转贴:/ja-net/archive//07/25/2608536.html
最近这两天在搞单点登录,第一次使用老出状况。以下是配置过程:
1、安全证书
A)、生成证书KeyStore
keytool -genkey -aliaspwd123 -keyalg RSA -keystore server.keystore
B)、导出证书
keytool -export -file client.crt -aliaspwd123 -keystore server.keystore
C)、在客户端导入证书
keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file client.crt -alias pwd123
2、配置服务器端Tomcat
1.修改server.xml
<Connector
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="keystore/server.keystore" keystorePass="pwd123"
clientAuth="false" sslProtocol="TLS"/>
CAS (Central Authentication Service)是Yale大学的ITS开发的一套JAVA实现的开源的SSO(single sign-on)的服务。该服务是以一个java web app(eg:cas.war)来进行服务
3、客户端添加测试应用
配置应用WEB.XML文件
<!-- SSO-Start -->
<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<param-value>:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<param-value>:8443/cas/proxyValidate</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value>localhost</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>*.html</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>*.htm</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>*.action</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
<!-- SSO-END -->
