最新版本cas-服務端:從原始碼到部署
阿新 • • 發佈:2019-01-31
從github上下載原始碼,cas-4.2.5,使用IDEA匯入gradle專案編譯打包
0.匯入專案原始碼
import project
選擇本地gradle和jdk
finish 等待building 時間較長 building完成後,專案匯入,這個專案由多個子專案構成,每一個子專案在打包後會變成一個jar包 需要調整配置的子專案是cas- server-webapp
將預設驗證方式改為資料庫驗證可參考文件: /cas-server-documentation/installation/Database-Authentication.md 1.gradle基本配置 a.修改本地倉庫位置:
2.配置tomcat,支援https安全模式 a.生成祕鑰 keytool -genkey -keystore "D:\localhost.keystore" -alias '計算機名' -keyalg RSA b.開放8443埠 <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="D:\localhost.keystore" keystorePass="123456"/> 修改訪問策略支援http 開啟cas-server-webapp/src/main/resources/services/HTTPSandIMAPS-10000001.json 在serviceid處增加http
3.修改cas配置檔案 a.修改/cas-server-webapp/src/main/webapp/WEB-INF/cas.properties 1.配置JDBC Audits
2.將attributeRepository改為SingleRowJdbcPersonAttributeDao:從資料庫中獲取返回使用者的屬性 預設配置
5.增加密碼加密演算法bean
5.gradle安裝打包 開啟terminal視窗,進入cas- server-webapp目錄,執行gradle build,在cas- server-webapp/target/lib下生成war包:
開啟terminal視窗:
6.IDEA繫結tomcat,執行war包,除錯
選擇包
選擇本地gradle和jdk
finish 等待building 時間較長 building完成後,專案匯入,這個專案由多個子專案構成,每一個子專案在打包後會變成一個jar包 需要調整配置的子專案是cas- server-webapp
將預設驗證方式改為資料庫驗證可參考文件: /cas-server-documentation/installation/Database-Authentication.md 1.gradle基本配置 a.修改本地倉庫位置:
將C:\Users\youname\.gradle的預設目錄複製到d:/gradle_repo/.gradle,然後設定系統環境變數:
GRADLE_USER_HOME=d:/gradle_repo/.gradle
jar包的位置: %GRADLE_USER_HOME
%\caches\modules-2\files-2.1b.修改gradle遠端倉庫地址:
開啟cas- server-webapp子專案下的build.gradle檔案,遠端倉庫中增加maven私服地址,增加oracle依賴包allprojects {在dependencies{}中增加ojdbc依賴和collections4
repositories {
mavenLocal()
jcenter()
maven {
url "https://maven.eveoh.nl/content/repositories/releases"}
maven { url "https://plugins.gradle.org/m2/" }
maven{ url 'http://xxxxx:xxx/nexus/content/groups/public'}
}
}
compile group: 'com.oracle', name: 'ojdbc', version: '11.1.0.6.0'增加cas-server-support-jdbc依賴
compile group: 'org.apache.commons', name: 'commons-collections4', version: '4.1'
compile project(':cas-server-support-jdbc')
2.配置tomcat,支援https安全模式 a.生成祕鑰 keytool -genkey -keystore "D:\localhost.keystore" -alias '計算機名' -keyalg RSA b.開放8443埠 <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="D:\localhost.keystore" keystorePass="123456"/> 修改訪問策略支援http 開啟cas-server-webapp/src/main/resources/services/HTTPSandIMAPS-10000001.json 在serviceid處增加http
"serviceId" : "^(https|imaps|http)://.*"
3.修改cas配置檔案 a.修改/cas-server-webapp/src/main/webapp/WEB-INF/cas.properties 1.配置JDBC Audits
## JDBC Audits配置JDBC Authentication:
#
#cas.audit.max.agedays=
cas.audit.database.dialect=org.hibernate.dialect.Oracle10gDialect
#cas.audit.database.batchSize=
#cas.audit.database.ddl.auto=
#cas.audit.database.gen.ddl=
cas.audit.database.show.sql=true
cas.audit.database.driverClass=oracle.jdbc.driver.OracleDriver
cas.audit.database.url=jdbc:oracle:thin:@192.168.32.23:1521:jiajie
cas.audit.database.user=ENSPCOM
cas.audit.database.password=ENSPCOM_PWD
cas.audit.database.pool.minSize=6
cas.audit.database.pool.maxSize=18
cas.audit.database.pool.maxIdleTime=120
cas.audit.database.pool.maxWait=10000
cas.audit.database.pool.acquireIncrement=6
cas.audit.database.pool.acquireRetryAttempts=5
cas.audit.database.pool.acquireRetryDelay=2000
cas.audit.database.pool.idleConnectionTestPeriod=30
cas.audit.database.pool.connectionHealthQuery=select 1
##增加密碼加密演算法:
# JDBC Authentication
#
# cas.jdbc.authn.query.encode.sql=
# cas.jdbc.authn.query.encode.alg=
# cas.jdbc.authn.query.encode.salt.static=
# cas.jdbc.authn.query.encode.password=
# cas.jdbc.authn.query.encode.salt=
# cas.jdbc.authn.query.encode.iterations.field=
# cas.jdbc.authn.query.encode.iterations=
cas.jdbc.authn.query.sql=select password from tb_sys_user where username=?
# cas.jdbc.authn.search.password=
# cas.jdbc.authn.search.user=
# cas.jdbc.authn.search.table=
cas.authn.password.encoding.alg=MD5b.修改/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml 1.增加datasource 使用c3p0連線池:
<bean id="dataSource"
class="com.mchange.v2.c3p0.ComboPooledDataSource"
p:driverClass="${cas.audit.database.driverClass}"
p:jdbcUrl="${cas.audit.database.url}"
p:user="${cas.audit.database.user}"
p:password="${cas.audit.database.password}"
p:initialPoolSize="${cas.audit.database.pool.minSize}"
p:minPoolSize="${cas.audit.database.pool.minSize}"
p:maxPoolSize="${cas.audit.database.pool.maxSize}"
p:maxIdleTimeExcessConnections="${cas.audit.database.pool.maxIdleTime}"
p:checkoutTimeout="${cas.audit.database.pool.maxWait}"
p:acquireIncrement="${cas.audit.database.pool.acquireIncrement}"
p:acquireRetryAttempts="${cas.audit.database.pool.acquireRetryAttempts}"
p:acquireRetryDelay="${cas.audit.database.pool.acquireRetryDelay}"
p:idleConnectionTestPeriod="${cas.audit.database.pool.idleConnectionTestPeriod}"
p:preferredTestQuery="${cas.audit.database.pool.connectionHealthQuery}" />
2.將attributeRepository改為SingleRowJdbcPersonAttributeDao:從資料庫中獲取返回使用者的屬性 預設配置
<bean id="attributeRepository" class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao"改為
p:backingMap-ref="attrRepoBackingMap" />
<bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">其中
<constructor-arg index="0" ref="dataSource" />
<constructor-arg index="1" value="select realname, username, id from tb_sys_user where {0}" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="username" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="ID" value="ID" />
<entry key="USERNAME" value="USERNAME" />
<entry key="REALNAME" value="REALNAME" />
</map>
</property>
</bean>
<constructor-arg index="1" value="select realname, username, id from tb_sys_user where {0}" />
為從資料中獲取附加資訊的查詢語句
<entry key="username" value="username" />為查詢條件條件
3.將acceptUsersAuthenticationHandler改為queryDatabaseAuthenticationHandler
<alias name="queryDatabaseAuthenticationHandler" alias="primaryAuthenticationHandler" />
queryDatabaseAuthenticationHandler中將設定datasource,所有需要為datasource去一個別名
4.為datasource取一個別名
<alias name="dataSource" alias="queryDatabaseDataSource" />
5.增加密碼加密演算法bean
<bean id="passwordEncoder"4.修改返回資訊頁面 為了保證返回的使用者屬性不出現中文亂碼,需要將 /cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/2.0/casServiceValidationSuccess.jsp 從utf-8改為gb2312,並修改返回資訊的拼接方式
class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
<constructor-arg index="0" value="${cas.authn.password.encoding.alg}" />
</bean>
<%@ page session="false" contentType="application/xml; charset=gb2312" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
<%@ page pageEncoding="gb2312"%>
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>${fn:escapeXml(principal.id)}</cas:user>
<c:if test="${not empty pgtIou}">
<cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket>
</c:if>
<c:if test="${fn:length(chainedAuthentications) > 0}">
<cas:proxies>
<c:forEach var="proxy" items="${chainedAuthentications}" varStatus="loopStatus" begin="0" end="${fn:length(chainedAuthentications)}" step="1">
<cas:proxy>${fn:escapeXml(proxy.principal.id)}</cas:proxy>
</c:forEach>
</cas:proxies>
</c:if>
<c:if test="${fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes) > 0}">
<cas:attributes>
<c:forEach var="attr" items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}">
<cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
</c:forEach>
</cas:attributes>
</c:if>
</cas:authenticationSuccess>
</cas:serviceResponse>
5.gradle安裝打包 開啟terminal視窗,進入cas- server-webapp目錄,執行gradle build,在cas- server-webapp/target/lib下生成war包:
開啟terminal視窗:
6.IDEA繫結tomcat,執行war包,除錯
選擇包