CAS SSO

xwl1991

浏览: 12796 次
性别:
来自: 湖南

最近访客更多访客>>

flintsoft

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

博客分类：

Web技术
Web前端

CAS SSO

[仿写]

http://www.ja-sig.org/downloads/cas/cas-server-3.1.1-release.zip

http://www.ja-sig.org/downloads/cas-clients/cas-client-java-2.1.1.zip

deployerConfigContext.xml

	<!-- JDBC 执行SQL 通过数据库数据验证 -->
	<bean id="casDataSource"
		class="org.apache.commons.dbcp.BasicDataSource">
		<property name="driverClassName">
			<value>oracle.jdbc.driver.OracleDriver</value>
		</property>
		<property name="url">
			<value>jdbc:jdbc:oracle:thin:@192.168.89.28:1521:orcl</value>
		</property>
		<property name="username">
			<value>blog</value>
		</property>
		<property name="password">
			<value>password</value>
		</property>
	</bean>

	<bean id="passwordEncoder"     
			class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" autowire="byName">         
		<constructor-arg value="MD5"/>     
		</bean>

id="authenticationManager"

	<property name="authenticationHandlers">
			<list>
			 
				<bean
					class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
					p:httpClient-ref="httpClient" />
			 
				<!-- xwl 默认验证方法 
					<bean
					class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
				-->
				
				<!-- xwl Query Database Validation-->
				<bean
					class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
					<property name="dataSource" ref="casDataSource" />
					<property name="sql"
						value="select u.pwd from users u where lower(u.login) = lower(?)" />
					<property name="passwordEncoder"
						ref="passwordEncoder" />
				</bean>
				
				 <!-- xwl 添加新的 SSOAuthenticationHandler -->
				 <bean class="com.sso.SSOAuthenticationHandler">
				 </bean>
				  
			</list>
		</property>

2.配置authenticationManager中credentialsToPrincipalResolvers属性

注意：默认cas登录服务器没有把用户信息传到客户端中，所以要修改WEB-INF\view\jsp\protocol\2.0\casServiceValidationSuccess.jsp文件，增加

	<!-- 把用户信息传到客户端中 -->
<c:if test="${fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes) > 0}">
		<cas:attributes>
			<c:forEach var="attr" 
			items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}">
				<cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
			</c:forEach>
		</cas:attributes>
	</c:if>

3 ticketRegistry.xml

 <!-- Ticket Registry save cache-->
    <bean id="ticketRegistry" class="org.jasig.cas.ticket.registry.DefaultTicketRegistry" />
	<!-- XWL ticket JPA Save DB
	<bean id="ticketRegistry" class="org.jasig.cas.ticket.registry.JpaTicketRegistry">
        <constructor-arg index="0" ref="entityManagerFactory" />  
    </bean>  
       -->
    <bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">  
        <property name="dataSource" ref="dataSource"/>  
        <property name="jpaVendorAdapter">  
            <bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">  
                <property name="generateDdl" value="true"/>  
                <property name="showSql" value="true" />  
            </bean>  
        </property>  
        <property name="jpaProperties">  
            <props>  
                <prop key="hibernate.dialect">org.hibernate.dialect.OracleDialect</prop>
                <!--  
                <prop key="hibernate.hbm2ddl.auto">update</prop>
                 -->  
            </props>  
        </property>  
    </bean>  
  
    <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager"  
        p:entityManagerFactory-ref="entityManagerFactory" />  
  
    <tx:annotation-driven transaction-manager="transactionManager"/>  
  <!-- XWL ticket org.apache.commons.dbcp.BasicDataSource.class -->
    <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"  
        p:driverClassName="oracle.jdbc.driver.OracleDriver"  
        p:url="jdbc:oracle:thin:@192.168.29.28:1521:orcl"  
        p:password="blog"  
        p:username="password" />

4 cas-servlet.xml 修改authenticationViaFormAction配置变成

	<bean id="authenticationViaFormAction" class="org.jasig.cas.web.flow.AuthenticationViaFormAction"
		p:centralAuthenticationService-ref="centralAuthenticationService"
		
		p:formObjectClass="org.jasig.cas.authentication.principal.RememberMeUsernamePasswordCredentials"  
		p:formObjectName="credentials"  
    	p:validator-ref="UsernamePasswordCredentialsValidator"
    	
		p:warnCookieGenerator-ref="warnCookieGenerator" />

<!-- XWL Adition UsernamePasswordCredentialsValidator -->
	<!-- org.jasig.cas.authentication.principal.RememberMeUsernamePasswordCredentials 
		com.sso.SSOAuthCredentials-->
	<bean id="UsernamePasswordCredentialsValidator" class="org.jasig.cas.validation.UsernamePasswordCredentialsValidator" />

<bean id="UsernamePasswordCredentialsValidator" class="org.jasig.cas.validation.UsernamePasswordCredentialsValidator" />

修改ticketExpirationPolicies.xml，grantingTicketExpirationPolicy配置如下，注意时间要加大，不然session很容易过期，达不到remember me的效果。

	<bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.RememberMeDelegatingExpirationPolicy">  
	   <property name="sessionExpirationPolicy">  
	    <bean class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy">  
			<constructor-arg index="0" value="2592000000" />  
	    </bean>  
	   </property>  
	   <property name="rememberMeExpirationPolicy">  
	    <bean class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy">  
	           <constructor-arg index="0" value="2592000000" />  
	</bean>  
	</property>  
</bean>

在网络安全性较好，对系统安全没有那么高的情况下可以取消https验证，使系统更加容易部署。

1.修改ticketGrantingTicketCookieGenerator.xml

<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
		p:cookieSecure="false"
		p:cookieMaxAge="-1"
		p:cookieName="CASTGC"
		p:cookiePath="/cas" />

p:cookieSecure改成false，客户端web.xml中单独服务器的链接改成http

CASAuth.7z (59.6 KB)
下载次数: 0

CASDome2.7z (3 MB)
下载次数: 2

CASAuth_lib1.zip (4.5 MB)
下载次数: 0

CASAuth_lib2.zip (7.5 MB)
下载次数: 1

分享到：

Ldap AD

2014-07-22 08:54
浏览 506
评论(0)
分类:Web前端
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

CAS SSO

评论

发表评论

相关推荐

最近访客 更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

CAS SSO

评论

发表评论

相关推荐

apach shiro

Jquery Struts2 Upload File

Spring XFire 集成

c & fn 的一些用法

动态创建 table row cell ( insertRow ，insertCell )

JQuery JSON 循环

Struts2 Spring 集成 配置文件

最近访客更多访客>>

Struts2 Spring 集成配置文件