CAS 4.0 配置开发手册
来源:互联网 发布:淘宝支持什么付款 编辑:程序博客网 时间:2024/06/05 01:51
1 下载
地址http://downloads.jasig.org/
cas-server-4.0.0-release.tar.gz
cas-client-3.3.3-release.tar.gz
2 配置
解压cas-server-4.0.0,将其中module/cas-server-webapp-4.0.0.war复制到Tomcat的webapps目录下,重命名为cas.war,启动Tomcat解开压缩。
2.1 CAS的HTTP模式与HTTPS设置
1)cas\WEB-INF\deployerConfigContext.xml,新增p:requireSecure="false"
<bean id="proxyAuthenticationHandler" class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" p:requireSecure="false"/>
2)cas\WEB-INF\spring-configuration
ticketGrantingTicketCookieGenerator.xml设置p:cookieSecure="false"
warnCookieGenerator.xml设置p:cookieSecure="false"
http://localhost:8080/cas,进入登录页面。
默认用户为casuser/Mellon,登录成功即配置完成。
2.2 设置利用数据库来验证用户
需依赖:c3p0-0.9.1.2.jar,mysql-connector-java-5.1.21.jar,cas-server-support-jdbc-4.0.0.jar
cas\WEB-INF\deployerConfigContext.xml
1)更换验证方式
<!--
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<property name="users">
<map>
<entry key="casuser" value="Mellon"/>
</map>
</property>
</bean>
-->
<!-- Define the DB Connection -->
<bean id="dataSource"
class="com.mchange.v2.c3p0.ComboPooledDataSource"
p:driverClass="com.mysql.jdbc.Driver"
p:jdbcUrl="jdbc:mysql://127.0.0.1:3306/hztraffic?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull"
p:user="root"
p:password="root" />
<!-- Define the encode method-->
<!--<bean id="passwordEncoder"
class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" autowire="byName">
<constructor-arg value="MD5"/>
</bean> -->
<bean id="passwordEncoder"
class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
c:encodingAlgorithm="MD5"
p:characterEncoding="UTF-8" />
<bean id="dbAuthHandler"
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
p:dataSource-ref="dataSource"
p:sql="select password from hztraffic.user_data where name=? and used=1"
p:passwordEncoder-ref="passwordEncoder"/>
<!-- p:passwordEncoder-ref="passwordEncoder" -->
2)更换验证Handle
<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<!--
| IMPORTANT
| Every handler requires a unique name.
| If more than one instance of the same handler class is configured, you must explicitly
| set its name to something other than its default name (typically the simple class name).
-->
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
<entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver" />
<!-- <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" /> -->
</map>
</constructor-arg>
http://localhost:8080/cas,进入登录页面。
默认用户为casuser/Mellon,登录成功即配置完成。
3 编译
3.1 Eclipse导入工程
3.2 License文件设置
Failed goal com.mycila.maven-license-plugin
注意src目录与cas-server-webapp平级,此外,任何关于Sever文件的修改,文件头的License声明需要添加。JSP/JS/CSS,否则编译检测通过不了。
<%--
Licensed to Jasig under one or more contributor license
agreements. See the NOTICE file distributed with this work
for additional information regarding copyright ownership.
Jasig licenses this file to you under theApache License,
Version 2.0 (the "License"); you may not use this file
except in compliance with the License. You may obtain a
copy of the License at the following location:
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
--%>
4 定制
4.1 登录/登出页面
4.2 允许退出后重定向
5 接入
5.1 WEB接入
5.1.1 非Spring模式
在Client工程WEB-INF/lib下添加cas-client-core-3.2.1.jar包。
修改web.xml如下:
<!-- ======================== 单点登录/登出 ======================== -->
<!-- 该过滤器用于实现单点登出功能,可选配置。 -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<!-- 该过滤器负责用户的认证工作,必须启用它 -->
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://localhost:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
</filter>
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:8443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<!-- 该过滤器负责实现HttpServletRequest请求的包裹,
比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。 -->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
比如AssertionHolder.getAssertion().getPrincipal().getName()。-->
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- ======================== 单点登录/登出结束 ======================== -->
现在运行Client工程,首次访问任一页面就会跳转到https://localhost:8443/cas/login进行认证。同时,把你的退出链接设置为:https://sso.wsria.com/cas/logout 即可实现单点推出。
5.1.2 Spring方式
引用cas-client-core.jar
Web.xml,注意casSingleSignOutFilter必须位于最前面
<listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- ======================== 单点登录/登出 ======================== -->
<filter>
<filter-name>casSingleSignOutFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>casSingleSignOutFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>casAuthenticationFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>casAuthenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>casTicketValidationFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>casTicketValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>casHttpServletRequestWrapperFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>casHttpServletRequestWrapperFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>casAssertionThreadLocalFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>casAssertionThreadLocalFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- ======================== 单点登录/登出结束 ======================== -->
appliationContext.xml
<bean id="casSingleSignOutFilter"
class="org.jasig.cas.client.session.SingleSignOutFilter"/>
<bean name="casAuthenticationFilter"
class="org.jasig.cas.client.authentication.AuthenticationFilter"
p:casServerLoginUrl="http://localhost:9000/uq-w-cas/login"
p:renew="false"
p:gateway="false"p:serverName="http://localhost:8080"/>
<bean name="casTicketValidationFilter"
class="org.jasig.cas.client.validation.Cas10TicketValidationFilter"
p:serverName="http://localhost:8080"
p:redirectAfterValidation="true">
<propertyname="ticketValidator">
<beanclass="org.jasig.cas.client.validation.Cas10TicketValidator">
<!-- 对应于casServerUrlPrefix -->
<constructor-argindex="0"value="http://localhost:9000/uq-w-cas"/>
</bean>
</property>
</bean>
<bean id="casHttpServletRequestWrapperFilter"
class="org.jasig.cas.client.util.HttpServletRequestWrapperFilter"/>
<bean id="casAssertionThreadLocalFilter"
class="org.jasig.cas.client.util.AssertionThreadLocalFilter"/>
页面
<%
AttributePrincipal principal= (AttributePrincipal)request.getUserPrincipal();
String username = "i am username";
if(null!=principal){
username=principal.getName();
%>
<h1>登录成功,这是客户端1啊</h1><br/>
用户名:<%=username %><br/>
<a href="http://localhost:8989/Casclient2/index.jsp">进入客户端2</a><br/>
<a href="http://localhost:9000/uq-w-cas/logout?service=http://localhost:9000/uq-w-cas/">退出</a><br/
<%
}
%>
5.2 客户端
工程依赖如下:
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.List;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.cookie.Cookie;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.protocol.HTTP;
public class CasUtil {
//Cas server address
static final String server ="http://localhost:9000/cas/login";
public static void main(String[] args)throws IOException {
//Login and get the cookie
Cookie cookie = getTicketGrantingTicket(server,"13082838818",
"13082838818");
if (cookie != null) {
System.out.println(cookie);
}
}
private static Cookie getTicketGrantingTicket(String server,
String username, String password) throws IOException {
DefaultHttpClient client = new DefaultHttpClient();
HttpPost post = new HttpPost(server);
//Login parameters
List<NameValuePair> nvps = new ArrayList<NameValuePair>();
nvps.add(new BasicNameValuePair("username", username));
nvps.add(new BasicNameValuePair("password", password));
String[] dynamicPara = doCasLoginRequest(client, server);
nvps.add(new BasicNameValuePair("lt", dynamicPara[0]));
nvps.add(new BasicNameValuePair("execution", dynamicPara[1]));
nvps.add(new BasicNameValuePair("_eventId","submit"));
//Font Code
post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));
try {
HttpResponse response = client.execute(post);
HttpEntity entity = response.getEntity();
if (entity != null) {
//CASTGC: the default cookie name
Cookie cookie = getCookieValue(client, "CASTGC");
entity.consumeContent();
return cookie;
}
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
private static Cookie getCookieValue(DefaultHttpClient httpclient,
String name) {
List<Cookie> cookies = httpclient.getCookieStore().getCookies();
if (cookies.isEmpty()) {
return null;
} else {
for (int i = 0; i < cookies.size(); i++) {
Cookie cookie = cookies.get(i);
if (cookie.getName().equalsIgnoreCase(name)) {
return cookie;
}
}
}
return null;
}
//Simulate the login action and get the dynamic parameterslt and execution
private static String[] doCasLoginRequest(DefaultHttpClient httpclient,
String url) throws IOException {
String[] result = new String[2];
HttpGet httpget = new HttpGet(url);
HttpResponse response = httpclient.execute(httpget);
HttpEntity entity = response.getEntity();
BufferedReader rd = new BufferedReader(new InputStreamReader(
entity.getContent(), "UTF-8"));
String tempLine = rd.readLine();
String sLt = "<input type=\"hidden\" name=\"lt\" value=\"";
String sEx = "<input type=\"hidden\" name=\"execution\" value=\"";
while (tempLine != null) {
int iLt = tempLine.indexOf(sLt);
int iEx = tempLine.indexOf(sEx);
if (iLt != -1) {
String s1 = tempLine.substring(iLt + sLt.length());
int index1 = s1.indexOf("\"");
if (index1 != -1)
result[0] = s1.substring(0, index1);
}
if (iEx != -1) {
String s1 = tempLine.substring(iEx + sEx.length());
int index1 = s1.indexOf("\"");
if (index1 != -1)
result[1] = s1.substring(0, index1);
}
tempLine = rd.readLine();
}
if (entity != null) {
entity.consumeContent();
}
return result;
}
//Cookie convert
private javax.servlet.http.CookieconvertToServletCookie(Cookie cookie) {
javax.servlet.http.Cookie retCookie = new javax.servlet.http.Cookie(
cookie.getName(), cookie.getValue());
retCookie.setComment(cookie.getComment());
retCookie.setDomain(cookie.getDomain());
retCookie.setHttpOnly(false);
retCookie.setSecure(false);
retCookie.setPath(cookie.getPath());
retCookie.setVersion(cookie.getVersion());
retCookie.setMaxAge((int) ((cookie.getExpiryDate().getTime() - System
.currentTimeMillis()) / 1000));
return retCookie;
}
}
部分图片未上传,如有需要,请给我留言。
- CAS 4.0 配置开发手册
- CAS 4.0 配置开发手册
- cas 配置与自定义开发
- cas 配置与自定义开发
- cas配置与自定义开发
- Flex开发 配置手册
- Mac 开发配置手册
- tomcat6.0.2 cas spring security配置开发
- cas单点登录手册
- Mac 开发配置学习手册
- CAS配置
- cas 配置
- cas配置
- CAS配置
- cas配置
- cas server 4.0 (CAS服务端) 与 Tomcat 配置
- MyEclipse+struts+Hibernate配置和开发手册
- MyEclipse + struts + Hibernate配置开发手册
- Java核心技术图
- 1396 - Operation CREATE USER failed
- 关于C#中调用C++编写的DLL(非托管的DLL)的实现和问题记录
- [LeetCode] Longest Substring Without Repeating Characters
- 构造json串
- CAS 4.0 配置开发手册
- mahout 实战
- oracle错误(四) ORA-04088: 触发器 'SL.CMS_CHANNEL_TRI' 执行过程中出错的解决办法
- Asp.net Socket客户端(远程发送和接收数据)
- 国内手机号段校验正则(转载)
- CAS实现单点登录(SSO)经典完整教程
- [EXTJS]combo下拉框可多选
- 对视图有时为什么使用select top 100 percent * 而不使用 select * 呢?
- 树后台数据存储(采用webmethod)