CAS 4.2.x webapp使用介绍
请到CAS官网下载对应版本,本文以 CAS4.2.1版本为例。
1、下载cas-4.2.1.zip,并解压。可以看到有一批子项目,其中cas-server-webapp为web工程,使用gradle编译、打包后生成cas-server-webapp-4.2.1.war
可以在cas-4.2.1根目录下执行(首次执行会下载依赖,耗时较长)
gradle clean build -x test --info -DskipVersionConflict=true
2、将cas-server-webapp-4.2.1.war改名为cas.war放到tomcat的webapps目录下,启动即可。
使用url访问,如:http://192.167.48.128:8080/cas,可以打开CAS登录界面,用户名:casuser,密码:Mellon,即可登录成功。
用户名及密码默认在配置文件webapps/cas/WEB-INF/cas.properties中配置,如下
# Accepted Users Authentication
#
accept.authn.users=casuser::Mellon
3、我们也可以将其改为数据库的方式,即将用户名密码保存到数据库中
创建一个表并初始化一条记录,接下来cas-server将使用此数据完成验证
DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
`username` varchar(50) NOT NULL,
`password` varchar(50) NOT NULL,
PRIMARY KEY (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
insert into users values ('hode','123456');
4、使用数据库需要cas-server-support-jdbc的支持,在此依赖中的目录cas-4.2.1/cas-server-support-jdbc/src/main/java/org/jasig/cas/adaptors/jdbc中有多类组件完成配置。 以QueryDatabaseAuthenticationHandler为例,可参考官方文档
注意使用QueryDatabaseAuthenticationHandler作为数据验证方式需屏蔽一下类QueryAndEncodeDatabaseAuthenticationHandler,如下
QueryAndEncodeDatabaseAuthenticationHandler.java注释内容如下;
......
//import org.springframework.stereotype.Component;
......
//@Component("queryAndEncodeDatabaseAuthenticationHandler")
......
修改完成后进入目录cas-4.2.1/cas-server-support-jdbc,重新执行gradle clean build,生成jar包cas-4.2.1/cas-server-support-jdbc/build/libs/cas-server-support-jdbc-4.2.1.jar, 并将此jar包放入webapps/cas/WEB-INF/lib中,由于本例使用mysql,所以需将mysql驱动包mysql-connector-java-5.1.25.jar也放到lib目录中。
接下来在文件webapps/cas/WEB-INF/deployerConfigContext.xml中增加以下配置,并注释掉一行
<bean id="dataSource"
class="com.mchange.v2.c3p0.ComboPooledDataSource"
p:driverClass="${database.driverClass}"
p:jdbcUrl="${database.url}"
p:user="${database.user}"
p:password="${database.password}"
p:initialPoolSize="${database.pool.minSize}"
p:minPoolSize="${database.pool.minSize}"
p:maxPoolSize="${database.pool.maxSize}"
p:maxIdleTimeExcessConnections="${database.pool.maxIdleTime}"
p:checkoutTimeout="${database.pool.maxWait}"
p:acquireIncrement="${database.pool.acquireIncrement}"
p:acquireRetryAttempts="${database.pool.acquireRetryAttempts}"
p:acquireRetryDelay="${database.pool.acquireRetryDelay}"
p:idleConnectionTestPeriod="${database.pool.idleConnectionTestPeriod}"
p:preferredTestQuery="${database.pool.connectionHealthQuery}" />
<alias name="queryDatabaseAuthenticationHandler" alias="primaryAuthenticationHandler" />
<alias name="dataSource" alias="queryDatabaseDataSource" />
<!--<alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" />此行注释-->
接着配置/webapps/cas/WEB-INF/cas.properties,添加以下内容
# add by hode begin
# == Basic database connection pool configuration ==
database.driverClass=com.mysql.jdbc.Driver
database.url=jdbc:mysql://192.167.48.1:3306/hode
database.user=root
database.password=kroot
database.pool.minSize=6
database.pool.maxSize=18
# Maximum amount of time to wait in ms for a connection to become
# available when the pool is exhausted
database.pool.maxWait=10000
# Amount of time in seconds after which idle connections
# in excess of minimum size are pruned.
database.pool.maxIdleTime=120
# Number of connections to obtain on pool exhaustion condition.
# The maximum pool size is always respected when acquiring
# new connections.
database.pool.acquireIncrement=6
# == Connection testing settings ==
# Period in s at which a health query will be issued on idle
# connections to determine connection liveliness.
database.pool.idleConnectionTestPeriod=30
# Query executed periodically to test health
database.pool.connectionHealthQuery=select 1
# == Database recovery settings ==
# Number of times to retry acquiring a _new_ connection
# when an error is encountered during acquisition.
database.pool.acquireRetryAttempts=5
# Amount of time in ms to wait between successive aquire retry attempts.
database.pool.acquireRetryDelay=2000
# add by hode end
同时需取消注释项cas.jdbc.authn.query.sql,并添加sql语句,
cas.jdbc.authn.query.sql=select password from users where username=?
配置完成。重启tomcat即可用hode/123456进行登录,完成验证。
当然文明密码保存到数据库中是相当不安全的,所以需要保存加密后的密码,配置如下,此时md5后的结果与数据库的密码进行比较
deployerConfigContext.xml增加一行
<alias name="defaultPasswordEncoder" alias="passwordEncoder" />
cas.properties增加两行
cas.authn.password.encoding.char=UTF-8
cas.authn.password.encoding.alg=MD5
结束
赞赏(Donation)
微信(Wechat Pay)
