（原创）LDAP与CAS单点登录集成

 我的百度空间中也可以访问到这些文章：hi.baidu.com/five00

编写CAS的配置文件deployerConfigContext-ldap.xml，这里配置了关于Ldap认证源的各种信息，代码如下：

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

<beans>

<bean id="authenticationManager"   class="org.jasig.cas.authentication.AuthenticationManagerImpl">

    <property name="credentialsToPrincipalResolvers">

        <list>

            <bean

        class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />

            <bean

    class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />

        </list>

    </property>

    <property name="authenticationHandlers">

        <list>

            <bean               class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" />

 

<bean               class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" />

            <bean       class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">

                <property name="filter" value="uid=%u" />

                 <!-- 基节点 -->

                <property name="searchBase" value="ou=People,ou=rootOrg,o=sevenSeas" />

                <property name="contextSource" ref="contextSource" />

            </bean>

        </list>

    </property>

</bean>

 

<bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">

        <property name="password" value="secret" />

        <property name="pooled" value="true" />

        <property name="urls">

            <list>

                <value>ldap://localhost:10389/</value>

            </list>

        </property>

        <!—管理员 -->

        <property name="userName" value="uid=admin,ou=system" />

        <property name="baseEnvironmentProperties">

            <map>

                <entry>

                        <key><value>java.naming.security.authentication</value></key>

                     <value>simple</value>

                 </entry>

             </map>

        </property>

    </bean>            

   

</beans>

如果使用ou=People,ou=rootOrg,o=sevenSeas节点，如第7章的图所示，输出日志信息为：

[DEBUG] 2007-12-20 13:28:51,675 org.jasig.cas.web.flow.AuthenticationViaFormAction - Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow

[DEBUG] 2007-12-20 13:28:51,675 org.jasig.cas.CentralAuthenticationServiceImpl - Attempting to create TicketGrantingTicket for admin

username is [admin]

password is [secret]

[DEBUG] 2007-12-20 13:28:51,722 org.springframework.ldap.support.LdapContextSource - Principal: 'uid=admin,ou=system'

[DEBUG] 2007-12-20 13:28:52,113 org.springframework.ldap.support.LdapContextSource - Got Ldap context on server 'ldap://localhost:10389/'

cns is [[cn=admin]]

cns.isEmpty() is [false]

cns.size() is [1]

!this.allowMultipleAccounts is [true]

这是日志信息显示只有一个cn=admin的用户，可以进行Ldap认证。

如果将节点改为o=sevenSeas的话，如图：

以sevenSeas为基节点

再次验证日志信息会出现如下显示：

[DEBUG] 2007-12-20 13:43:56,347 org.jasig.cas.web.flow.AuthenticationViaFormAction - Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow

[DEBUG] 2007-12-20 13:43:56,347 org.jasig.cas.CentralAuthenticationServiceImpl - Attempting to create TicketGrantingTicket for admin

username is [admin]

password is [secret]

[DEBUG] 2007-12-20 13:43:56,363 org.springframework.ldap.support.LdapContextSource - Principal: 'uid=admin,ou=system'

[DEBUG] 2007-12-20 13:43:56,394 org.springframework.ldap.support.LdapContextSource - Got Ldap context on server 'ldap://localhost:10389/'

cns is [[cn=admin,ou=Roles,ou=rootOrg, cn=admin,ou=People,ou=rootOrg]]

cns.isEmpty() is [false]

cns.size() is [2]

!this.allowMultipleAccounts is [true]

这时我们看到people和role节点下面都有cn=admin，这时候allowMultipleAccounts的值为true，意味着当前有多歌同名帐号，系统不知道该选择哪个，所以会验证失败。这是需要注意的地方。v