CAS 4.0 配置开发手冊
1 下载
cas-server-4.0.0-release.tar.gz
cas-client-3.3.3-release.tar.gz
2 配置
解压cas-server-4.0.0。将当中module/cas-server-webapp-4.0.0.war拷贝到Tomcat的webapps文件夹下,重命名为cas.war。启动Tomcat解开压缩。
2.1 CAS的HTTP模式与HTTPS设置
1)cas\WEB-INF\deployerConfigContext.xml。新增p:requireSecure="false" <bean id="proxyAuthenticationHandler" class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" p:requireSecure="false"/> 2)cas\WEB-INF\spring-configuration ticketGrantingTicketCookieGenerator.xml设置p:cookieSecure="false" warnCookieGenerator.xml设置p:cookieSecure="false" |
http://localhost:8080/cas。进入登录页面。
默认用户为casuser/Mellon,登录成功即配置完毕。
2.2 设置利用数据库来验证用户
需依赖:c3p0-0.9.1.2.jar。mysql-connector-java-5.1.21.jar。cas-server-support-jdbc-4.0.0.jar
cas\WEB-INF\deployerConfigContext.xml 1)更换验证方式 <!-- <bean id="primaryAuthenticationHandler" class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler"> <property name="users"> <map> <entry key="casuser" value="Mellon"/> </map> </property> </bean> --> <!-- Define the DB Connection --> <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" p:driverClass="com.mysql.jdbc.Driver" p:jdbcUrl="jdbc:mysql://127.0.0.1:3306/hztraffic?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull" p:user="root" p:password="root" /> <!-- Define the encode method--> <!--<bean id="passwordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" autowire="byName"> <constructor-arg value="MD5"/> </bean> --> <bean id="passwordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" c:encodingAlgorithm="MD5" p:characterEncoding="UTF-8" /> <bean id="dbAuthHandler" class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler" p:dataSource-ref="dataSource" p:sql="select password from hztraffic.user_data where name=? and used=1" p:passwordEncoder-ref="passwordEncoder"/> <!-- p:passwordEncoder-ref="passwordEncoder" --> 2)更换验证Handle <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> <constructor-arg> <map> <!-- | IMPORTANT | Every handler requires a unique name. | If more than one instance of the same handler class is configured, you must explicitly | set its name to something other than its default name (typically the simple class name). --> <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> <entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver" /> <!-- <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" /> --> </map> </constructor-arg> |
http://localhost:8080/cas,进入登录页面。
默认用户为casuser/Mellon,登录成功即配置完毕。
3 编译
3.1 Eclipse导入project
3.2 License文件设置
Failed goal com.mycila.maven-license-plugin
注意src文件夹与cas-server-webapp平级,此外,不论什么关于Sever文件的改动,文件头的License声明须要加入。
JSP/JS/CSS。否则编译检測通过不了。
<%-- Licensed to Jasig under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. Jasig licenses this file to you under the Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at the following location: http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --%> |
4 定制
4.1 登录/登出页面
4.2 同意退出后重定向
5 接入
5.1 WEB接入
5.1.1 非Spring模式
在ClientprojectWEB-INF/lib下加入cas-client-core-3.2.1.jar包。
改动web.xml例如以下:
<!-- ======================== 单点登录/登出 ======================== --> <!-- 该过滤器用于实现单点登出功能,可选配置。 --> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <!-- 该过滤器负责用户的认证工作,必须启用它 --> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://localhost:8443/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8080</param-value> </init-param> </filter> <!-- 该过滤器负责对Ticket的校验工作,必须启用它 --> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://localhost:8443/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8080</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> </filter> <!-- 该过滤器负责实现HttpServletRequest请求的包裹, 比方同意开发人员通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名。可选配置。 <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <!-- 该过滤器使得开发人员能够通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 比方AssertionHolder.getAssertion().getPrincipal().getName()。 --> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <!-- ======================== 单点登录/登出结束 ======================== --> |
如今执行Clientproject,首次訪问任一页面就会跳转到https://localhost:8443/cas/login进行认证。同一时候,把你的退出链接设置为:https://sso.wsria.com/cas/logout 就可以实现单点推出。
5.1.2 Spring方式
引用cas-client-core.jar
Web.xml。注意casSingleSignOutFilter必须位于最前面
<listener> </listener> <!-- ======================== 单点登录/登出 ======================== --> <filter> <filter-name>casSingleSignOutFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>casSingleSignOutFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>casAuthenticationFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>casAuthenticationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>casTicketValidationFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>casTicketValidationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>casHttpServletRequestWrapperFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>casHttpServletRequestWrapperFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>casAssertionThreadLocalFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>casAssertionThreadLocalFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- ======================== 单点登录/登出结束 ======================== --> |
appliationContext.xml
<bean class="org.jasig.cas.client.session.SingleSignOutFilter" <bean class="org.jasig.cas.client.authentication.AuthenticationFilter" p:casServerLoginUrl="http://localhost:9000/uq-w-cas/login" p:renew="false" p:gateway="false" <bean class="org.jasig.cas.client.validation.Cas10TicketValidationFilter" p:serverName="http://localhost:8080" p:redirectAfterValidation="true"> <property <bean <!-- 相应于casServerUrlPrefix --> <constructor-arg </bean> </property> </bean> <bean class="org.jasig.cas.client.util.HttpServletRequestWrapperFilter" <bean class="org.jasig.cas.client.util.AssertionThreadLocalFilter" |
页面
<% AttributePrincipal principal= (AttributePrincipal)request.getUserPrincipal(); String username = "i am username"; if(null!=principal){ username=principal.getName(); %> <h1>登录成功,这是client1啊</h1><br/> 用户名:<%=username <a <a <% } %> |
5.2 client
project依赖例如以下:
import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader; import java.util.ArrayList; import java.util.List; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.NameValuePair; import org.apache.http.client.entity.UrlEncodedFormEntity; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpPost; import org.apache.http.cookie.Cookie; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.message.BasicNameValuePair; import org.apache.http.protocol.HTTP; public //Cas server address static public //Login and get the cookie Cookie cookie = getTicketGrantingTicket(server, "13082838818"); if (cookie != System.out.println(cookie); } } private String username, String password) throws IOException { DefaultHttpClient client = new DefaultHttpClient(); HttpPost post = new HttpPost(server); //Login parameters List<NameValuePair> nvps = new ArrayList<NameValuePair>(); nvps.add(new BasicNameValuePair("username", username)); nvps.add(new BasicNameValuePair("password", password)); String[] dynamicPara = doCasLoginRequest(client, server); nvps.add(new BasicNameValuePair("lt", dynamicPara[0])); nvps.add(new BasicNameValuePair("execution", dynamicPara[1])); nvps.add(new BasicNameValuePair("_eventId", //Font Code post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8)); try { HttpResponse response = client.execute(post); HttpEntity entity = response.getEntity(); if (entity != //CASTGC: the default cookie name Cookie cookie = getCookieValue(client, entity.consumeContent(); return cookie; } } catch (Exception e) { e.printStackTrace(); } return } private String name) { List<Cookie> cookies = httpclient.getCookieStore().getCookies(); if (cookies.isEmpty()) { return } else { for (int i = 0; i < cookies.size(); i++) { Cookie cookie = cookies.get(i); if (cookie.getName().equalsIgnoreCase(name)) { return cookie; } } } return } //Simulate the login action and get the dynamic parameters private String url) throws IOException { String[] result = new String[2]; HttpGet httpget = new HttpGet(url); HttpResponse response = httpclient.execute(httpget); HttpEntity entity = response.getEntity(); BufferedReader rd = new BufferedReader(new InputStreamReader( entity.getContent(), "UTF-8")); String tempLine = rd.readLine(); String sLt = "<input type=\"hidden\" name=\"lt\" value=\""; String sEx = "<input type=\"hidden\" name=\"execution\" value=\""; while (tempLine != int iLt = tempLine.indexOf(sLt); int iEx = tempLine.indexOf(sEx); if (iLt != -1) { String s1 = tempLine.substring(iLt + sLt.length()); int index1 = s1.indexOf("\""); if (index1 != -1) result[0] = s1.substring(0, index1); } if (iEx != -1) { String s1 = tempLine.substring(iEx + sEx.length()); int index1 = s1.indexOf("\""); if (index1 != -1) result[1] = s1.substring(0, index1); } tempLine = rd.readLine(); } if (entity != entity.consumeContent(); } return result; } //Cookie convert private javax.servlet.http.Cookie javax.servlet.http.Cookie retCookie = new javax.servlet.http.Cookie( cookie.getName(), cookie.getValue()); retCookie.setComment(cookie.getComment()); retCookie.setDomain(cookie.getDomain()); retCookie.setHttpOnly(false); retCookie.setSecure(false); retCookie.setPath(cookie.getPath()); retCookie.setVersion(cookie.getVersion()); retCookie.setMaxAge((int) ((cookie.getExpiryDate().getTime() - System .currentTimeMillis()) / 1000)); return retCookie; } } |
部分图片未上传。如有须要,请给我留言。
CAS 4.0 配置开发手冊的更多相关文章
- CAS 4.0 配置开发手册(转)
转:http://blog.csdn.net/ahpo/article/details/46412859 1 下载 地址http://downloads.jasig.org/ cas-serve ...
- HapiJS开发手冊
HapiJS开发手冊 作者:chszs.转载需注明.博客主页:http://blog.csdn.net/chszs 一.HapiJS介绍 HapiJS是一个开源的.基于Node.js的应用框架,它适用 ...
- 阿里Java开发手冊之编程规约
对于程序猿来说,编程规范能够养成良好的编程习惯,提高代码质量,减少沟通成本.就在2月9号,阿里出了一份Java开发手冊(正式版),分为编程规约.异常日志.MySQL规约,project规约.安全规约五 ...
- Apache Mina开发手冊之四
Apache Mina开发手冊之四 作者:chszs,转载需注明. 博客主页:http://blog.csdn.net/chszs 一.Mina开发的主要步骤 1.创建一个实现了IoService接口 ...
- 谷歌Web中文开发手冊:3响应式
https://developers.google.com/web/fundamentals/getting-started/your-first-multi-screen-site/responsi ...
- Hadoop-2.4.0分布式安装手冊
文件夹 文件夹 1 1. 前言 2 2. 部署 2 2.1. 机器列表 2 2.2. 主机名 2 2.2.1. 暂时改动主机名 3 2.2.2. 永久改动主机名 3 2.3. 免password登录范 ...
- OBIEE开发手冊
Creating a Repository Using the Oracle BI 11g Administration Tool cid=5690&ssid=0">http: ...
- OAM配置代理手冊
创建webgate与ohs共享实例,copy文件到ohs实例文件夹. 1)进入webgage部署工具文件夹 Cd /%webgate_home%/webgate/ohs/tools ...
- Java开发手冊 Java学习手冊教程(MtJava开发手冊)
本文档的版权归MtJava文档小组全部,本文档及其描写叙述的内容受有关法律的版权保护,对本文档内容的不论什么形式的非法复制.泄露或散布.将导致对应的法律责任. MtJava仅仅是一个学习Java的简化 ...
随机推荐
- C# 利用反射进行类型转换
/// <summary> /// 父类转子类 /// </summary> /// <typeparam name="TParent">< ...
- Android本地消息推送
项目介绍:cocos2dx跨平台游戏 项目需求:实现本地消息推送,需求①:定点推送:需求②:根据游戏内逻辑实现推送(比如玩家体力满时,需要计算后到点推送):需求③:清理后台程序或重启后依然能够实现本地 ...
- Centos 安装配置iscsi
在测试oracle rac的时候用iscsi来模拟磁阵的(真的磁阵需要多路径软件),简单的记录下 #scsi server yum install scsi-target-utils service ...
- Eclipse中自动生成get/set时携带注释给get/set
Eclipse中自动生成get/set时携带注释给get/set 编码的时候通常要用到 JavaBean ,而在我们经常把注释写在字段上面,但生成的Get/Set方法不会生成,通过修改Eclips ...
- 1 TaskQueue 实现Task 队列
class Program { static void Main(string[] args) { List<Person> list = new List<Person>() ...
- python爬虫19 | 遇到需要的登录的网站怎么办?用这3招轻松搞定!
你好 由于你是游客 无法查看本文 请你登录再进 谢谢合作 当你在爬某些网站的时候 需要你登录才可以获取数据 咋整? 莫慌 小帅b把这几招传授给你 让你以后从容应对 那么 接下来就是 学习 python ...
- hdu 5175 Misaki's Kiss again
Misaki's Kiss again Accepts: 75 Submissions: 593 Time Limit: 2000/1000 MS (Java/Others) Memory L ...
- List多字段排序,orderBy,ThenBy
List排序问题,orderBy,ThenBy 1.List中一个字段排序 前几天做的项目中,获取的List<T>需要用某个字段来进行排序,困扰了很久.用OrderBy解决了.具体是这样的 ...
- HDU 3208 Integer’s Power
Integer’s Power Time Limit: 1000ms Memory Limit: 32768KB This problem will be judged on HDU. Origina ...
- oracle 增量备份恢复策略(基础知识)
EXP和IMP是Oracle提供的一种逻辑备份工具.逻辑备份创建数据库对 象的逻辑拷贝并存入一个二进制转储文件.这种逻辑备份需要在数据库启动的情况下使用, 其导出实质就是读取一个数据库记录集(甚至可以 ...