知道了!
这里是完整的有关如何启用CAS REST API并能够通过JAVA REST客户端连接到它以使他人受益的解决方案
Here is the complete solution on how to enable CAS REST API and be able to connect to it via JAVA REST client to benefit others
- 获取CAS源代码。 / li>
- 查看这篇文章
- 像#2中的文章所建议的那样,在pom.xml中添加以下内容
< dependency>
< groupId> org.jasig.cas< / groupId>
< artifactId> cas-server-integration-restlet< / artifactId>
< version> $ {cas.version}< / version>
< type> jar< / type>
< / dependency>
- 确保在pom.xml中添加以下内容以避免出现Spring罐子碰撞。就我而言,cas-server-integration-restlet依赖于spring-web,默认情况下,Spring-web使用的是Spring-web。因此,我明确定义了
< dependency>
< groupId> org.springframework< / groupId>
< artifactId> spring-web< / artifactId>
< version> 3.1.1.RELEASE< / version>
< / dependency>
- 编译您的cas代码。应该在目标文件夹中找到cas.war。
- 将其上传到您的服务器,更改tomcat的权限,等待其部署
- 在CATALINA / conf查找server.xml并取消注释8443端口配置,以便我们的服务器允许SSL连接。另外,在此处指定您的证书。
- 现在导航至分解后的cas.war文件,并深入到WEB-INF文件夹以找到deployerConfigContext.xml文件。指定将用于身份验证的CAS。就我而言,我使用了LDAP。
- 在上面每篇文章的web.xml中添加以下内容
- Compile your cas code. Should get cas.war in your target folder.
- Upload it to your server, change permissions to tomcat and wait for it to get deployed
- In CATALINA/conf find server.xml and uncomment 8443 port configuration so that our sever will allow SSL connections. Also, specify your certs in here.
- Now navigate to exploded cas.war file and drill down to WEB-INF folder to find deployerConfigContext.xml file. Specify what CAS would use to authenticate. In my case, I used LDAP.
- Add following to web.xml per article above
< ; servlet>
< servlet-name> restlet< / servlet-name>
< servlet-class> com.noelios.restlet.ext.spring.RestletFrameworkServlet< / servlet-class>
<启动时加载> 1< /启动时加载>
< / servlet>
< servlet-mapping>
< servlet-name> restlet< / servlet-name>
< url-pattern> / v1 / *< / url-pattern>
< / servlet-mapping>
- 重新启动tomcat以使更改生效。
- 测试是否可以通过标准CAS UI登录:
https:// server:8443 / cas / login
- 测试REST API是通过以下方式公开的:
https:// server:8443 / cas / v1 / tickets
- 现在,让我们连接到它。我使用了此示例代码。确保提供正确的链接和用户名/密码
- 当我尝试按原样运行代码时,它抱怨原因:javax.net.ssl.SSLHandshakeException:sun.security.validator .ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到到请求目标的有效证书路径。基本上是要求您安装证书。如果您有权访问服务器,则将其复制过来。如果没有,我发现此代码,如果您没有访问权限或太懒惰,它将为您完成安装:)
- 现在,如果您使用有效的凭据运行JAVA CAS Client,您应该会看到像
- Restart tomcat for changes to take effect.
- Test that you can log in via standard CAS UI:
https://server:8443/cas/login
- Test that REST API was exposed via:
https://server:8443/cas/v1/tickets
- Now let's connect to it. I used this sample code. Make sure to give correct links and username/password
- When I tried running the code as is, it complained about "Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target". Basically asking you to install certs. If you have the access to the server, just copy it over. If not, I found this code that will take care of the installation for you if you dont have access or just too lazy :)
- Now, if you run the JAVA CAS Client with valid credentials you should see something like
201
https://server_name:8443/cas/v1/tickets/TGT-4-rhVWLapYuOYi4InSEcmfNcABzaLMCPJgGIzlKqU1vb50zxb6pp-server_name
Tgt is : TGT-4-rhVWLapYuOYi4InSEcmfNcABzaLMCPJgGIzlKqU1vb50zxb6pp-server_name.ndev.coic.mil
Service url is : service=https%3A%2F%2Fmyserver.com%2FtestApplication
https://server_name:8443/cas/v1/tickets/TGT-4-rhVWLapYuOYi4InSEcmfNcABzaLMCPJgGIzlKqU1vb50zxb6pp-server_name
Response code is: 200
200
ST-4-BZNVm9h6k3DAvSQe5I3C-server_name
- 您可以看到200个代码和票。如果要查看服务器上的cas日志,应该会看到有关成功加密和票证生成的消息。
- 将用户名/密码更改为一些虚拟数据,然后尝试运行代码。您将收到400错误消息,这意味着访问权限被拒绝。
成功!