Cas Server配置说明

企业开发 2018-05-12 04:27:33 阅读次数: 0

由于项目由多个应用组成,因此需要采用SSO。参考SSO开源软件,最终采用cas 耶鲁开源系统,该系统使用比较广泛,有问题可以进行结合网上教程使用。

1.下载cas server 版本 cas-server-3.5.1-release.zip

2.解压 cas-server-3.5.1-release.zip,把 cas-server-webapp导入myeclipse。

3.把cas-server-core的源文件也导入myeclipse,和第二步合同一个工程

4.把cas-server-webapp-3.5.1.war中的内容导入到工程的webroot下面

5.把webroot的classes的配置文件放到新的src目录下面

6.由于不采用https方式,需要修改配置文件

WEB-INF/deployerConfigContext.xml

< bean class = "org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"     p:httpClient-ref = "httpClient" />

增加参数 p:requireSecure="false" ,是否需要安全验证,即 HTTPS , false 为不采用 如下:

< bean class = "org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref = "httpClient" p:requireSecure= "false" />

 

WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml 

 

< bean id = "ticketGrantingTicketCookieGenerator" class = "org.jasig.cas.web.support.CookieRetrievingCookieGenerator"

       p:cookieSecure = false "

       p:cookieMaxAge = "-1"

       p:cookieName = "CASTGC"

 

       p:cookiePath = "/cas" />

 

WEB-INF\spring-configuration\warnCookieGenerator.xml

 

< bean id = "warnCookieGenerator" class = "org.jasig.cas.web.support.CookieRetrievingCookieGenerator"

       p:cookieSecure = false "

       p:cookieMaxAge = "-1"

       p:cookieName = "CASPRIVACY"

 

       p:cookiePath = "/cas" />

 

7.添加数据库验证用户名和密码

在WEB-INF/spring-configuration/applicationContext.xml添加

<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">

<property name="driverClassName"  value="com.mysql.jdbc.Driver"></property>   

<property name="url" value="jdbc:mysql://10.18.11.100:3306/rm?autoReconnect=true"></property>    

<property name="username" value="root"></property>   

<property name="password" value="111111"></property>   

</bean>

 

<bean id="loginMonitor" class="com.inspur.sso.LoginMonitor" p:dataSource-ref="dataSource" />

<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">

        <property name="dataSource" ref="dataSource"/>

 

    </bean>

8.在WEB-INF\deployerConfigContext.xm添加自定义验证类

<property name="authenticationHandlers">

<list>

<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"

p:httpClient-ref="httpClient" />

<bean class="com.zhb.sso.Auth" >

<property name="jdbcTemplate" ref="jdbcTemplate"/>

</bean>

</list>

</property>

9.Auth方法:

public class Auth extends AbstractUsernamePasswordAuthenticationHandler {

	private JdbcTemplate jdbcTemplate;
		
	public JdbcTemplate getJdbcTemplate() {
		return jdbcTemplate;
	}

	public void setJdbcTemplate(JdbcTemplate jdbcTemplate) {
		this.jdbcTemplate = jdbcTemplate;
	}

	@Override
	protected boolean authenticateUsernamePasswordInternal(
			UsernamePasswordCredentials credentials)
			throws AuthenticationException {
		// TODO Auto-generated method stub
		
		final String username = credentials.getUsername();
        final String password = credentials.getPassword();
        
        String sql="select * from user where USER_ID=? and PASSWORD=?";
        List list=jdbcTemplate.queryForList(sql, new String[]{username,password});
        if(list!=null&&list.size()>0){
        	Map map=(Map)list.get(0);
        	log
            .debug("User [" + username
                + "] was successfully authenticated.");
        	System.out.println(map.get("USER_NAME"));
        	return true;
        }else{
        	return false;
        }
        

	}

}

cas客户端配置

1.新建新的web工程test

添加cas-client-core-3.2.1.jar及相关jar包

修改web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
	http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

	<filter>
		<filter-name>CAS Authentication Filter</filter-name>
		<filter-class>
			org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
		<init-param>
			<param-name>casServerLoginUrl</param-name>
			<param-value>
    http://localhost:8090/casserver/login
    </param-value>
		</init-param>
		<init-param>
			<param-name>renew</param-name>
			<param-value>false</param-value>
		</init-param>
		<init-param>
			<param-name>gateway</param-name>
			<param-value>false</param-value>
		</init-param>
		<init-param>
			<param-name>serverName</param-name>
			<param-value>http://localhost:8090</param-value>
		</init-param>
	</filter>

	<filter>
		<filter-name>CAS Validation Filter</filter-name>
		<filter-class>
			org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
		<init-param>
			<param-name>casServerUrlPrefix</param-name>
			<param-value>http://localhost:8090/casserver</param-value>
		</init-param>
		<init-param>
			<param-name>serverName</param-name>
			<param-value>http://localhost:8090</param-value>
		</init-param>
		<init-param>
			<param-name>useSession</param-name>
			<param-value>true</param-value>
		</init-param>
		<init-param>
			<param-name>redirectAfterValidation</param-name>
			<param-value>true</param-value>
		</init-param>
	</filter>

	<filter>
		<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
		<filter-class>
			org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
	</filter>

	<filter>
		<filter-name>CAS Assertion Thread Local Filter</filter-name>
		<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
	</filter>

	<!-- 填写退出的URL -->
	<context-param>
		<param-name>casServerLogoutUrl</param-name>
		<param-value>http://localhost:8090/casserver/logout</param-value>
	</context-param>
	<!-- 重新登录回调地址 -->
	<context-param>
             <param-name>serverName</param-name>
             <param-value>http://localhost:8090/test</param-value>
    </context-param>
	<!--单点退出配置-->
	<listener>
		<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
	</listener>
	<filter>
		<filter-name>CAS Single Sign Out Filter</filter-name>
		<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>CAS Single Sign Out Filter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<filter-mapping>
		<filter-name>CAS Authentication Filter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<filter-mapping>
		<filter-name>CAS Validation Filter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<filter-mapping>
		<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<filter-mapping>
		<filter-name>CAS Assertion Thread Local Filter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<welcome-file-list>
		<welcome-file>index.jsp</welcome-file>
	</welcome-file-list>
</web-app>

 编写index.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ page import="org.jasig.cas.client.authentication.AttributePrincipal" %> 
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'index.jsp' starting page</title>
	<meta http-equiv="pragma" content="no-cache">
	<meta http-equiv="cache-control" content="no-cache">
	<meta http-equiv="expires" content="0">    
	<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
	<meta http-equiv="description" content="This is my page">
	<!--
	<link rel="stylesheet" type="text/css" href="styles.css">
	-->
  </head>
  
  <body>
    <% 
AttributePrincipal principal = (AttributePrincipal)request.getUserPrincipal();    
String username = principal.getName(); 
%> 
<% if(null!=username){ %> 
    <h2>Hello <%=username %> !</h2> 
    <a      href="${pageContext.request.contextPath}/logout.jsp" >logout</a>  
<% }%> 
  </body>
</html>

 退出logout.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'logout.jsp' starting page</title>
    
	<meta http-equiv="pragma" content="no-cache">
	<meta http-equiv="cache-control" content="no-cache">
	<meta http-equiv="expires" content="0">    
	<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
	<meta http-equiv="description" content="This is my page">
	<!--
	<link rel="stylesheet" type="text/css" href="styles.css">
	-->

  </head>
  
  <body>
   <%  
session.invalidate();  
response.sendRedirect(application  
.getInitParameter("casServerLogoutUrl")  
+ "?service="  
+ application.getInitParameter("serverName") + "/index.jsp");  
%> 
  </body>
</html>

在浏览器中输入:http://localhost:8090/test进行测试

注意:AuthenticationManagerImpl 所有的验证hander类型都在此类中进行调用,代理类。

猜你喜欢

转载自zhb01.iteye.com/blog/2020248
今日推荐
《美国对全球网络空间安全与发展的威胁和破坏》报告发布
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
周排行
让自己的头脑极度开放
CentOS 6.5(x64) 和Redhat6.5操作系误删libc
高可用注册中心
【日记】12.28/【题解】AtCoder AGC041
XML(5)_XML 约束_DTD
Java集合Map(四)
树梅派安装桌面环境教程
pipenv 的 使用和安装
小程序白屏问题和内存研究
C语言简单选择排序
每日归档
更多
2024-05-02(0)
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022