CAS Server:www.sinosoft.com

代理服务:palace.sinosoft.com

被代理服务:gguser.sinosoft.com

1. 建立key,命令如下:

  1. keytool -genkey -alias palace -keyalg RSA -keystore palace -ext san=dns:palace.sinosoft.com,dns:gguser.sinosoft.com,dns:www.sinosoft.com
  1. keytool -export -file palace.crt -alias palace -keystore palace

2. 导入key(在三台机器上都导入)

  1. keytool -import -keystore "c:\Program Files\Java\jdk1.7.0_79\jre\lib\security\cacerts" -file d:\keys\palace.crt -alias palace

3. 修改tomcat的server.xml,添加如下语句:

其中马赛克处是密码

4. 代理服务的web.xml配置添加如下:

PS:配置在其他的filter之前.注意配置的顺序等.

  1. <!-- begin CAS -->
  2.  
  3.     <listener>
  4.         <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
  5.     </listener>
  6.  
  7.     <filter>
  8.         <filter-name>CAS Single Sign Out Filter</filter-name>
  9.         <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
  10.     </filter>
  11.  
  12.     <filter>
  13.         <filter-name>CAS Authentication Filter</filter-name>
  14.         <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
  15.         <init-param>
  16.             <param-name>casServerLoginUrl</param-name>
  17.             <param-value>https://www.sinosoft.com:8443/CAS-yuan02/login</param-value>
  18.         </init-param>
  19.         <init-param>
  20.             <param-name>serverName</param-name>
  21.             <param-value>http://palace.sinosoft.com:8080</param-value>
  22.         </init-param>
  23.     </filter>
  24.  
  25.     <filter>
  26.         <filter-name>CAS Validation Filter</filter-name>
  27.         <filter-class>
  28.                      org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
  29.         <init-param>
  30.             <param-name>casServerUrlPrefix</param-name>
  31.             <param-value>https://www.sinosoft.com:8443/CAS-yuan02</param-value>
  32.         </init-param>
  33.         <init-param>
  34.             <param-name>serverName</param-name>
  35.             <param-value>http://palace.sinosoft.com:8080</param-value>
  36.         </init-param>
  37.  
  38.         <init-param>
  39.             <param-name>acceptAnyProxy</param-name>
  40.             <param-value>true</param-value>
  41.         </init-param>
  42.         <init-param>
  43.             <param-name>proxyCallbackUrl</param-name>
  44.             <param-value>https://palace.sinosoft.com:8443/palace/proxyCallback</param-value>
  45.         </init-param>
  46.         <init-param>
  47.             <param-name>proxyReceptorUrl</param-name>
  48.             <param-value>/proxyCallback</param-value>
  49.         </init-param>
  50.     </filter>
  51.     <filter-mapping>
  52.         <filter-name>CAS Validation Filter</filter-name>
  53.         <url-pattern>/proxyCallback</url-pattern>
  54.     </filter-mapping>
  55.  
  56.     <filter-mapping>
  57.         <filter-name>CAS Authentication Filter</filter-name>
  58.         <url-pattern>/*</url-pattern>
  59.     </filter-mapping>
  60.  
  61.     <filter-mapping>
  62.         <filter-name>CAS Validation Filter</filter-name>
  63.         <url-pattern>/*</url-pattern>
  64.     </filter-mapping>
  65.  
  66.       <filter-mapping>
  67.         <filter-name>CAS Single Sign Out Filter</filter-name>
  68.         <url-pattern>/*</url-pattern>
  69.     </filter-mapping>
  70.  
  71.     <filter>
  72.         <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
  73.         <filter-class>
  74.                      org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
  75.     </filter>
  76.     <filter-mapping>
  77.         <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
  78.         <url-pattern>/*</url-pattern>
  79.     </filter-mapping>
  80.  
  81.     <filter>
  82.         <filter-name>CAS Assertion Thread Local Filter</filter-name>
  83.         <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
  84.     </filter>
  85.     <filter-mapping>
  86.         <filter-name>CAS Assertion Thread Local Filter</filter-name>
  87.         <url-pattern>/*</url-pattern>
  88.     </filter-mapping>
  89.  
  90.     <!-- end CAS -->

5. 被代理服务的web.xml配置

  1. <!-- ======================== 单点登录开始 ======================== -->
  2.              <!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置-->
  3.              <listener>
  4.                 <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
  5.               </listener>
  6.              <filter>
  7.                  <filter-name>CAS Single Sign Out Filter</filter-name>
  8.                  <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
  9.              </filter>
  10.              <filter-mapping>
  11.                  <filter-name>CAS Single Sign Out Filter</filter-name>
  12.                  <url-pattern>/*</url-pattern>
  13.              </filter-mapping>
  14.  
  15.              <filter>
  16.                  <filter-name>CAS Filter</filter-name>
  17.                  <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
  18.                  <init-param>
  19.                      <param-name>casServerLoginUrl</param-name>
  20.                      <param-value>https://www.sinosoft.com:8443/CAS-yuan02/login</param-value>
  21.                  </init-param>
  22.                  <init-param>
  23.                      <param-name>serverName</param-name>
  24.                      <param-value>http://gguser.sinosoft.com:8080</param-value>
  25.                 </init-param>
  26.              </filter>
  27.              <filter-mapping>
  28.                  <filter-name>CAS Filter</filter-name>
  29.                  <url-pattern>/*</url-pattern>
  30.              </filter-mapping>
  31.              <filter>
  32.                  <filter-name>CAS Validation Filter</filter-name>
  33.                  <filter-class>
  34.                      org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
  35.                  <init-param>
  36.                      <param-name>casServerUrlPrefix</param-name>
  37.                      <param-value>https://www.sinosoft.com:8443/CAS-yuan02</param-value>
  38.                  </init-param>
  39.                 <init-param>
  40.                      <param-name>serverName</param-name>
  41.                      <param-value>http://gguser.sinosoft.com:8080</param-value>
  42.                 </init-param>
  43.  
  44.                     <init-param>
  45.                     <!-- redirectAfterValidation must be false, otherwise the request params
  46.                         from proxying app could not be received -->
  47.                     <param-name>redirectAfterValidation</param-name>
  48.                     <param-value>false</param-value>
  49.                 </init-param>
  50.                 <init-param>
  51.                     <param-name>acceptAnyProxy</param-name>
  52.                     <param-value>true</param-value>
  53.                 </init-param>
  54.  
  55.              </filter>
  56.              <filter-mapping>
  57.                  <filter-name>CAS Validation Filter</filter-name>
  58.                  <url-pattern>/*</url-pattern>
  59.              </filter-mapping>
  60.  
  61.              <filter>
  62.                 <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
  63.                  <filter-class>
  64.                      org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
  65.              </filter>
  66.              <filter-mapping>
  67.                  <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
  68.                  <url-pattern>/*</url-pattern>
  69.              </filter-mapping>
  70.  
  71.              <filter>
  72.                  <filter-name>CAS Assertion Thread Local Filter</filter-name>
  73.                  <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
  74.              </filter>
  75.              <filter-mapping>
  76.                  <filter-name>CAS Assertion Thread Local Filter</filter-name>
  77.                  <url-pattern>/*</url-pattern>
  78.              </filter-mapping>
  79.              <!-- ======================== 单点登录结束 ======================== -->

CAS代理配置的更多相关文章

  1. cas 代理认证配置

    注:本文转自http://www.ichatter.net/2013/03/21/385/ CAS(Central Authentication Service)框架是一个开源的单点登陆框架.最近公司 ...

  2. spring security+cas(cas proxy配置)

    什么时候会用到代理proxy模式? 举一个例子:有两个应用App1和App2,它们都是受Cas服务器保护的,即请求它们时都需要通过Cas 服务器的认证.现在需要在App1中通过Http请求访问App2 ...

  3. nginx常用代理配置

    因为业务系统需求,需要对web服务作nginx代理,在不断的尝试过程中,简单总结了一下常见的nginx代理配置. 1. 最简反向代理配置 在http节点下,使用upstream配置服务地址,使用ser ...

  4. niginx代理配置

    常用关键词:rewrite.proxy_pass location ^~ /address/ { proxy_set_header Host xx.sohu.com; #设置header proxy_ ...

  5. apache 反向代理配置

    配置前资料检查: 1.可以使用的apache 安装apache服务:打开cmd , 在apache的bin目录下执行以下命令 httpd -k install -n apache2.2    其中&q ...

  6. nginx反向代理配置及优化

    nginx反向代理配置及优化前言: 由于服务器apache抗不住目前的并发.加上前端squid配置后,问题依然无法解决.而页面程序大部分是动态.无法使用fastcgi来处理.因此想使用nginx做为反 ...

  7. [转]3proxy 二级代理配置样例

    转自:http://www.cnblogs.com/airsong23/p/3893094.html 适应情况: 有时,我们的机器HOST-A只能通过代理服务器HOST-B才可以访问internet, ...

  8. 3proxy 二级代理配置样例

    适应情况: 有时,我们的机器HOST-A只能通过代理服务器HOST-B才可以访问internet, 而与我们相连的机器HOST-C也需要访问internet, 但是HOST-C却不能直接访问HOST- ...

  9. apache 反向代理配置(ubuntu)

    1.配置apache2的站点文件 cd /etc/apache2/site-avaliable sudo vim edy.conf 具体配置如下: # 反向代理配置 # 监听所有80端口的访问 < ...

随机推荐

  1. 面试题目——《CC150》排序与查找

    面试题11.1:给定两个排序后的数组A和B,其中A的末端有足够的缓冲空间容纳B.编写一个方法,将B合并入A并排序. package cc150.sort_search; public class Me ...

  2. 浅谈JSON

    JSON的全称是”JavaScript Object Notation”,意思是JavaScript对象表示法,它是一种基于文本,独立于语言的轻量级数据交换格式.XML也是一种数据交换格式,为什么没有 ...

  3. JavaScript闭包(Closure)学习笔记

    闭包(closure)是JavaScript语言的一个难点,也是它的特色,很多高级应用都要依靠闭包实现. 下面就是我的学习笔记,对于JavaScript初学者应该是很有用的. 一.变量的作用域 要理解 ...

  4. PHP定时备份MySQL,mysqldump语法大全

    几个常用操作: 1.备份 # 只导出表结构 d:/PHP/xampp/mysql/bin/mysqldump -h127.0.0.1 -P3306 -uroot -p123456 snsgou_sns ...

  5. Spring MVC+FreeMarker简介

    最近做项目,刚接触到SpringMVC与FreeMarker框架,就简单介绍一下自己的理解,不正确的地方请大家指教!! 1.Spring MVC工作原理: 用户发送请求--->前端服务器去找相对 ...

  6. JavaScript——基本的瀑布流布局及ajax动态新增数据

    本文用纯js代码手写一个瀑布流网页效果,初步实现一个基本的瀑布流布局,以及滚动到底部后模拟ajax数据加载新图片功能. 缺点: 1. 程序不是响应式,不能实时调整页面宽度: 2. 程序中当新增ajax ...

  7. How to install Shadow•socks in CentOS7

    Helps from: http://www.cmsky.com/shadowsocks-python-install/ http://shadowsocks.blogspot.jp/?m=1 wge ...

  8. web应用 http 响应 url uri

    动态web  应用结构 WEB-INF --classes --lib web.xml     响应:   url   uri

  9. CI 笔记一

    CodeIgniter 说明 CodeIgniter 是为PHP 开发人员提供的一套Web 应用程序工具包.它的目标是能 够让你比从零开始更加快速的完成项目,它提供了一套丰富的的类库来满足我们日常 的 ...

  10. 利用委托与Lambada创建和调用webapi接口

    前言 现在项目中用的是webapi,其中有以下问题:    1.接口随着开发的增多逐渐增加相当庞大. 2.接口调用时不好管理. 以上是主要问题,对此就衍生了一个想法: 如果每一个接口都一个配置文件来管 ...