《权限系列shiro+cas》----Cas服务端的配置

前言

• 小编用的casServer版本是4.0的，在4.0之后cas做了升级，据说变化很大，大家如果有兴趣可以到cas的官网查看。下面的所有操作都时在源码中cas文件夹中操作的。

源码地址

点击这里，去小编的GitHub上下载源码

去掉Https协议

• 小编做的项目是企业内部使用的，如果此项目放到外网上去访问，建议不要去掉https协议。下面是去掉https协议的教程。

• 到webapps\cas\WEB-INF\spring-configuration\warnCookieGenerator.xml
  ，找到如下配置

<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"        p:cookieSecure="true"        p:cookieMaxAge="-1"        p:cookieName="CASPRIVACY"        p:cookiePath="/cas"/>修改  p:cookieSecure="true" 为 p:cookieSecure="false"

• webapps\cas\WEB-INF\spring-configuration\ticketGrantingTicketCookieGenerator.xml，找到如下配置

<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"        p:cookieSecure="true"        p:cookieMaxAge="-1"        p:cookieName="CASTGC"        p:cookiePath="/cas"/>修改  p:cookieSecure="true" 为 p:cookieSecure="false"

• webapps\cas\WEB-INF\deployerConfigContext.xml 文件 ，找到如下配置：

<bean id="proxyAuthenticationHandler" class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"          p:httpClient-ref="httpClient"/>增加p:requireSecure="false"即HTTPS为不采用。修改后为：  <bean id="proxyAuthenticationHandler"class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"          p:httpClient-ref="httpClient" p:requireSecure="false"/>

修改验证方式

• cas的服务端有默认的登录名密码，我们需要将其注释掉然后通过访问数据库校验用户名和密码。修改WEB-INF下的deployerConfigContext.xml 配置如下

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xmlns:p="http://www.springframework.org/schema/p"       xmlns:c="http://www.springframework.org/schema/c"       xmlns:tx="http://www.springframework.org/schema/tx"       xmlns:util="http://www.springframework.org/schema/util"       xmlns:sec="http://www.springframework.org/schema/security"       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd       http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">    <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">        <constructor-arg>            <map>                <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />                <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />            </map>        </constructor-arg>        <property name="authenticationPolicy">            <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />        </property>    </bean>    <!-- Required for proxy ticket mechanism. -->    <bean id="proxyAuthenticationHandler"          class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"          p:httpClient-ref="httpClient"           p:requireSecure="false"          />  <!-- 设置密码的加密方式，这里使用的是MD5加密 -->    <bean id="passwordEncoder"      class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"      c:encodingAlgorithm="MD5"      p:characterEncoding="UTF-8" />  <!-- 通过数据库验证身份，这个得自己去实现 -->    <bean id="primaryAuthenticationHandler"      class="com.distinct.cas.jdbc.QueryDatabaseAuthenticationHandler"      p:dataSource-ref="dataSource"      p:passwordEncoder-ref="passwordEncoder"      p:sql="select password from t_user where account=? and status = 'active'" />    <!-- Required for proxy ticket mechanism -->    <bean id="proxyPrincipalResolver"          class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />    <!--       | Resolves a principal from a credential using an attribute repository that is configured to resolve       | against a deployer-specific store (e.g. LDAP).       -->    <bean id="primaryPrincipalResolver"          class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" >        <property name="attributeRepository" ref="attributeRepository" />    </bean>    <!--    Bean that defines the attributes that a service may return.  This example uses the Stub/Mock version.  A real implementation    may go against a database or LDAP server.  The id should remain "attributeRepository" though.    +-->    <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"            p:backingMap-ref="attrRepoBackingMap" />    <util:map id="attrRepoBackingMap">        <entry key="uid" value="uid" />        <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />         <entry key="groupMembership" value="groupMembership" />    </util:map>    <!--     Sample, in-memory data store for the ServiceRegistry. A real implementation    would probably want to replace this with the JPA-backed ServiceRegistry DAO    The name of this bean should remain "serviceRegistryDao".    +-->    <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"            p:registeredServices-ref="registeredServicesList" />    <util:list id="registeredServicesList">        <bean class="org.jasig.cas.services.RegexRegisteredService"              p:id="0" p:name="HTTP and IMAP" p:description="Allows HTTP(S) and IMAP(S) protocols"              p:serviceId="^(https?|imaps?)://.*" p:evaluationOrder="10000001" />    </util:list>    <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />    <bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" />    <util:list id="monitorsList">      <bean class="org.jasig.cas.monitor.MemoryMonitor" p:freeMemoryWarnThreshold="10" />      <!--        NOTE        The following ticket registries support SessionMonitor:          * DefaultTicketRegistry          * JpaTicketRegistry        Remove this monitor if you use an unsupported registry.      -->      <bean class="org.jasig.cas.monitor.SessionMonitor"          p:ticketRegistry-ref="ticketRegistry"          p:serviceTicketCountWarnThreshold="5000"          p:sessionCountWarnThreshold="100000" />    </util:list>    <!-- 设置数据源 -->     <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">          <property name="driverClassName" value="com.mysql.jdbc.Driver"></property>          <property name="url" value="jdbc:mysql://127.0.0.1:3306/itoo_test?useUnicode=true&amp;characterEncoding=utf8"></property>          <property name="username" value="root"></property>          <property name="password" value="123456"></property>      </bean></beans>

小结

• cas的登录校验大概就是这样，下一步就是更改cas的默认登录页了，我们可以将cas的默认登录页修改成自己公司的logo，下一篇文章介绍。