cas server 系统部署

cas server 部署（SSO，基于数据库MD5密码验证）

1.概述

第一次部署，很多不懂和可能理解错误的地方，如有误导请谅解！

作为小白，完全不懂cas，首先百度了解概念，然后去官网看一下，架构图非常清晰，但对于认证的原理不太懂，交给技术吧，然后就结合百度和官网文档进行部署，其实很简单，但是还是遇到很多问题，所以简单记录一下。

• 官网链接
• 架构说明
• 认证方式

# 环境os version:           CentOS release 6.9 (Final)java version:         "1.8.0_141"Server version:       Apache Tomcat/7.0.81cas server version:   version: 4.2.7         #20181016最新版本为6.0.x：要求jdk11db version:           oracle12.2.0.1|mysql 5.7.4

上面左边是架构图： cas 主要分为 client 和 server，client 一般拦截保护资源的访问请求重定向到 cas server，再通过支持的协议进行交互，到达sso的目的。client、协议、认证方式都支持多种，比如 ldap 认证、数据库认证、ad 认证，cas server 是严重依赖 spring Freamwork。

上面右边是web流程图： 主要是 browser 和 client 和 server 的交互流程，偏重开发，我本次主要部署cas server。

2.准备war包

• 参考地址
• maven工程下载地址

1.使用 eclipse 导入 exist 的 maven 工程，上面下载那个
2.修改 pom.xml，加入：

<dependencies>     <dependency>        <groupId>org.jasig.cas</groupId>        <artifactId>cas-server-webapp</artifactId>        <version>${cas.version}</version>        <type>war</type>        <scope>runtime</scope>    </dependency>    <dependency>        <groupId>mysql</groupId>        <artifactId>mysql-connector-java</artifactId>        <version>5.1.47</version>    </dependency>    <dependency>        <groupId>org.jasig.cas</groupId>        <artifactId>cas-server-support-jdbc</artifactId>        <version>${cas.version}</version>    </dependency></dependencies>

3.run as maven install（注意，这里直接添加mysql驱动，如果是oracle，由于驱动收费，maven 找不到，没有自己装 oracle 驱动依赖，后面直接吧 ojdbc6.jar 放到了 webapps/cas/WEB-INF/lib 下面即可）

4.将 jar 拷贝到 tomcat/webapps下面

3.部署 war 包

1.先配置 java，注意cas越新需要依赖的java也越新，此cas4.2.7只是1.7+，我使用1.8
2.配置tomcat https,其实使用http也行，只不过登录cas server时会有警告，但也能登录，不知道后面实现 sso 有没有影响，tomcat 配置 https

3.新建默认 cas 配置文件：/etc/cas/cas.properties 或者自定义配置文件，修改tomcat7/webapps/cas/WEB-INF/spring-configuration/propertyFileConfigurer.xml文件最后面

4.创建自定义用户casuser： 在 cas.properties 文件中增加一行配置：

accept.authn.users=casuser::Mellon

5.启动 tomcat，访问 cas server，http://localhost:8080/cas/ 或者 https 地址 https://lcoalhost/cas/ （前提是配置了443端口的 https 服务）使用刚刚定义的用户 casuser/Mellon 即可显示登录成功

4.配置数据库认证

mysql 认证

1.先修改 tomcat7/webapps/cas/WEB-INF/deployerConfigContext.xml 配置文件，将 <alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" /> 注释，再添加：

<bean   p:driverClass="${database.driverClass}"  p:jdbcUrl="${database.url}"  p:user="${database.user}"  p:password="${database.password}"  p:initialPoolSize="${database.pool.minSize}"  p:minPoolSize="${database.pool.minSize}"  p:maxPoolSize="${database.pool.maxSize}"  p:maxIdleTimeExcessConnections="${database.pool.maxIdleTime}"  p:checkoutTimeout="${database.pool.maxWait}"  p:acquireIncrement="${database.pool.acquireIncrement}"  p:acquireRetryAttempts="${database.pool.acquireRetryAttempts}"  p:acquireRetryDelay="${database.pool.acquireRetryDelay}"  p:idleConnectionTestPeriod="${database.pool.idleConnectionTestPeriod}"  p:preferredTestQuery="${database.pool.connectionHealthQuery}" /><alias name="defaultPasswordEncoder" alias="passwordEncoder" /><alias name="queryDatabaseAuthenticationHandler" alias="primaryAuthenticationHandler" /><alias name="dataSource" alias="queryDatabaseDataSource" />

2.在 cas.properties 文件中定义数据源值

cas.authn.password.encoding.char=UTF-8    #配置密码编码cas.authn.password.encoding.alg=MD5       #配置密码MD5加密（只会加密为小写）#cas.authn.password.encoding.alg=SHA-256  #配置密码SHA-256加密cas.jdbc.authn.query.sql=select pwd from cas_test where user=?	#查询密码字段即可locale.default=zh_CN	#指定首页语言# == Basic database connection pool configuration ==	#c3p0连接池数据源配置database.driverClass=com.mysql.jdbc.Driverdatabase.url=jdbc:mysql://10.151.0.208:3306/multiple-srm-mobile-dev?useUnicode=true&characterEncoding=utf8&useSSL=truedatabase.user=rootdatabase.password=handhanddatabase.pool.minSize=6database.pool.maxSize=18# Maximum amount of time to wait in ms for a connection to become# available when the pool is exhausteddatabase.pool.maxWait=10000# Amount of time in seconds after which idle connections# in excess of minimum size are pruned.database.pool.maxIdleTime=120# Number of connections to obtain on pool exhaustion condition.# The maximum pool size is always respected when acquiring# new connections.database.pool.acquireIncrement=6# == Connection testing settings ==# Period in s at which a health query will be issued on idle# connections to determine connection liveliness.database.pool.idleConnectionTestPeriod=30# Query executed periodically to test healthdatabase.pool.connectionHealthQuery=select 1 from dual# == Database recovery settings ==# Number of times to retry acquiring a _new_ connection# when an error is encountered during acquisition.database.pool.acquireRetryAttempts=5# Amount of time in ms to wait between successive aquire retry attempts.database.pool.acquireRetryDelay=2000

oracle 认证

注意前面 war 中已经添加了 mysql 驱动，oracle 需要自己添加相应的驱动到 WEB-INF/lib 下面

同样，修改 tomcat7/webapps/cas/WEB-INF/deployerConfigContext.xml 配置文件

# 配置和mysql的配置一样，省略

再修改 cas.properties 配置文件，添加数据源的值，密码加密方式，sql 查询即可（要注意 12c--jdbc:oracle:thin:@127.0.0.0:1521/xxx_dev，11g--jdbc:oracle:thin:@127.0.0.0:1521:xxx_dev）

# accept.authn.users=casuser::Melloncas.authn.password.encoding.char=UTF-8cas.authn.password.encoding.alg=MD5#cas.authn.password.encoding.alg=SHA-256cas.jdbc.authn.query.sql=select lower(MD5_USER_PASSWORD) from sys_user where user_name=upper(?)cas.jdbc.authn.query.encode.alg=MD5locale.default=zh_CN#cas.principal.transform.upperCase=true# == Basic database connection pool configuration ==database.driverClass=oracle.jdbc.driver.OracleDriverdatabase.url=jdbc:oracle:thin:@127.0.0.0:1521/xxx_devdatabase.user=*database.password=*database.pool.minSize=6database.pool.maxSize=18# Maximum amount of time to wait in ms for a connection to become# available when the pool is exhausteddatabase.pool.maxWait=10000# Amount of time in seconds after which idle connections# in excess of minimum size are pruned.database.pool.maxIdleTime=120# Number of connections to obtain on pool exhaustion condition.# The maximum pool size is always respected when acquiring# new connections.database.pool.acquireIncrement=6# == Connection testing settings ==# Period in s at which a health query will be issued on idle# connections to determine connection liveliness.database.pool.idleConnectionTestPeriod=30# Query executed periodically to test healthdatabase.pool.connectionHealthQuery=select 1 from dual# == Database recovery settings ==# Number of times to retry acquiring a _new_ connection# when an error is encountered during acquisition.database.pool.acquireRetryAttempts=5# Amount of time in ms to wait between successive aquire retry attempts.database.pool.acquireRetryDelay=2000

要注意 cas 加密的 MD5 密码为 32 位小写，重启 tomcat 即可通过数据库密码登录成功