以上配置完成後還有一點問題,就是cas client的配置完成後,登入A應用,然後登入B應用,需要重新認證.

仔細閱讀文件,發現原來jasig Cas不能支援非SSL方式的統一登入.實際上登入首頁上已經提示:

Non-secure Connection

You are currently accessing CAS over a non-secure connection. Single Sign On WILL NOT WORK. In order to have single sign on work, you MUST log in over HTTPS.

所以,還是老老實實的配置Tomcat7的SSL訪問吧,參考文章:http://www.blogjava.net/naruke/archive/2011/02/17/161551.html#344516

需要注意的是jdk7的keytools生成的證書有點問題,只能在jdk7的版本使用,只要求cas client的應用也必須基於jdk7開發才行.

而且,keytools居然有bug,不能支援帶空格的目錄,所以你要是把jdk裝再D:\Progam Files目錄下,你就等著報錯,而且莫明其妙.

0.cd D:\GreenProg\Java7\bin  

1.keytool -genkey -alias tomcat -keyalg RSA

輸入必要的證書資訊,第一項選擇域名,建議搞一個正規點的域名,例如:www.XXXX.com,

證書密碼:12345678

2.keytool -export -file D:/server.crt -alias tomcat

3.keytool -import -keystore D:\GreenProg\Java7/lib/security/cacerts -file d:/server.crt -alias tomcat

注意：輸入密碼時密碼為"changeit"，這是預設密碼。 

4.修改服務端Tomcat配置檔案，啟用SSL如下：

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="${user.home}/.keystore"
               keystorePass="12345678" />

此處,user.home是個系統變數,實際上win7的user.home是C:\Users\Administrator
然後,重新啟動Tomcat7

5.修改cas client的配置,A應用和B應用都需要修改,而且A,B應用都必須用jdk7,並且匯入證書

web.xml的修改

........

    <context-param>
        <param-name>serverName</param-name>
        <param-value>http://localhost:8180</param-value>
    </context-param>
 
 <filter>
  <filter-name>CAS Authentication Filter</filter-name>
  <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
  <init-param>
    <param-name>casServerLoginUrl</param-name>
    <param-value>https:// www.redcloudcas.com:8443/casweb/login</param-value>
  </init-param>

</filter>

  <filter>
    <filter-name>CAS Validation Filter</filter-name>
    <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
    <init-param>
        <param-name>casServerUrlPrefix</param-name>
        <param-value>https:// www.redcloudcas.com:8443/casweb</param-value>
    </init-param>

  </filter>
   
  <filter>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>CAS Validation Filter </filter-name>
    <url-pattern>/proxyCallback </url-pattern>
</filter-mapping>
      <filter-mapping>
        <filter-name>CAS Authentication Filter</filter-name>
        <url-pattern>/casFil/*</url-pattern>
    </filter-mapping>
     
    <filter-mapping>
        <filter-name>CAS Validation Filter</filter-name>
        <url-pattern>/casFil/*</url-pattern>
    </filter-mapping>
     
    <filter-mapping>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <url-pattern>/casFil/*</url-pattern>
    </filter-mapping>

..................

匯入證書語句

keytool -import -keystore D:\GreenProg\Java7/lib/security/cacerts -file d:/server.crt -alias tomcat

修改jdk目錄位置,證書必須是伺服器上一致的證書

重新啟動,clientA和clientB應用伺服器.

然後配置hosts檔案(windows的DNS配置檔案在:C:\Windows\System32\drivers\etc)

增加條目

10.2.17.235            www.redcloudcas.com

注意：條目與證書生成的時候的名字與姓氏是一致的，否則會導致java程式報錯。

然後,登陸應用A地址,應該提示輸入使用者名稱/密碼

再輸入應用B的訪問地址測試結果,正常結果無須再次輸入使用者名稱/密碼

6.注意只有cas server需要配置SSL, client A和B應用沒有必要配置SSL