单点登录(Single Sign On),简称为SSO,是比较流行的企业业务整合的解决方案之一。SSO的定义是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。
下载项目
https://github.com/apereo/cas-overlay-template.git
# 构建项目(需要安装gradle环境)
gradlew.bat clean build
# 解压
gradlew.bat explodeWar
此时将会在bulid目录下生成一个cas-resources文件夹,我们把里面的文件全部拷贝到cas-overlay-template/src/main/resources,将/etc/cas/thekeystore也拷贝到该目录下
修改配置
application.properties
server.ssl.key-store=classpath:thekeystore
为了方便测试直接屏蔽了ssl,端口改成了8080
server.ssl.enabled=false
server.port=8080
在内嵌的Tomcat中运行cas
gradlew.bat run
启动完成后浏览器中打开(http://localhost:8080/cas/login)就可以访问了。
在登录也面输入用户名和密码:casuser/Mellon,出现界面表明cas已经部署成功。
修改build.gradle文件,加入mysql驱动配置
dependencies {
// Add modules in format compatible with overlay casModules property
if (project.hasProperty("casModules")) {
def dependencies = project.getProperty("casModules").split(",")
dependencies.each {
def projectsToAdd = rootProject.subprojects.findAll {project ->
project.name == "cas-server-core-{it}" || project.name == "cas-server-support-{it}"
}
projectsToAdd.each {implementation it}
}
}
// CAS dependencies/modules may be listed here statically...
implementation "org.apereo.cas:cas-server-webapp-init:{casServerVersion}"
implementation "org.apereo.cas:cas-server-support-json-service-registry:{casServerVersion}"
implementation "org.apereo.cas:cas-server-support-jdbc:{casServerVersion}"
implementation "org.apereo.cas:cas-server-support-jdbc-drivers:{casServerVersion}"
implementation "mysql:mysql-connector-java:8.0.22"
}
修改resources/application.properties文件,加入数据库连接配置
# 取消静态配置
# cas.authn.accept.users=casuser::Mellon
# cas.authn.accept.name=Static Credentials
# 本地的数据库配置信息
cas.authn.jdbc.query[0].url=jdbc:mysql://localhost:3306/ry?serverTimezone=UTC&allowMultiQueries=true
cas.authn.jdbc.query[0].user=root
cas.authn.jdbc.query[0].password=password
cas.authn.jdbc.query[0].sql=select password from sys_user where login_name= ?
cas.authn.jdbc.query[0].fieldPassword=password
cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
cas.authn.jdbc.query[0].passwordEncoder.type=DEFAULT
cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8
cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5
修改resources/application.properties开启识别json
# 开启识别json文件配置
cas.tgc.secure=false
cas.service-registry.init-from-json=true
cas.service-registry.json.location=classpath:/services
修改services/HTTPSandIMAPS-10000001.json,加入http
{
"@class": "org.apereo.cas.services.RegexRegisteredService",
"serviceId": "^(https|http|imaps)://.*",
"name": "HTTPS and IMAPS",
"id": 10000001,
"description": "This service definition authorizes all application urls that support HTTPS and IMAPS protocols.",
"evaluationOrder": 10000
}
<!-- pac4j安全引擎 -->
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-cas</artifactId>
<version>3.0.2</version>
</dependency>
<dependency>
<groupId>io.buji</groupId>
<artifactId>buji-pac4j</artifactId>
<version>4.0.0</version>
</dependency>
插件相关包和代码实现ruoyi/集成cas实现单点登录认证.zip
链接: https://pan.baidu.com/s/13JVC9jm-Dp9PfHdDDylLCQ
提取码: y9jt
测试单点登录访问请求,是否正常登陆以及退出,同时能访问多个不同系统。
powered by kaifamiao