@15311494814
2018-04-13T07:30:14.000000Z
字数 5621
阅读 1305
cas 整合jira 安装教程
avatar
前言:当前原型jira 版本为7.8.0,cas 版本为5.2.7。
cas 5.x版本使用spring boot + maven 或着spring boot + gradle ,区别于5以前的springmvc配置
由于目前网上新版本的教程非常少,具体配置又由于新版本的使用有所差别,因此,编写了此教程记录个人学习体会和教程记录。
参考文章:[https://github.com/apereo/java-cas-client#atlassian-integration]
cas整合jira实现思路
- cas的客户端实现是依靠在客户端配置cas的过滤器和监听器来实现的,并配置在首位,用于监听子系统的session和收取cas server发过来的命令。
- jira有自己本身的用户登录登出的验证机制,jira的登录主要依靠认证器
com.atlassian.jira.security.login.JiraSeraphAuthenticator来进行认证。 - 那么在jira的配置文件中配置cas的客户端依赖,并替换掉jira的认证器即可实现cas的整合,cas官方已经提供了相关的jar包和配置说明
操作说明
JIRA_HOME:
war/jar格式: ${install_url}/webapp
安装文件格式: ${install_url}/JIRA Software
本教程使用安装文件格式,安装install_url目录如下:
导入相关依赖包:
配置web.xml:
配置
JIRA_HOME/atlassian-jira/WEB-INF下的web.xml,加入cas client的相关监听和过滤器,放在首位
<!-- 单点登出的监听器放在第一位 --><listener><listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class></listener><!-- 单点登出的过滤器,用于单点登出,放在第二位 --><filter><filter-name>CAS Single Sign Out Filter</filter-name><filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class><init-param><param-name>casServerUrlPrefix</param-name> <!--casServerUrlPrefix配置cas server的地址--><param-value>https://iquantex.com:8445/cas</param-value></init-param></filter><!-- cas 的认证过滤器,用于校验用户是否登录cas client没有登录则跳转到cas server的login --><filter><filter-name>CAS Authentication Filter</filter-name><!--<filter-class>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class>--><filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class><init-param><param-name>casServerLoginUrl</param-name> <!--casServerLoginUrl配置cas server的login页面地址--><param-value>https://iquantex.com:8445/cas/login</param-value></init-param><init-param><param-name>serverName</param-name> <!-serverName 配置cas client的地址---><param-value>http://localhost:8089</param-value></init-param></filter><!-- cas 的ticket认证过滤器,用于提交ticket到cas sever进行校验,教养成功变获得了用户信息 --><filter><filter-name>CAS Validation Filter</filter-name><!--<filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>--><filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class><init-param><param-name>casServerUrlPrefix</param-name><param-value>https://iquantex.com:8445/cas</param-value></init-param><init-param><param-name>serverName</param-name><param-value>http://localhost:8089</param-value></init-param><init-param><param-name>redirectAfterValidation</param-name><param-value>true</param-value></init-param><init-param><param-name>useSession</param-name><param-value>true</param-value></init-param></filter><!-- 使用request.getUserPrincipal()来获取用户信息 --><filter><filter-name>CAS HttpServletRequest Wrapper Filter</filter-name><filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class></filter><filter-mapping><filter-name>CAS Single Sign Out Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CAS Validation Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CAS Authentication Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CAS HttpServletRequest Wrapper Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
配置seraph-config.xml:
进入
JIRA_HOME/atlassian-jira/WEB-INF/classes:
配置seraph-config.xml
修改url:<init-param><param-name>login.url</param-name><!-- 注释掉本身的jira登录地址 --><!-- <param-value>/login.jsp?permissionViolation=true&os_destination=${originalurl}&page_caps=${pageCaps}&user_role=${userRole}</param-value> --><!-- 修改默认的登录地址为cas server的login地址 --><param-value>https://iquantex.com:8445/cas/login?service=${originalurl}</param-value><!--<param-value>http://sso.mycompany.com/login?redirectTo=${originalurl}</param-value>--></init-param><init-param><param-name>link.login.url</param-name><!-- 注释掉本身的jira 的link.login.url地址 --><!-- <param-value>/login.jsp?os_destination=${originalurl}</param-value> --><!-- 修改为cas server的login地址 --><param-value>https://iquantex.com:8445/cas/login?service=${originalurl}</param-value><!--<param-value>/secure/Dashboard.jspa?os_destination=${originalurl}</param-value>--><!--<param-value>http://sso.mycompany.com/login?redirectTo=${originalurl}</param-value>--></init-param><init-param><!-- URL for logging out.- If relative, Seraph just redirects to this URL, which is responsible for calling Authenticator.logout().- If absolute (eg. SSO applications), Seraph calls Authenticator.logout() and redirects to the URL--><param-name>logout.url</param-name><!-- 注释掉jira本身的logour地址 --><!-- <param-value>/secure/Logout!default.jspa</param-value> --><!-- 修改为cas serverlogout地址 --><param-value>https://iquantex.com:8445/cas/logout</param-value><!--<param-value>http://sso.mycompany.com/logout</param-value>--></init-param>
修改authenticator:<!-- <authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/> --><!-- 将jira本身的认证器authenticator注释掉,替换为cas 提供的认证器 --><authenticator class="org.jasig.cas.client.integration.atlassian.Jira44CasAuthenticator"/>
注意事项:
- 查看
cas-client-integration-atlassian.jar源码可知在JIRA 4.4之后认证器需要配置Jira44CasAuthenticator,而不是官网所写的JiraCasAuthenticator,由于官网没有说明,导致在此浪费了很多时间.- jira本身自带了jre,为了支持ssl,需要将cas server生成的jdk证书导入到jira目录下的jre中。ssl的证书具体百度,也可以参考我的这篇文章:
cas5.2.7安装及部署[https://www.jianshu.com/p/a8f84df086a6]
