CAS 5.3.2 集成OAUTH2.0
作者:互联网
CAS 5.3.2 集成OAUTH2.0
- 基于cas-overlay-template-5.3来构建war包,在pom.xml增加:
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-oauth-webflow</artifactId>
<version>${cas.version}</version>
</dependency>
2.所在目录执行mvn clean package 构建war包。
3. 在C:\Windows\System32\drivers\etc\hosts增加如下配置:
127.0.0.1 cas.demo.org
- 在WEB-INF\classes\application.properties增加如下配置:
cas.server.name=https://cas.demo.org:8443
cas.server.prefix=https://cas.demo.org:8443/cas
cas.tgc.secure=false
cas.serviceRegistry.initFromJson=true
4.集成SSO必须用https访问,且证书必须与域名匹配,所以生成证书中的CN必须与当前域名匹配(测试发现报错unable to find valid certification path to requested target,因此证书必须是可信任的,可以在阿里云中免费申请一个数字证书)。
cd %JAVA_HOME%\bin
keytool -genkey -alias cas -keyalg RSA -keysize 2048 -keypass 123456 -storepass 123456 -keystore C:\demo.keystore -dname "CN=*.demo.org,OU=casexample.com,O=casexample,L=casexample,ST=casexample,C=CN" -deststoretype pkcs12
5.将证书demo.keystore拷贝到tomcat的conf目录下,并配置tomcat证书。
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/demo.keystore" keystorePass="jpsoft"/>
6.在WEB-INF\classes\services中新增service-auth-all-10000003.json(注意serviceId需要与后续redirect_uri能匹配):
{
"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "helloworld",
"clientSecret": "123456",
"bypassApprovalPrompt": false,
"generateRefreshToken": false,
"serviceId" : "^(http|https|imaps)://.*",
"name" : "My OAuth service ",
"id" : 10000003,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
}
7.启动tomcat,在浏览器中访问:
获取code:
https://cas.demo.org:8443/cas/oauth2.0/authorize?response_type=code&client_id=helloworld&redirect_uri=http://www.baidu.com
获取accessToken:
https://cas.demo.org:8443/cas/oauth2.0/accessToken?grant_type=authorization_code&client_id=helloworld&client_secret=123456&code=OC-2-3M6BedCz7TLIz0rpJUm-uLzPoFBbPOO0&redirect_uri=http://www.baidu.com
access_token=AT-1-ty4OH9pVHfZJPvcG7foejTPIFyepmxP1&expires_in=28800
获取profile:
https://cas.demo.org:8443/cas/oauth2.0/profile?access_token=AT-1-ty4OH9pVHfZJPvcG7foejTPIFyepmxP1
标签:5.3,CAS,demo,cas,code,https,8443,org,OAUTH2.0 来源: https://blog.csdn.net/tomatozq/article/details/104054498