josso for tomcat配置 step by step
来源:互联网 发布:神经网络数据集 编辑:程序博客网 时间:2024/05/17 21:55
for tomcat 5.0.x 配置 step by step
josso(Java Open Single Sign-On)是一个开源的基于J2EE的单点登录(SSO - Single Sign-On)架构,他提供了针对web应用的集中用户验证机制。相关文档及下载请访问www.josso.org。
本文简单介绍了在tomcat 5.0.x环境下如何配置及应用josso架构。
1、配置文件
josso的几个主要的配置文件如下:
josso-config.xml
[php]<?xml version="1.0" encoding="ISO-8859-1" ?>
<configuration>
<hierarchicalXml fileName="josso-agent-config.xml"/>
<!-- 指定josso-agent-config.xml文件 -->
</configuration>[/php]
josso-agent-config.xml
配置在josso控制下的web应用。
[php]<?xml version="1.0" encoding="ISO-8859-1"?>
<agent>
<class>org.josso.tc50.agent.CatalinaSSOAgent</class>
<!--class>org.josso.tc55.agent.CatalinaSSOAgent</class-->
<!--class>org.josso.jb32.agent.JBossCatalinaSSOAgent</class-->
<!--class>org.josso.jb4.agent.JBossCatalinaSSOAgent</class-->
<!-- Login/Logout URLs -->
<gatewayLoginUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginUrl>
<gatewayLogoutUrl>http://localhost:8080/josso/signon/logout.do</gatewayLogoutUrl>
<!--gatewayLoginErrorUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginErrorUrl-->
<!--
Usefull when working in N-Tier modes behind a reverse proxy or load balancer
Here you should place the reverse proxy or load balancer base URL.
Note : When using this options, the gatewayLoginURL and gatewayLogoutURL should also point to this host.
<singlePointOfAccess>http://reverse-proxy-host:8080</singlePointOfAccess>
<gatewayLoginUrl>http://reverse-proxy-host:8080/josso/signon/login.do</gatewayLoginUrl>
<gatewayLogoutUrl>http://reverse-proxy-host:8080/josso/signon/logout.do</gatewayLogoutUrl>
-->
<!-- Mininum interval between sso session access , in milliseconds -->
<sessionAccessMinInterval>1000</sessionAccessMinInterval>
<!-- JOSSO Agent service locator configuration -->
<service-locator>
<class>org.josso.gateway.WebserviceGatewayServiceLocator</class>
<endpoint>localhost:8080</endpoint>
<!-- Associate an identity to SOAP messages
<username>wsclient</username>
<password>wsclientpwd</password>
-->
<!-- Enabled SSL on the SOAP circuit.
<transportSecurity>confidential</transportSecurity>
-->
</service-locator>
<!--
JOSSO Parnter application definicions :
Configure all web applications that should be a josso partner application within this server.
For each partner application you have to define the propper web-context.
-->
<partner-apps>
<partner-app>
<context>/partnerapp</context>
<!-- This is an optional feature :
You can reference any web resource collection that should not be subject to SSO protection.
The SSO agent will not provide identity nor demand authentication to requests matching the
security constraint associated to this web resource collections.
In order to work, the security constraint must not contain auth-constraints declarations.
See sample web.xml file from josso partnerapp.
<security-constraint>
<ignore-web-resource-collection>public-resources</ignore-web-resource-collection>
</security-constraint>
-->
</partner-app>
<partner-app>
<context>/josso_client</context>
</partner-app>
<!-- Root context protection
<partner-app>
<context>/</context>
</partner-app>
-->
</partner-apps>
</agent>[/php]
上述配置文件要放到CATALINA_HOME/bin目录下
[注]:CATALINA_HOME即tomcat安装目录,如“C:/jakarta-tomcat-5.0.28”。
2、tomcat启动文件的配置
在 catalina.bat 中增加如下代码
[php]rem Added by JOSSO
set JAVA_OPTS=-Djava.security.auth.login.config=../conf/jaas.conf[/php]
将 jaas.conf 文件拷贝到 CATALINA_HOME/conf 目录下,jaas.conf文件内容如下:
[php]josso {
org.josso.tc50.agent.jaas.SSOGatewayLoginModule required debug=true;
};[/php]
3、tomcat server.xml
在CATALINA_HOME/conf/server.xml中增加如下配置
[php]<Realm className="org.josso.tc50.agent.jaas.CatalinaJAASRealm"
appName="josso"
userClassNames="org.josso.gateway.identity.service.BaseUserImpl"
roleClassNames="org.josso.gateway.identity.service.BaseRoleImpl"
debug="1" />[/php]
在<host>标签内的最后增加如下
[php]<Valve className="org.josso.tc50.agent.SSOAgentValve" debug="1"/>[/php]
4、运行库
将 josso 的运行库拷贝到 CATALINA_HOME/server/lib 目录下。
josso运行库可在www.josso.org下载并通过ant build得到。
5、josso web应用
将 josso 的示例应用拷贝到 CATALINA_HOME/webapps 目录下
josso.war [必须],用来实现单点登录验证。
partnerapp.war [可选],示例应用。
6、web应用中的登录框
在自己的web应用的登录框form中配置如下参数
[php]<form name="usernamePasswordLoginForm" method="post" action="/josso/signon/usernamePasswordLogin.do">
<input type="hidden" name="josso_cmd" value="login">
<input type="hidden" name="josso_back_to" value="">
<input type="hidden" name="josso_on_error" value="">
username: <input type="text" name="josso_username">
password: <input type="password" name="josso_password">
<input type="submit" value="Login" ></td></tr>
</form>[/php]
上面form中的各参数名称不能更改,适用于用“用户名/口令”方式进行的验证。
[php]<form name="" method="post" action="">
TODO
</form>[/php]
上面form适用于X509方式进行的验证。
文章出处:DIY部落(http://www.diybl.com/course/1_web/webjs/2007927/74617.html)
- josso for tomcat配置 step by step
- Dataguard配置Step by Step
- Step-by-step Install Guide for Ubuntu
- Mstr for linux安装Step by Step
- step by step 安装svn for ubuntu
- Linux for scratch --list (step by step)
- LepideMigrator for Documents Step by Step
- Mantis平台Step-By-Step配置手册
- Oracle dataguard配置Step by Step
- MySQL Cluster配置step by step
- step by step学习LAMP配置
- step by step入门LAMP配置
- step by step 配置mysql复制
- Step by Step 配置dubbo服务
- VIM配置Step By Step-----NERDTree篇
- VIM配置Step By Step------Vundle篇
- VIM 配置Step By Step------完整篇
- Bitnami Gitlab 安装配置 step by step
- EOutOfResources字符异常
- 【梅花雪网页脚本控件集】MzTreeView 1.0 一次加载数据的树
- struts控制器中使用new ActionForward和mapping.findForward的区别
- Marquee 滚动的效果
- request.getRealPath(String path) Deprecated
- josso for tomcat配置 step by step
- 开发经验小结(网络编程(1))---基础小知识
- asp.net汉字转拼音类
- Linux大文件使用
- SQL Server启动服务器时运行的存储过程
- static
- MzTreeView 1.0 开发文档
- 水晶报表常用函数总结(不断更新中.......)
- MYSQL数据同步,双向热备