鍥犱負宸ヤ綔闇瑕佹帴瑙﹀埌sso錛屾嵁鐭ョ洰鍓嶅鏁?/span>sso浣跨敤鑰墮瞾鐨?/span>cas瀹炵幇錛屼笖鍙戠幇浣跨敤cas鐪熺殑鏄緢綆鍗曞氨鍙互鍋氬嚭涓涓崟鐐圭櫥褰曠郴緇熸潵錛?/span>cas榪樻彁渚涗赴瀵岀殑鎵╁睍鍔熻兘錛屽浜庢墿灞曞姛鑳芥棩鍚庡啀緇嗙粏鐮旂┒錛岃繖閲屽彧浣跨敤cas鍋氫竴涓?/span>hello world鏉ヨ褰曟湰浜虹殑瀛︿範榪囩▼錛屽鏈夊垢琚珮浜虹湅鍒幫紝榪樻湜鎸囧嚭寮婄梾錛屼笉鍚濊祼鏁欍?/span>
鍦ㄤ嬌鐢?/span>cas涔嬪墠鏈濂藉鏁板瓧璇佷功鏈夋墍浜嗚В錛屼笉浜嗚В涔熸病鏈夊叧緋伙紝璺熺潃鎴戠殑姝ラ涔熶竴鏍峰彲浠ヨ窇鐨勯氥?/span>
鍑嗗宸ヤ綔
闇瑕佺殑鏂囦歡錛?/span>
ü Jdk6
ü Tomcat
ü cas-server-3.3.2
ü cas-client-3.1.9
璇佷功
涓嬮潰鏄?/span>keytool鍛戒護鐨勪竴浜涘父鐢ㄦ柟娉曪紝鍏堝湪榪欓噷璁よ瘑涓涓嬪畠浠紝涓浼氬効浼氱敤鐨勫埌銆?/span>
浣跨敤keytool鍛戒護鐢熸垚瀵嗛挜搴?/span>
keytool -genkey -alias tomcat -keyalg RSA -dname "CN=pcma, OU=vanceinfo, O=vanceinfo, L=haidian, S=beijing, C=CN" -keystore c:"keystore5.jks
CN錛氫富鏈哄悕
OU錛氱粍緇囧崟浣?/span>
O錛氱粍緇?/span>
L錛氬湴鍖?/span>
S錛氬煄甯?/span>
C錛氬浗瀹?br />
濡傛灉闇瑕佹寚瀹氬瘑閽ユ湁鏁堟湡錛屾坊鍔?validity 365鍗沖彲錛屽崟浣嶆槸澶╋紝濡傦細
keytool -genkey -alias tomcat -keyalg RSA -dname "xxxxx" -keystore xxxxx -validity 365
瀵煎嚭璇佷功
keytool -export -file c:/server5.crt -alias tomcat -keystore c:"keystore5.jks
灝嗚瘉涔﹀鍏ュ埌瀹㈡埛绔?/span>jdk
keytool -import -keystore "D:"Java"jdk1.6.0_14"jre"lib"security"cacerts" -file c:/server5.crt -alias tomcat
浠庡瘑閽ュ簱涓垹闄ゆ寚瀹氬埆鍚嶇殑璇佷功
keytool -delete -noprompt -alias tomcat -keystore E:"apache-tomcat-6.0.20_2"conf"keystore2.jks
鏌ョ湅瀵嗛挜搴撲腑鐨勮瘉涔?/span>
keytool -list -v -keystore c:"keystore5.jks
閰嶇疆tomcat
浣跨敤keytool鍛戒護鐢熸垚瀵嗛挜搴撱?/span>
閰嶇疆%tomcat_home%/conf/server.xml浣?/span>tomcat鏀寔SSL鍗忚錛屽茍鎸囧畾瀵嗛挜搴撱?/span>
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystorePass="mashiguang"
keystoreFile="${catalina.home}/conf/keystore5.jks"/>
閮ㄧ講cas server
瑙e帇緙?/span>cas-server-3.3.2-release.zip鏂囦歡錛屽湪modules鐩綍閲屾壘鍒?/span>cas-server-webapp-3.3.2.war鏂囦歡錛岃繖灝辨槸涓涓仛濂戒簡鐨?/span>cas鏈嶅姟绔紝鎴戜滑鍋氱殑sso helloword鍙互鐩存帴浣跨敤錛屽彧闇鎶?/span>cas-server-webapp-3.3.2.war鏀逛簡涓畝鍗曠偣鐨勫悕瀛楋紝濡?/span>cas.war錛岀劧鍚庨儴緗插埌tomcat鍗沖彲銆?/span>
嫻忚鍣ㄨ闂?/span>https://pcma:8443/cas錛屽鏋滄墦寮鏄劇ず鐨勬槸cas榛樿鐨勭櫥褰曢〉闈紝鍒欒〃紺烘湇鍔$宸查儴緗插畬姣曘?/span>
瀹㈡埛绔嬌鐢?/span>cas client
鏂板緩涓や釜web宸ョ▼錛岀敤浜庢ā鎷熷崟鐐圭櫥褰曠郴緇熶腑鐨勫鎴風錛屽茍灝?/span>cas-client-3.1.9"modules閲岀殑jar鍖呮斁鍒?/span>web宸ョ▼lib鐩綍涓嬶紝鏄富瑕佺殑鏄?/span>cas-client-core-3.1.9.jar鏂囦歡錛屾妸spring2.5涔熸斁鍒?/span>lib鐩綍涓嬨?/span>
Web.xml鏂囦歡
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/config/casContext.xml
</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- 璐熻矗鐢ㄦ埛璁よ瘉 -->
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<!-- CAS login 鏈嶅姟鍦板潃-->
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://pcma:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>renew</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>gateway</param-name>
<param-value>false</param-value>
</init-param>
<!-- 瀹㈡埛绔簲鐢ㄦ湇鍔″湴鍧-->
<init-param>
<param-name>serverName</param-name>
<param-value>http://pcma:8081</param-value>
</init-param>
</filter>
<!--璐熻矗Ticket鏍¢獙-->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>cas.validationfilter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
casContext.xml鏂囦歡
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<bean id="cas.validationfilter" class="org.jasig.cas.client.validation.Cas10TicketValidationFilter">
<property name="ticketValidator">
<ref bean="cas10TicketValidator"/>
</property>
<property name="useSession">
<value>true</value>
</property>
<!-- 瀹㈡埛绔簲鐢ㄦ湇鍔″湴鍧-->
<property name="serverName">
<value>http://pcma:8081</value>
</property>
<property name="redirectAfterValidation">
<value>true</value>
</property>
</bean>
<bean id="cas10TicketValidator" class="org.jasig.cas.client.validation.Cas10TicketValidator">
<!-- 榪欓噷鍙傛暟鏄?/span>cas鏈嶅姟鍣ㄧ殑鍦板潃-->
<constructor-arg index="0" value="https://pcma:8443/cas" />
</bean>
</beans>
鏂板緩index.jsp鏂囦歡
<body>
hello sso<br>
<a >sso2</a>榪欎釜鍦板潃鏄彟澶栦竴鍙版満鍣ㄤ笂鐨?/span>sso瀹㈡埛绔?/span>
</body>
涓婇潰鐨?/span>web.xml銆?/span>casContext.xml銆?/span>index.jsp鏄袱涓鎴風涓殑涓涓紝鍙︿竴涓鏍規嵁瀹為檯鎯呭喌淇敼銆?/span>
鏈鍚庝笉瑕佸繕璁板鎴風鐨?/span>jdk瑕佷嬌鐢?/span>keytool鍛戒護瀵煎叆璇佷功鏂囦歡銆?/span>
嫻嬭瘯
鍚姩tomcat錛屾祴璇曞櫒璁塊棶http://pcma:8081/sso錛屽嚭鐜?/span>cas鐧誨綍欏甸潰錛岃緭鍏ョ浉鍚岀殑鐢ㄦ埛鍚嶅拰瀵嗙爜鍗沖彲鐧誨綍錛岀櫥褰曟垚鍔熷悗欏甸潰鑷姩璺寵漿鍥?/span>http://pcma:8081/sso錛岃繖鏃剁偣鍑婚〉闈笂鐨?/span>sso2閾炬帴錛屽氨鍙互鑷姩鐧誨綍騫惰煩杞埌sso2搴旂敤銆?/span>
濡傛灉杈撳叆鐢ㄦ埛鍚嶅瘑鐮佸悗鎻愮ず涓嬮潰鐨勫紓甯革紝鏄洜涓洪儴緗插鎴風鐨?/span>jdk娌℃湁瀵煎叆璇佷功鏂囦歡鐨勫師鍥犮?/span>
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
婧愮爜
http://m.tkk7.com/Files/mashiguang/sso.zip
1,commons-email-1.1.jar
2,mail.jar
3,activation.jar
(鍦╳eb搴旂敤閲屽彧闇瑕乧ommons-email鍖?
鍙戦佺畝鍗曠殑鏂囧瓧閭歡:
SimpleEmail email = new SimpleEmail();email.setHostName("smtp.sina.com");email.setAuthentication("username", "password");//鍦ㄩ偖浠舵湇鍔″晢澶勬敞鍐岀殑鐢ㄦ埛鍚嶅拰瀵嗙爜email.addTo("mailTo@163.com");email.setFrom("username@sina.com", "alias");email.setCharset("UTF-8");//gbk鎴杇b2312,鍙鏀寔涓枃灝辮email.setSubject("title");email.setMsg("content");email.send();鍙戦佸甫闄勪歡鐨勯偖浠?
// Create the attachmentEmailAttachment attachment = new EmailAttachment();attachment.setPath("mypictures/john.jpg");attachment.setDisposition(EmailAttachment.ATTACHMENT);attachment.setDescription("Picture of John");attachment.setName("John");// Create the email messageMultiPartEmail email = new MultiPartEmail();email.setHostName("mail.myserver.com");email.setAuthentication("username", "password");email.addTo("jdoe@somewhere.org", "John Doe");email.setFrom("me@apache.org", "Me");email.setCharset("UTF-8");email.setSubject("The picture");email.setMsg("Here is the picture you wanted");// add the attachmentemail.attach(attachment);// send the emailemail.send();鍒涘緩澶氫釜EmailAttachment瀵硅薄,騫惰皟鐢∕ultiPartEmail.attach();灝卞彲浠ュ彂閫佸涓檮浠?
鍙戦丠TML鏍煎紡鐨勯偖浠?
鍙戦乭tml鏍煎紡鐨勯偖浠跺拰綆鍗曢偖浠剁殑鍖哄埆灝卞湪鍒涘緩HtmlEmail瀵硅薄
騫剁敤email.setHtmlMsg(String)鎴杄mail.setMsg(String)鎶婂惈鏈塰tml鏍囩鐨勫瓧絎︿覆璧嬬粰email瀵硅薄.
HtmlEmail瀵硅薄榪樻湁涓涓猻etTextMsg(String)鏂規硶,榪欎釜鏂規硶鍙傛暟閲岀殑html鏍囩浼氳褰撳仛鏅氬瓧絎﹀鐞?涓嶄細琚В鏋愭垚html鍏冪礌.
鏇磋緇嗗唴瀹瑰彲浠ョ湅apache commons-email鐨勭敤鎴鋒寚鍗?/a>.
Struts鏈韓鏈変竴濂楀畬鍠勭殑闃叉閲嶅鎻愪氦琛ㄥ崟鐨?strong>Token(浠ょ墝)鏈哄埗錛屼絾絎旇呯洰鍓嶇殑欏圭洰鑷啓鐨刦ramework娌℃湁鐢ㄥ埌Struts錛屾晠涔熷緱鑷啓闃叉鐢ㄦ埛鍥犱負鍚庨鎴栬呭埛鏂版潵閲嶅鎻愪氦琛ㄥ崟鍐呭鐨凾oken鏈哄埗銆備笉闅撅紝瀹規槗瀹炵幇銆?/p>
瀹炵幇鍘熺悊錛氫竴鑷存с俲sp鐢熸垚琛ㄥ崟鏃訛紝鍦ㄨ〃鍗曚腑鎻掑叆涓涓殣钘?lt;input>瀛楁錛岃瀛楁灝辨槸淇濆瓨鍦ㄩ〉闈㈢鐨則oken瀛楃涓詫紝鍚屾椂鎶婅瀛楃涓插瓨鍏ession涓傜瓑鍒扮敤鎴鋒彁浜よ〃鍗曟椂錛屼細涓騫舵彁浜よ闅愯棌鐨則oken瀛楃涓層傚湪鏈嶅姟鍣ㄧ錛屾煡鐪嬩笅鏄惁鍦╯ession涓惈鏈変笌璇oken瀛楃涓茬浉絳夌殑瀛楃涓層傚鏋滄湁錛岄偅涔堣〃鏄庢槸絎竴嬈℃彁浜よ琛ㄥ崟錛岀劧鍚庡垹闄ゅ瓨鏀句簬session绔殑token瀛楃涓詫紝鍐嶅仛姝e父涓氬姟閫昏緫嫻佺▼錛涘鏋滄病鏈夛紝閭d箞琛ㄧず璇ヨ〃鍗曡閲嶅鎻愪氦錛屽仛闈炴甯告祦紼嬪鐞嗭紝鍙互璀﹀憡鎻愮ず涔熷彲浠ヤ粈涔堜篃涓嶅仛銆?/p>
鐪嬩唬鐮併?/p>
棣栧厛鏄?strong>Token涓葷被銆傜被寰堢畝鍗曪紝鑰屼笖涓昏鏂規硶閮界粰doc娉ㄩ噴浜?/p>
/**//*
* blog: http://hi.baidu.com/bobylou* $Revision: 1.1 $* $Date: 2007/07/18 10:02:55 $* $Author: bobrow$
*/
package com.paizuo.framework.util;import java.util.ArrayList;import javax.servlet.http.HttpSession;public class Token 
{ private static final String TOKEN_LIST_NAME = "tokenList"; public static final String TOKEN_STRING_NAME = "token";
private static ArrayList getTokenList(HttpSession session) { Object obj = session.getAttribute(TOKEN_LIST_NAME); if (obj != null) { return (ArrayList) obj; } else { ArrayList tokenList = new ArrayList(); session.setAttribute(TOKEN_LIST_NAME, tokenList); return tokenList;
} } private static void saveTokenString(String tokenStr, HttpSession session) { ArrayList tokenList = getTokenList(session); tokenList.add(tokenStr); session.setAttribute(TOKEN_LIST_NAME, tokenList); } private static String generateTokenString(){ return new Long(System.currentTimeMillis()).toString(); } /** *//** * Generate a token string, and save the string in session, then return the token string. * * @param HttpSession * session * @return a token string used for enforcing a single request for a particular transaction. */ public static String getTokenString(HttpSession session) { String tokenStr = generateTokenString(); saveTokenString(tokenStr, session); return tokenStr; } /** *//** * check whether token string is valid. if session contains the token string, return true. * otherwise, return false. * * @param String * tokenStr * @param HttpSession * session * @return true: session contains tokenStr; false: session is null or tokenStr is id not in session */ public static boolean isTokenStringValid(String tokenStr, HttpSession session) { boolean valid = false; if(session != null){ ArrayList tokenList = getTokenList(session); if (tokenList.contains(tokenStr)) { valid = true; tokenList.remove(tokenStr); } } return valid; }}鎬庝箞浣跨敤錛?/font>
鍦╦sp欏甸潰绔?/strong>
棣栧厛import璇ョ被錛?/p>
<%@ page import="com.paizuo.framework.util.Token" %>
琛ㄥ崟鍖呭惈闅愯棌鐨則oken瀛楃涓?
<form><input type="hidden" name="<%=Token.TOKEN_STRING_NAME %>" value="<%=Token.getTokenString(session) %>"></form>
鍦⊿erver绔痑ction涓繘琛屾楠屻?/strong>
if(Token.isTokenStringValid(request.getParameter(Token.TOKEN_STRING_NAME), request.getSession())){//榪涜姝e父涓氬姟嫻佺▼}else{//榪涜闃查噸澶嶆彁浜ゅ鐞嗘祦紼?/span>}瀹屾瘯銆?/p>
鍦╳eb.xml閲屾坊鍔犲涓嬬殑閰嶇疆:
<servlet> <servlet-name>InvokerServlet</servlet-name> <servlet-class> org.apache.catalina.servlets.InvokerServlet </servlet-class> <init-param> <param-name>debug</param-name> <param-value>0</param-value> </init-param> <load-on-startup>-1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>InvokerServlet</servlet-name> <url-pattern>/servlet/*</url-pattern> </servlet-mapping><form name="f" method="post" action="/servlet/com.mashiguang.servlet.UserManagerService"> <input/> <submit/></form>