CAS SSO單點登錄

1、tomcat部署https請求：

jdk生成證書：
keytool -genkey -alias ppt -keyalg RSA -keystore d:/keys/cert
導出證書：
keytool -export -file d:/keys/ppt.crt -alias ppt -keystore d:/keys/cert
爲客戶端導入證書：
keytool -import -keystore C:\Program Files\Java\jre1.6.0_03\lib\security\cacerts -file D:/keys/ppt.crt -alias ppt
修改tomcat /conf/server.xml文件：
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="D:\keys\cert" keystorePass="123456"/>

2、首先下載cas包，我的是cas-server-4.0.0-release.zip，解壓到指定目錄，把modules下面的cas-server-webapp-4.0.0.war部署到tomcat，啓動tomcat，用戶名跟密碼是這個：

 <map>
                <entry key="casuser" value="Mellon"/>
            </map>

3、從mysql數據認證，配置如下（WEB-INF/deployerConfigContext.xml）：

<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
     <property name="driverClassName" value="com.mysql.jdbc.Driver" />
     <property name="url" value="jdbc:mysql://localhost:3306/cas?useUnicode=true&characterEncoding=utf-8"/>
     <property name="username" value="root" />
     <property name="password" value="root" />
</bean>

<bean id="dbAuthHandler"
      class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
      p:dataSource-ref="dataSource"
      p:sql="select password from cas_user where username=? " />

增加這兩個bean。然後修改：

 <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
        <constructor-arg>
            <map>
                <!--
                   | IMPORTANT
                   | Every handler requires a unique name.
                   | If more than one instance of the same handler class is configured, you must explicitly
                   | set its name to something other than its default name (typically the simple class name).
                   -->
				 <!--
                <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
                <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />
				 -->
				<entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver"/>
            </map>
        </constructor-arg>

4、把cas-server-support-jdbc-4.0.0.jar，mysql-connector-java-5.1.21.jar放到webapps\cas\WEB-INF\lib，就可以了。

5、客戶端配置，pom文件加：

<dependency>
		<groupId>org.jasig.cas</groupId>
		<artifactId>cas-client-core</artifactId>
		<version>3.1.10</version>
	</dependency>

6、web.xml文件配置：

 <filter>
		<filter-name>cas</filter-name>
		<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
		<init-param>
			<param-name>casServerLoginUrl</param-name>
			<param-value>https://127.0.0.1:8443/cas/login</param-value>
		</init-param>
		<init-param>
			<param-name>serverName</param-name>
			<param-value>https://127.0.0.1:8443/</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>cas</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

總結：我把上面兩個包放到tomcat的lib下面，各種報錯，折騰了好久，用試一下的心態，把他們放到WEB-INF\lib\下面，終於成功，紀念一下。但是爲什麼放在tomcat的lib下面不行，目前還不知道，感覺應該是一樣的，用的是tomcat7.繼續加油。