为什么有Login ticket: 类似与Struts的token,防止当用户退出系统注销CAS凭证后,另外一个用户通过浏览器的回退按钮,一直到浏览器提示重新提交数据(用户名,密码等登陆数据)而成功登陆系统。由于Login ticket只能被验证一次,因此第二次通过浏览器后退而导致的数据提交,后台验证会失败。参考:
Why was the LoginTicket added?
为什么Cas要使用pgtIou:
What is the pgtIou used for?
Cas下用代理的基础步骤:
Proxy CAS Walkthrough
开发时,使用虚拟证书(不能用在生产环境): 1, 把DummySSLSocketFactory.java和DummyTrustManager.java放到src/edu/yale/its/tp/cas/util 2,把代码((HttpsURLConnection)uc).setSSLSocketFactory(new DummySSLSocketFactory()); 加到SecureURL.java类的URLConnection uc = u.openConnection(); 后面。参考:
How do I use a self-signed certificate?
为什么应该在Cas服务器启用Services Management Tool(SMT): Services Management Tool可以允许你锁定Cas,也能让你控制哪些服务能使用Cas。SMT链接:https://localhost:8443/cas/services/
参考:
What is Services Management?,
Why should I use the Services Management Tool? It seems like EFFORT to set up and deploy.
为什么要用HTTPS(Cas, Cas Client): 防止中间人攻击。参考:
Why should I require CAS to run over HTTPS, or the client applications to run over HTTPS?
CAS - FAQ(Login ticket 、pgtIou、代理、虚拟证书、Smt、Https)
猜你喜欢
转载自desert3.iteye.com/blog/1704570
今日推荐
周排行