注意:CAS推荐开启HTTPS是因为HTTPS协议可以保证通信的安全性和完整性,从而防止信息被窃取或篡改。但是我没有开启,因为接入自己的客户端挺麻烦,如果需要的话,自己搜索如何在tomcat开启https即可。
1.下载
tomcat (9.0+):https://tomcat.apache.org/
cas(6.5):https://github.com/apereo/cas-overlay-template.git 切到6.5分支即可
注意:jdk 11以上,mysql8.0
3.打开cas项目,在build.gradle引入需要的依赖,以便后续接入数据库
dependencies {
/**
* Do NOT modify the lines below or else you will risk breaking dependency management.
*/
implementation enforcedPlatform("org.apereo.cas:cas-server-support-bom:${project.'cas.version'}")
implementation platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES)
/**
* CAS dependencies and modules may be listed here.
*
* There is no need to specify the version number for each dependency
* since versions are all resolved and controlled by the dependency management
* plugin via the CAS bom.
**/
implementation "org.apereo.cas:cas-server-core-api-configuration-model"
implementation "org.apereo.cas:cas-server-webapp-init"
implementation "org.apereo.cas:cas-server-webapp-init:${project.'cas.version'}"
implementation "org.apereo.cas:cas-server-support-json-service-registry:${project.'cas.version'}"
implementation "org.apereo.cas:cas-server-support-jdbc:${project.'cas.version'}"
implementation "org.apereo.cas:cas-server-support-jdbc-drivers:${project.'cas.version'}"
implementation "mysql:mysql-connector-java:5.1.46"
implementation "org.apereo.cas:cas-server-support-pm-jdbc:${project.'cas.version'}"
implementation "org.apereo.cas:cas-server-support-json-service-registry:${project.'cas.version'}"
implementation "org.apereo.cas:cas-server-support-themes-collection:${project.'cas.version'}"
implementation "org.webjars:jquery:3.6.0"
implementation "org.webjars:bootstrap:5.0.2"
implementation "org.apereo.cas:cas-server-support-token-tickets:${project.'cas.version'}"
if (project.hasProperty("casModules")) {
def dependencies = project.getProperty("casModules").split(",")
dependencies.each {
def projectsToAdd = rootProject.subprojects.findAll {project ->
project.name == "cas-server-core-${it}" || project.name == "cas-server-support-${it}"
}
projectsToAdd.each {implementation it}
}
}
developmentOnly "org.springframework.boot:spring-boot-devtools:${project.springBootVersion}"
}
4.在/src/main/resources/application.yml下添加配置
# Application properties that need to be
# embedded within the web application can be included here
server:
ssl:
enabled: false #是否开启https
cas:
authn:
accept:
users: []
jdbc:
query[0]:
sql: SELECT * FROM sys_user WHERE user_name = ?
url: jdbc:mysql://192.168.1.222:3306/ciel?useUnicode=true&autoReconnect=true&autoReconnectForPools=true&characterEncoding=utf8&serverTimezone=Asia/Shanghai
user: root
password: root
fieldPassword: password
driverClass: com.mysql.jdbc.Driver
password-encoder:
type: DEFAULT
encoding-algorithm: MD5
character-encoding: UTF-8
fieldExpired: expired #是否提示改密码的字段
fieldDisabled: disabled #是否禁用用户的字段
oauth:
access-token:
create-as-jwt: true
service-registry:
core:
init-from-json: true #app1-10001读取配置信息
json:
location: classpath:/services #指定json配置文件地址
theme:
default-theme-name: app1
view:
template-prefixes: classpath:templates/app1
default-redirect-url: http://192.168.1.37:8881 #login和logout的默认跳转页
logout:
follow-service-redirects: true #配置允许登出后跳转到指定页面
redirect-parameter: service
redirect-url: http://192.168.1.37:8881 #注销页
confirm-logout: false
remove-descendant-tickets: true
ticket:
tgt:
remember-me:
enabled: true
5.配置CAS服务单中的服务,这些信息将被用于CAS服务单的管理界面,以便管理员可以对服务进行管理和配置。此外,CAS服务单还可以通过这些json文件来自动化部署和管理服务,从而提高系统的可维护性和可扩展性。
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
#服务的URL地址,表示服务的访问入口
"serviceId" : "^(http|imaps)://.*",
#服务的名称,可以是任意字符串。
"name" : "app1",
#服务的唯一标识符,可以是任意字符串。
"id" : 10001,
#是否跳过用户授权操作直接将服务票据返回给服务
"bypassApprovalPrompt": false,
#在CAS服务端注册的客户端应用程序的标识符
#用于实现OAuth2协议中的客户端身份验证和授权操作。
"clientId": "20180901",
#在CAS服务端注册的客户端应用程序的密钥
"clientSecret": "123456",
#指登录界面的主题,包括颜色、字体、背景图等元素。CAS支持多种主题
"theme" : "app1",
#注销类型,表示服务在注销时的处理方式,可以是back-channel或front-channel。
"logoutType" : "BACK_CHANNEL",
#指用户登出时重定向的URL地址,也称为CAS登出URL
"logoutUrl" : "http://192.168.1.121:83/"
}
6.此时,将项目打包,放到tomcat中即可。
在idea控制台输入以下命令,将项目打包
./gradlew clean build
这样就可以实现cas服务端的搭建啦,并且也连接好了数据源。
下图为统一登录页,不过我改了前端样式,下一节介绍如何自定义登录页的样式