asm-util-2.2.3.jar
backport-util-concurrent.jar
c3p0-0.9.1.2.jar
commonj-twm.jar
commons-logging-1.1.jar
ehcache-1.4.1.jar
freemarker.jar
ibatis-2.3.2.715.jar
jamon-2.7.jar
jdo2-api.jar
jstl.jar
jxl.jar
mail.jar
portlet-api.jar
quartz-all-1.6.1-RC1.jar
spring.jar
standard.jar
xapool.jar
xmlsec-1.3.0.jar
[注:我引用了以上这些包,在客户端启动时都没有报错]
在web.xml配置增加如下:
<!--单点登录验证开始,这些监听器的东东最好放在最前面.-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/config/casContext.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- 负责用户认证 -->
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<!-- CAS login 服务地址-->
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://bellone:8443/cas-server/login</param-value>
</init-param>
<init-param>
<param-name>renew</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>gateway</param-name>
<param-value>false</param-value>
</init-param>
<!-- 客户端应用服务地址-->
<init-param>
<param-name>serverName</param-name>
<param-value>http://bellone:8080</param-value>
</init-param>
</filter>
<!--负责Ticket校验-->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>cas.validationfilter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 单点登录结束 -->
用casContext.xml(这种写法也是网上找了)
<?xml version="1.0" encoding="gb2312"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-2.5.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd"
default-autowire="byName" default-lazy-init="true"
>
<bean id="cas.validationfilter" class="org.jasig.cas.client.validation.Cas10TicketValidationFilter">
<property name="ticketValidator">
<ref bean="cas10TicketValidator"/>
</property>
<property name="useSession">
<value>true</value>
</property>
<!-- 客户端应用服务地址-->
<property name="serverName">
<value>http://bellone:8080</value>
</property>
<property name="redirectAfterValidation">
<value>true</value>
</property>
</bean>
<bean id="cas10TicketValidator" class="org.jasig.cas.client.validation.Cas10TicketValidator">
<!-- 这里参数是cas服务器的地址-->
<constructor-arg index="0" value="https://bellone:8443/cas-server" />
</bean>
</beans>
8.运行测试step1:我启动tomcat6.0.18没有出错,如下:
2009-3-28 15:41:33 org.apache.catalina.core.AprLifecycleListener init
信息: The APR based Apache Tomcat Native library which allows optimal performanc
e in production environments was not found on the java.library.path: C:\Program
Files\Java\jdk1.6.0_11\bin;.;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WIND
OWS;C:\Program Files\Java\jdk1.6.0_11\bin;C:\Program Files\Java\jre6\bin;D:\orac
le\wull\product\11.1.0\db_1\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System
32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Com
mon Files\Thunder Network\KanKan\Codecs;C:\Program Files\ThinkPad\ConnectUtiliti
es;C:\Program Files\Intel\Wireless\Bin\;;;C:\Program Files\SSH Communications Se
curity\SSH Secure Shell;C:\Program Files\IDM Computer Solutions\UltraEdit\
2009-3-28 15:41:34 org.apache.coyote.http11.Http11Protocol init
信息: Initializing Coyote HTTP/1.1 on http-8080
2009-3-28 15:41:34 org.apache.coyote.http11.Http11Protocol init
信息: Initializing Coyote HTTP/1.1 on http-8443
2009-3-28 15:41:34 org.apache.catalina.startup.Catalina load
信息: Initialization processed in 1163 ms
2009-3-28 15:41:34 org.apache.catalina.core.StandardService start
信息: Starting service Catalina
2009-3-28 15:41:34 org.apache.catalina.core.StandardEngine start
信息: Starting Servlet Engine: Apache Tomcat/6.0.18
2009-03-28 15:41:36,959 WARN [org.jasig.cas.authentication.handler.support.Simpl
eTestUsernamePasswordAuthenticationHandler] - <org.jasig.cas.authentication.hand
ler.support.SimpleTestUsernamePasswordAuthenticationHandler is only to be used i
n a testing environment. NEVER enable this in a production environment.>
2009-03-28 15:41:37,881 INFO [org.jasig.cas.web.flow.AuthenticationViaFormAction
] - <FormObjectClass not set. Using default class of org.jasig.cas.authenticati
on.principal.UsernamePasswordCredentials with formObjectName credentials and val
idator org.jasig.cas.validation.UsernamePasswordCredentialsValidator.>
2009-3-28 15:41:38 org.springframework.web.context.ContextLoader initWebApplicat
ionContext
信息: Root WebApplicationContext: initialization started
2009-3-28 15:41:38 org.springframework.context.support.AbstractApplicationContex
t prepareRefresh
信息: Refreshing org.springframework.web.context.support.XmlWebApplicationContex
t@1c4a5ec: display name [Root WebApplicationContext]; startup date [Sat Mar 28 1
5:41:38 CST 2009]; root of context hierarchy
2009-3-28 15:41:38 org.springframework.beans.factory.xml.XmlBeanDefinitionReader
loadBeanDefinitions
信息: Loading XML bean definitions from ServletContext resource [/WEB-INF/config
/casContext.xml]
2009-3-28 15:41:38 org.springframework.context.support.AbstractApplicationContex
t obtainFreshBeanFactory
信息: Bean factory for application context [org.springframework.web.context.supp
ort.XmlWebApplicationContext@1c4a5ec]: org.springframework.beans.factory.support
.DefaultListableBeanFactory@771eb1
2009-3-28 15:41:38 org.springframework.beans.factory.support.DefaultListableBean
Factory preInstantiateSingletons
信息: Pre-instantiating singletons in org.springframework.beans.factory.support.
DefaultListableBeanFactory@771eb1: defining beans [cas.validationfilter,cas10Tic
ketValidator]; root of factory hierarchy
ContextListener: attributeAdded('org.springframework.web.context.WebApplicationC
ontext.ROOT', 'org.springframework.web.context.support.XmlWebApplicationContext@
1c4a5ec: display name [Root WebApplicationContext]; startup date [Sat Mar 28 15:
41:38 CST 2009]; root of context hierarchy')
2009-3-28 15:41:38 org.springframework.web.context.ContextLoader initWebApplicat
ionContext
信息: Root WebApplicationContext: initialization completed in 301 ms
2009-3-28 15:41:39 org.apache.coyote.http11.Http11Protocol start
信息: Starting Coyote HTTP/1.1 on http-8080
2009-3-28 15:41:39 org.apache.coyote.http11.Http11Protocol start
信息: Starting Coyote HTTP/1.1 on http-8443
2009-3-28 15:41:39 org.apache.jk.common.ChannelSocket init
信息: JK: ajp13 listening on /0.0.0.0:8009
2009-3-28 15:41:39 org.apache.jk.server.JkMain start
信息: Jk running ID=0 time=0/40 config=null
2009-3-28 15:41:39 org.apache.catalina.startup.Catalina start
信息: Server startup in 4728 ms
step2:输入:http://bellone:8080/examples/servlets/servlet/HelloWorldExample
弹出一个[安全警报]框,选择[是].就可以跳转的地址如:
https://bellone:8443/cas-server/login?service=http%3A%2F%2Fbellone%3A8080%2Fexamples%2Fservlets%2Fservlet%2FHelloWorldExample
这里可以发现service所带的参数就是你的目标地址,只是这里配置的过滤器,全部转到https://bellone:8443/cas-server/login
控制多显示了如下所示:
2009-03-28 15:50:01,915 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - <
Setting path for cookies to: /cas-server>
2009-03-28 15:50:02,857 INFO [org.jasig.cas.ticket.registry.support.DefaultTicke
tRegistryCleaner] - <Starting cleaning of expired tickets from ticket registry a
t [Sat Mar 28 15:50:02 CST 2009]>
2009-03-28 15:50:02,857 INFO [org.jasig.cas.ticket.registry.support.DefaultTicke
tRegistryCleaner] - <0 found to be removed. Removing now.>
2009-03-28 15:50:02,867 INFO [org.jasig.cas.ticket.registry.support.DefaultTicke
tRegistryCleaner] - <Finished cleaning of expired tickets from ticket registry a
t [Sat Mar 28 15:50:02 CST 2009]>
step3:随便输入密码与用户名一样的都可以重定向到目标地址.控制台继续显示如下信息:
2009-03-28 15:51:02,412 INFO [org.jasig.cas.authentication.AuthenticationManager
Impl] - <AuthenticationHandler: org.jasig.cas.authentication.handler.support.Sim
pleTestUsernamePasswordAuthenticationHandler successfully authenticated the user
which provided the following credentials: [username: a]>
2009-03-28 15:51:02,422 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] -
<Granted service ticket [ST-1-mdkitoYRRrIDPqvzpdyk-cas] for service [http://bell
one:8080/examples/servlets/servlet/HelloWorldExample] for user [a]>
这里出现了与网上的提示不一样了信息,即地址栏上是:
http://bellone:8080/examples/servlets/servlet/HelloWorldExample;jsessionid=E5DBFDEA6E38EACE9AC126AB2A7A4968
是jsessionid,而不是ticket,也不知为什么?????难道3.3.1版就是这样.
评论
3 楼
amd157
2012-05-15
jsessionid是验证后写入的了。验证还是用ticket的,你用firebug或者httpwatch查看一下浏览器的请求看看。我猜的。呵呵
2 楼
kobe学java
2012-02-22
用 localhost 就会是ticket了 但是报错
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPath
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPath
1 楼
lhx222
2011-11-03
你好,我想知道,登录后地址栏附加的jsessionid是否解决?
相关推荐
VisualSVN-Server-3.3.1-x64 一站式解决修改密码! copy VisualSVN Server目录下文件到VisualSVN Server的安装目录...包含VisualSVN-Server-3.3.1-x64安装文件。 mod_cgi提自httpd-2.2.29-x64-r4 win7 64位系统测试OK!
"cas-server-support-jdbc-3.3.1.rar" 是一个包含CAS服务器数据库支持的组件,主要用于存储和验证用户身份信息。 在CAS3中,数据库支持是通过`cas-server-support-jdbc-3.3.1.war`这个war文件实现的,这是一个Web...
1. 获取安装包:VisualSVN Server 3.3.1 x64的安装文件为"VisualSVN-Server-3.3.1-x64.msi",这个msi文件包含了所有必要的组件,包括Subversion库和Apache HTTP Server,以及用于管理SVN仓库和用户的直观界面。...
ext-3.3.1ext-3.3.1ext-3.3.1ext-3.3.1ext-3.3.1ext-3.3.1
赠送原API文档:commons-lang3-3.3.1-javadoc.jar; 赠送源代码:commons-lang3-3.3.1-sources.jar; 赠送Maven依赖信息文件:commons-lang3-3.3.1.pom; 包含翻译后的API文档:commons-lang3-3.3.1-javadoc-API文档...
赠送原API文档:commons-lang3-3.3.1-javadoc.jar; 赠送源代码:commons-lang3-3.3.1-sources.jar; 赠送Maven依赖信息文件:commons-lang3-3.3.1.pom; 包含翻译后的API文档:commons-lang3-3.3.1-javadoc-API文档...
jquery-3.3.1.js和jquery-3.3.1.min.js免费下载哈。jquery-3.3.1.js和jquery-3.3.1.min.js免费下载哈。jquery-3.3.1.js和jquery-3.3.1.min.js免费下载哈。jquery-3.3.1.js和jquery-3.3.1.min.js免费下载哈。jquery-...
Java_apache-maven-3.3.1.rar_安装包_kaic Java_apache-maven-3.3.1.rar_安装包_kaic Java_apache-maven-3.3.1.rar_安装包_kaic Java_apache-maven-3.3.1.rar_安装包_kaic Java_apache-maven-3.3.1.rar_安装包_kaic ...
Ubuntu虚拟机HADOOP集群搭建eclipse环境 hadoop-eclipse-plugin-3.3.1.jar
jeecg-framework-3.3.1.beta.zipjeecg-framework-3.3.1.beta.zipjeecg-framework-3.3.1.beta.zipjeecg-framework-3.3.1.beta.zipjeecg-framework-3.3.1.beta.zipjeecg-framework-3.3.1.beta.zipjeecg-framework-...
标题提到的"VisualSVN-Server-2.1.3"和"VisualSVN-Server-3.3.1"是两个不同的版本,分别代表了该软件在不同时期的发展状态。 2.1.3版是较早的一个版本,您提到它在Win7 64位和Server 2003上运行正常,这表明...
[root@pass ~]# tar -zxvf nginx-1.26.2-openssl-3.3.1-202408061908-Kylin-Server-V10_U1-arm64.tar.gz 2. 查看目录中内容 [root@pass nginx]# ls nginx.service nginx.tar.gz setup.sh 3.安装 [root@pass nginx]# ...
asm-commons-3.3.1.jar
kafka-schema-registry-client-3.3.1.jar包,在aliyun 仓库内无法下载,可以下载此jar包然后手动安装
首先,你需要下载VisualSVN Server 3.3.1的安装包,这里提供的是`VisualSVN-Server-3.3.1-win32.msi`。双击安装,按照向导指示完成安装。在安装过程中,可以选择默认设置或自定义安装路径和组件。 4. **配置...
标题中的"gatling-charts-highcharts-bundle-3.3.1-bundle.zip"表明这是一个包含Gatling-Charts-Highcharts-Bundle 3.3.1版本的压缩包文件。这个版本可能包含了该工具的所有组件,包括Gatling的执行引擎、Highcharts...
很多人为了配置jpa找这个动态产生字节码的jar文件,hibernate-distribution-3.3.1.GA包太大,而hibernate-distribution-3.3.2.GA的jar没有这个jar文件,希望对大家有用
selenium下载的,亲测可用
解压"richfaces-ui-3.3.1.GA-bin"后,开发者通常会将jar文件添加到项目的类路径中,然后在JSF页面中引入并使用RichFaces组件。同时,配置文件如web.xml也需要进行相应的设置,以便启用RichFaces的功能。 总结,...