《权限系列shiro+cas》----Cas服务端的配置
来源:互联网 发布:域名价格最高 编辑:程序博客网 时间:2024/06/05 00:26
前言
- 小编用的casServer版本是4.0的,在4.0之后cas做了升级,据说变化很大,大家如果有兴趣可以到cas的官网查看。下面的所有操作都时在源码中cas文件夹中操作的。
源码地址
点击这里,去小编的GitHub上下载源码
去掉Https协议
小编做的项目是企业内部使用的,如果此项目放到外网上去访问,建议不要去掉https协议。下面是去掉https协议的教程。
到webapps\cas\WEB-INF\spring-configuration\warnCookieGenerator.xml
,找到如下配置
<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" p:cookieSecure="true" p:cookieMaxAge="-1" p:cookieName="CASPRIVACY" p:cookiePath="/cas"/>修改 p:cookieSecure="true" 为 p:cookieSecure="false"
- webapps\cas\WEB-INF\spring-configuration\ticketGrantingTicketCookieGenerator.xml,找到如下配置
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" p:cookieSecure="true" p:cookieMaxAge="-1" p:cookieName="CASTGC" p:cookiePath="/cas"/>修改 p:cookieSecure="true" 为 p:cookieSecure="false"
- webapps\cas\WEB-INF\deployerConfigContext.xml 文件 ,找到如下配置:
<bean id="proxyAuthenticationHandler" class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient"/>增加p:requireSecure="false"即HTTPS为不采用。修改后为: <bean id="proxyAuthenticationHandler"class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" p:requireSecure="false"/>
修改验证方式
- cas的服务端有默认的登录名密码,我们需要将其注释掉然后通过访问数据库校验用户名和密码。修改WEB-INF下的deployerConfigContext.xml 配置如下
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:c="http://www.springframework.org/schema/c" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util" xmlns:sec="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"> <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> <constructor-arg> <map> <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" /> </map> </constructor-arg> <property name="authenticationPolicy"> <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" /> </property> </bean> <!-- Required for proxy ticket mechanism. --> <bean id="proxyAuthenticationHandler" class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" p:requireSecure="false" /> <!-- 设置密码的加密方式,这里使用的是MD5加密 --> <bean id="passwordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" c:encodingAlgorithm="MD5" p:characterEncoding="UTF-8" /> <!-- 通过数据库验证身份,这个得自己去实现 --> <bean id="primaryAuthenticationHandler" class="com.distinct.cas.jdbc.QueryDatabaseAuthenticationHandler" p:dataSource-ref="dataSource" p:passwordEncoder-ref="passwordEncoder" p:sql="select password from t_user where account=? and status = 'active'" /> <!-- Required for proxy ticket mechanism --> <bean id="proxyPrincipalResolver" class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" /> <!-- | Resolves a principal from a credential using an attribute repository that is configured to resolve | against a deployer-specific store (e.g. LDAP). --> <bean id="primaryPrincipalResolver" class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" > <property name="attributeRepository" ref="attributeRepository" /> </bean> <!-- Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation may go against a database or LDAP server. The id should remain "attributeRepository" though. +--> <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao" p:backingMap-ref="attrRepoBackingMap" /> <util:map id="attrRepoBackingMap"> <entry key="uid" value="uid" /> <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> <entry key="groupMembership" value="groupMembership" /> </util:map> <!-- Sample, in-memory data store for the ServiceRegistry. A real implementation would probably want to replace this with the JPA-backed ServiceRegistry DAO The name of this bean should remain "serviceRegistryDao". +--> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" p:registeredServices-ref="registeredServicesList" /> <util:list id="registeredServicesList"> <bean class="org.jasig.cas.services.RegexRegisteredService" p:id="0" p:name="HTTP and IMAP" p:description="Allows HTTP(S) and IMAP(S) protocols" p:serviceId="^(https?|imaps?)://.*" p:evaluationOrder="10000001" /> </util:list> <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> <bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" /> <util:list id="monitorsList"> <bean class="org.jasig.cas.monitor.MemoryMonitor" p:freeMemoryWarnThreshold="10" /> <!-- NOTE The following ticket registries support SessionMonitor: * DefaultTicketRegistry * JpaTicketRegistry Remove this monitor if you use an unsupported registry. --> <bean class="org.jasig.cas.monitor.SessionMonitor" p:ticketRegistry-ref="ticketRegistry" p:serviceTicketCountWarnThreshold="5000" p:sessionCountWarnThreshold="100000" /> </util:list> <!-- 设置数据源 --> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName" value="com.mysql.jdbc.Driver"></property> <property name="url" value="jdbc:mysql://127.0.0.1:3306/itoo_test?useUnicode=true&characterEncoding=utf8"></property> <property name="username" value="root"></property> <property name="password" value="123456"></property> </bean></beans>
小结
- cas的登录校验大概就是这样,下一步就是更改cas的默认登录页了,我们可以将cas的默认登录页修改成自己公司的logo,下一篇文章介绍。
阅读全文
1 0
- 《权限系列shiro+cas》----Cas服务端的配置
- 《权限系列shiro+cas》----配置各个应用程序
- 《权限系列shiro+cas》----修改cas的默认登录页
- 《权限系列shiro+cas》----cas登录原理
- CAS-shiro 相关配置
- CAS 服务端配置
- cas服务端配置
- 《权限系列shiro+cas》---封装公共验证模块
- 第一章 cas服务端的简单配置
- CAS 服务端部署 部分配置
- cas系列(二)--cas单点登录配置
- 基于CAS实现单点登录(SSO):配置CAS服务端的数据库查询认证机制
- cas server 4.0 (CAS服务端) 与 Tomcat 配置
- cas客户端,shiro-cas整合
- shiro和cas集成下配置过滤器
- jeesite配置shiro与CAS认证
- 【cas】配置运行简单的cas程序
- cas-server的配置
- 作用域=执行环境
- MySQL的安装及卸载(附带MySQL网盘)
- JavaScript
- 设计模式之装饰器模式
- Android性能优化
- 《权限系列shiro+cas》----Cas服务端的配置
- 自定义适配器的总结
- 排序之堆排序
- MFC实现连连看一:开篇
- caffe中LetNet-5卷积神经网络模型文件lenet.prototxt理解
- C语言 收入与纳税计算
- Hikey和Hikey960非开源绘图库LIBGLE下载地址
- 解决mysql报错Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’
- Python3.X 爬虫实战缓存与持久化