單點登錄cas常見問題(十一) - 怎麼搭建oauth服務器？

1、cas項目導入cas-server-support-oauth子項目

如果pom.xml中註釋掉了這個模塊，放開註釋：<module>cas-server-support-oauth</module>

2、cas-server-webapp項目的pom.xml中添加

    <dependency>

      <groupId>org.jasig.cas</groupId>

      <artifactId>cas-server-support-oauth</artifactId>

      <version>${project.version}</version>

    </dependency>

3、cas-server-webapp項目的web.xml中有

    <servlet-mapping>

        <servlet-name>cas</servlet-name>

        <url-pattern>/v1/*</url-pattern>

    </servlet-mapping>

如果上面的代碼被註釋掉了，放開註釋

4、修改cas-server-webapp的cas-servlet.xml文件，

添加一個bean oauth20WrapperController

  <bean id="oauth20WrapperController" class="org.jasig.cas.support.oauth.web.OAuth20WrapperController"

        p:loginUrl="http://www.ittenyear.com/cas/login"

        p:servicesManager-ref="servicesManager"

        p:ticketRegistry-ref="ticketRegistry"

        p:timeout="7200" />

在handlerMappingC bean中添加紅色標識的代碼

<bean

      id="handlerMappingC"

      class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping"

      p:alwaysUseFullPath="true">

    <property name="mappings">

      <util:properties>

        <prop key="/serviceValidate">serviceValidateController</prop>

        <prop key="/proxyValidate">proxyValidateController</prop>

        <!--

        <prop key="/samlValidate">samlValidateController</prop>

        -->

        <prop key="/p3/serviceValidate">v3ServiceValidateController</prop>

        <prop key="/p3/proxyValidate">v3ProxyValidateController</prop>

        <prop key="/validate">legacyValidateController</prop>

        <prop key="/proxy">proxyController</prop>

        <prop key="/authorizationFailure.html">passThroughController</prop>

        <prop key="/oauth/*">oauth20WrapperController</prop>

5、在deployerConfigContext.xml文件中添加service

One service is needed to make the OAuth wrapper works in CAS. It defines the callback url after CAS authentication to return to the OAuth wrapper as a CAS service.

              <bean class="org.jasig.cas.support.oauth.services.OAuthCallbackAuthorizeService"

                    p:id="2"

                    p:name="HTTP"

                    p:description="oauth wrapper callback url"

                    p:serviceId="${server.prefix}/oauth/callbackAuthorize" />

6、在deployerConfigContext.xml文件中爲每一個oauth客戶端添加一個service

Every OAuth client must be defined as a CAS service (notice the new clientId and clientSecret properties, specific to OAuth):

              <bean class="org.jasig.cas.support.oauth.services.OAuthRegisteredService"

                    p:id="3"

                    p:name="serviceName"

                    p:description="Service Description"

                    p:serviceId="http://bbs.ittenyear.com"

                    p:bypassApprovalPrompt="false"

                    p:clientId="key"

                    p:clientSecret="secret" />

原文檔在這裏： http://jasig.github.io/cas/4.1.x/installation/OAuth-OpenId-Authentication.html

7、測試

http://www.ittenyear.com/cas/oauth/authorize?client_id=key&redirect_uri=http://bbs.ittenyear.com&response_type=code
拿到ST
http://bbs.ittenyear.com/?code=ST-1-Ftbt6i5Odk7GaKQTp3yn-cas01.example.org
http://www.ittenyear.com/cas/oauth/accessToken?client_id=key&client_secret=secret&grant_type=authorization_code&redirect_uri=http://bbs.ittenyear.com&code=
拿到access_token
TGT-2-3fkIcMgFnN15VQ6VsAkcLigDdq0KqdEzev0kJN5WnoEPYSJ7ze-cas01.example.org
訪問資源：用戶信息
http://www.ittenyear.com/cas/oauth/profile?access_token=TGT-2-3fkIcMgFnN15VQ6VsAkcLigDdq0KqdEzev0kJN5WnoEPYSJ7ze-cas01.example.org