源码编译安装
- cas 6.6环境:
java17+tomcat9 - cas 7.0环境:
java21+tomcat10
安装jdk环境
1.下载jdk和tomcat
2.解压并配置环境
tar zxvf openjdk-21.0.2_linux-x64_bin.tar.gz -C /usr/lib/jvm
配置环境
vim /etc/profile
......
export JAVA_HOME=/usr/lib/jvm/jdk-21.0.2
export CLASSPATH=$JAVA_HOME/lib:$CLASSPATH
export PATH=$JAVA_HOME/bin:$PATH
使配置生效
source /etc/profile
查看java版本
jave --version
openjdk 21.0.2 2024-01-16
OpenJDK Runtime Environment (build 21.0.2+13-58)
OpenJDK 64-Bit Server VM (build 21.0.2+13-58, mixed mode, sharing)
编译apereo cas-overlay-template
一.下载apereo cas-overlay-template源码
git clone https://github.com/apereo/cas-overlay-template.git -b 7.0
cd cas-overlay-template
二.添加用户数据库mysql
安装mysql 省略
按照此处的步骤 步骤添加所需的 CAS 模块。不必为数据库驱动程序添加任何其他 JAR 等。CAS默认自动附带了一些模块。在build.gradle文件中找到正确的 dependencies块以添加以下模块:
数据库和json模块
dependencies {
/*
The following platform references should be included automatically and are listed here for reference only.
implementation enforcedPlatform("org.apereo.cas:cas-server-support-bom:${project.'cas.version'}")
implementation platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES)
*/
implementation "org.apereo.cas:cas-server-support-jdbc:${project.'cas.version'}"
implementation "org.apereo.cas:cas-server-support-jpa-hibernate:${project.'cas.version'}"
implementation "org.apereo.cas:cas-server-support-jpa-eclipselink:${project.'cas.version'}"
implementation "org.apereo.cas:cas-server-support-json-service-registry:${project.'cas.version'}"
}
三.密钥库
为了使服务器成功运行,您可能需要创建一个密钥库文件。这可以使用 JDKkeytool实用程序或通过以下命令完成:
./gradlew createKeystore
对密钥库和密钥/证书条目使用密码changeit
四.编译
./gradlew clean build
复制war包到运行目录
cp build/lib/car.war /opt/cas/
五.配置
配置文件/etc/cas/config/cas.properties
CAS 通过将用户密码(可以使用密码编码器进行编码)与可配置数据库查询确定的记录密码进行比较来对用户进行身份验证。以下是实际需要增加的:
# Application properties that need to be
# embedded within the web application can be included here
# 配置数据库
cas.authn.jdbc.query[0].url=jdbc:mysql://172.16.1.100:3306/数据库名?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&useSSL=false
cas.authn.jdbc.query[0].user=数据库账号
cas.authn.jdbc.query[0].password=数据库密码
cas.authn.jdbc.query[0].sql=select * from 数据库表 where 查询字段=?
cas.authn.jdbc.query[0].field-password=pass_word
cas.authn.jdbc.query[0].password-encoder.type=DEFAULT
cas.authn.jdbc.query[0].password-encoder.character-encoding=UTF-8
cas.authn.jdbc.query[0].password-encoder.encoding-algorithm=MD5
cas.server.name=https://cas.mydnss.com:8443
cas.server.prefix=${cas.server.name}/cas
cas.authn.jdbc.query[0].driver-class=com.mysql.cj.jdbc.Driver
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect
cas.authn.accept.enabled=false
server.ssl.key-store=file:/etc/cas/thekeystore
server.ssl.key-store-password=changeit
server.ssl.key-password=changeit
cas.service-registry.json.watcher-enabled=true
cas.service-registry.json.location=file:/etc/cas/config/services
cas.tgc.crypto.encryption.key=4vEIh7arqiUy4B....
cas.tgc.crypto.signing.key=2EJmL-t6z9Lb2tbQBbi8Qct....
cas.webflow.crypto.signing.key=6JS85pjLEnwJHaqm68...
cas.webflow.crypto.encryption.key=Uo7Xbl....
-
cas.authn.jdbc.query[0]设置很重要,并且可能因数据库选择而异。例如,对于 PostgreSQL,您可以使用:cas.authn.jdbc.query[0].driver-class=org.postgresql.Driver cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.PostgreSQLDialect -
或者对于 MySQL 您可以使用:
cas.authn.jdbc.query[0].driver-class=com.mysql.cj.jdbc.Driver cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect -
或者对于 Oracle 您可以使用:
cas.authn.jdbc.query[0].driver-class=oracle.jdbc.driver.OracleDriver cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.OracleDialect -
或者对于 Mariadb 您可以使用:
cas.authn.jdbc.query[0].driver-class=org.mariadb.jdbc.Driver cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MariaDBDialect请记住针对每种数据库类型正确调整 URL 和连接字符串。
-
开启DEBUG,禁用静态身份验证:
logging.level.org.apereo=DEBUG cas.authn.accept.enabled=false -
通过json注册服务,文件存放目录
/etc/cas/config/servicescas.service-registry.json.location=file:/etc/cas/config/services注册服务文件名命名约定:serviceName +“-”+ serviceNumericId +“.json”,
https://cas.mydnss.com:8444是我的cas managemant:{ "@class" : "org.apereo.cas.services.CasRegisteredService", "serviceId" : "https://cas.mydnss.com:8444/.*", "name" : "casManagement", "id" : 1001, "logoutType" : "BACK_CHANNEL", "logoutUrl" : "https://cas.mydnss.com:8444/cas-management/logout" }
六.启动war包
1.jar执行 WAR
将服务器 Web 应用程序作为可执行 WAR 运行。请注意,运行可执行 WAR 需要 CAS 使用嵌入式容器,例如 Apache Tomcat、Jetty 等。
当前 servlet 容器指定为-tomcat。
java -jar cas.war --spring.config.application=/etc/cas/config/cas.properties
2.tomcat 运行
修改8005和8080端口,增加tomcat配置(ssl)
tomcat9
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/cas/thekeystore"
/>
tomcat10
<!-- Define an SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443"
maxThreads="150"
SSLEnabled="true"
maxParameterCount="1000"
>
<SSLHostConfig>
<Certificate
certificateKeystoreFile="/etc/cas/thekeystore"
certificateKeystorePassword="changeit"
type="RSA"
/>
</SSLHostConfig>
</Connector>
解决错误
ERR_TOO_MANY_REDIRECTS,添加一行
<Engine name="Catalina" defaultHost="localhost">
...
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
...
<Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies=".*" />
</Host>
</Engine>
将cas.war放入webapp启动
bin/startup.sh