CAS SSO研究一:抛弃Https让Cas以Http协议提供单点登录服务
来源:互联网 发布:最新全国省市区数据库 编辑:程序博客网 时间:2024/06/07 03:51
转自: http://blog.csdn.net/ycyk_168/article/details/18668951
本文环境:
1、apache-tomcat-7.0.50-windows-x86
2、cas-server-3.4.11
3、cas-client-3.2.1
将cas-server-webapp-3.4.11.war放入tomcat的webapps下,改名ROOT.war,启动tomcat,待自动解压后,进行如下修改:
1、修改WEB-INF\deployerConfigContext.xml,加入
- p:requireSecure="false"
- <property name="authenticationHandlers">
- <list>
- <!--
- | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
- | a server side SSL certificate.
- +-->
- <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
- p:httpClient-ref="httpClient" p:requireSecure="false"/>
- <!--
- | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS
- | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
- | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your
- | local authentication strategy. You might accomplish this by coding a new such handler and declaring
- | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
- +-->
- <bean
- class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
- </list>
- </property>
- <bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
- p:cookieSecure="false"
- p:cookieMaxAge="-1"
- p:cookieName="CASTGC"
- p:cookiePath="/cas" />
3、修改修改WEB-INF\spring-configuration\warnCookieGenerator.xml,修改p:cookieSecure="false"
- <bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
- p:cookieSecure="false"
- p:cookieMaxAge="-1"
- p:cookieName="CASPRIVACY"
- p:cookiePath="/cas" />
经过以上三步,cas server端修改完毕
客户端操作我习惯进行一下域名/IP映射,修改:C:\Windows\System32\drivers\etc\hosts 添加如下映射
- 127.0.0.1 cas.jkkl1314.com
- 127.0.0.1 c1.jkkl1314.com
- 127.0.0.1 c2.jkkl1314.com
在客户端项目中加入cas-client-core-3.2.1.jar、commons-logging.jar,并在web.xml中加入:
- <!-- ======================== 单点登录开始 ======================== -->
- <!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置-->
- <listener>
- <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
- </listener>
- <!-- 该过滤器用于实现单点登出功能,可选配置。 -->
- <filter>
- <filter-name>CAS Single Sign Out Filter</filter-name>
- <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>CAS Single Sign Out Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <filter>
- <filter-name>CAS Filter</filter-name>
- <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
- <init-param>
- <param-name>casServerLoginUrl</param-name>
- <param-value>http://cas.jkkl1314.com:10000</param-value>
- </init-param>
- <init-param>
- <param-name>serverName</param-name>
- <param-value>http://c1.jkkl1314.com:8080</param-value>
- </init-param>
- </filter>
- <filter-mapping>
- <filter-name>CAS Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
- <filter>
- <filter-name>CAS Validation Filter</filter-name>
- <filter-class>
- org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
- <init-param>
- <param-name>casServerUrlPrefix</param-name>
- <param-value>http://cas.jkkl1314.com:10000</param-value>
- </init-param>
- <init-param>
- <param-name>serverName</param-name>
- <param-value>http://c1.jkkl1314.com:8080</param-value>
- </init-param>
- </filter>
- <filter-mapping>
- <filter-name>CAS Validation Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!--
- 该过滤器负责实现HttpServletRequest请求的包裹,
- 比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。
- -->
- <filter>
- <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
- <filter-class>
- org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!--
- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
- 比如AssertionHolder.getAssertion().getPrincipal().getName()。
- -->
- <filter>
- <filter-name>CAS Assertion Thread Local Filter</filter-name>
- <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>CAS Assertion Thread Local Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!-- ======================== 单点登录结束 ======================== -->
第二个客户端项目只是修改了一下域名,在web.xml中加入的配置是一样的!运行后即可实现单点登录!
以下两边文章对我帮助很大,特此感谢:
http://www.micmiu.com/enterprise-app/sso/sso-cas-sample/
0 0
- CAS SSO研究一:抛弃Https让Cas以Http协议提供单点登录服务
- CAS SSO研究一:抛弃Https让Cas以Http协议提供单点登录服务
- CAS单点登录https协议修改成http协议
- cas 单点登录 服务端搭建http协议与https协议
- CAS单点登录(SSO)
- 单点登录sso cas
- CAS SSO单点登录
- CAS sso单点登录
- cas sso 单点登录
- 将CAS 单点登录协议由https改为http
- cas 单点登录 及将https 转为http协议
- Cas单点登录(2)HTTPS协议
- 单点登录(SSO)、CAS介绍
- CAS单点登录(SSO)总结
- JAVA CAS单点登录(SSO)
- CAS SSO单点登录实例
- CAS解决单点登录SSO
- 浅谈CAS单点登录(SSO)
- Java中的float和long
- django创建一个项目
- Hibernate之多对一
- 算法--02.插入排序
- 效果展示的总结
- CAS SSO研究一:抛弃Https让Cas以Http协议提供单点登录服务
- JavaScript 你可能会忘记的基础知识 (1)基本类型
- 使用 MYSQLBINLOG 来恢复数据
- Statement 和 PreparedStatement总结
- BZOJ1647: [Usaco2007 Open]Fliptile 翻格子游戏 Dfs
- CSS心得
- Plot wordcloud2 in shiny
- HI3518EV200+AR0130+4G+服务器+PC+APP调试顺畅
- Volley请求模板