【CAS】自定义数据库连接配置
来源:互联网 发布:诺基亚n9deb的软件 编辑:程序博客网 时间:2024/05/16 09:19
在上一篇博客中,对CAS进行了整体的介绍,我们知道,CAS可分为Server和Client。本篇博客开始介绍对CAS
Sever进行的一些自定义配置。
【版本说明】:CAS Server 4.0
【下载地址】:https://github.com/apereo/cas/releases/tag/v4.0.0
【构建方法】:
1. 将下载好的cas-server-4.0.0-release.zip解压
2. 将cas-server-4.0.0\modules\cas-server-webapp-4.0.0.war放到tomcat的webapps目录下
3. 将默认的cas-server-webapp-4.0.0.war重命名为cas.war
4. CAS默认认证方式使用的是HTTPS协议,这里修改成HTTP方式。开启的话会经常提示证书过期、需要客户确
认等。
5. 取消HTTPS协议
webapps\cas\WEB-INF\spring-configuration\warnCookieGenerator.xml ,找到如下配置<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" p:cookieSecure="true" p:cookieMaxAge="-1" p:cookieName="CASPRIVACY" p:cookiePath="/cas"/>修改 p:cookieSecure="true" 为 p:cookieSecure="false"webapps\cas\WEB-INF\spring-configuration\ticketGrantingTicketCookieGenerator.xml ,找到如下配置<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" p:cookieSecure="true" p:cookieMaxAge="-1" p:cookieName="CASTGC" p:cookiePath="/cas"/> 修改 p:cookieSecure="true" 为 p:cookieSecure="false"webapps\cas\WEB-INF\deployerConfigContext.xml 文件 ,找到如下配置:<bean id="proxyAuthenticationHandler" class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient"/> 增加p:requireSecure="false"即HTTPS为不采用。修改后为: <bean id="proxyAuthenticationHandler"class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" p:requireSecure="false"/>
6. 启动tomcat,访问http://localhost:8080/cas,则可以看到登录界面,4.0 之后默认配置是在 deployer
ConfigContext.xml 配置文件中,可以看到用户名密码为casuser/Mellon
【配置方法】:
1. 修改deployerConfigContext.xml文件:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:c="http://www.springframework.org/schema/c" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util" xmlns:sec="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"> <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> <constructor-arg> <map> <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> <!-- <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" /> --><entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver"/> </map> </constructor-arg> <property name="authenticationPolicy"> <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" /> </property> </bean> <bean id="proxyAuthenticationHandler" class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" p:requireSecure="false" /> <!—将默认的用户名和密码注释--> <!-- <bean id="primaryAuthenticationHandler" class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler"> <property name="users"> <map> <entry key="casuser" value="Mellon"/> </map> </property> </bean> --> <!-- 配置数据源--> <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" p:driverClass="com.mysql.jdbc.Driver" p:jdbcUrl="jdbc:mysql://localhost:3306/itoo_cloudroot?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull" p:user="root" p:password="rootitoo" /> <!-- 密码加密方式--> <bean id="passwordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" c:encodingAlgorithm="MD5" p:characterEncoding="UTF-8" /> <!--查询匹配的字段--> <bean id="dbAuthHandler" class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler" p:dataSource-ref="dataSource" p:sql="select password from ta_allusers where userCode=? and isDelete=0 " p:passwordEncoder-ref="passwordEncoder" /> <!-- 使用密码加密 --> <!-- Required for proxy ticket mechanism --> <bean id="proxyPrincipalResolver" class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" /> <!-- | Resolves a principal from a credential using an attribute repository that is configured to resolve | against a deployer-specific store (e.g. LDAP). --> <bean id="primaryPrincipalResolver" class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" > <property name="attributeRepository" ref="attributeRepository" /> </bean> <!-- Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation may go against a database or LDAP server. The id should remain "attributeRepository" though. +--> <!-- <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao" p:backingMap-ref="attrRepoBackingMap" /> <util:map id="attrRepoBackingMap"> <entry key="uid" value="uid" /> <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> <entry key="groupMembership" value="groupMembership" /> </util:map> --><bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao"> <!-- <property name="contextSource" ref="contextSource" /> <property name="baseDN" value="ou=people,o=company,c=fr" /> <property name="requireAllQueryAttributes" value="true" /> --> <constructor-arg index="0" ref="dataSource"/> <constructor-arg index="1" value="select r.databaseName FROM itoo_cloudroot.ta_allusers a INNER JOIN itoo_cloudroot.ta_registuser r ON a.regist
UserId=r.id where a.isDelete = 0 and {0} "/> <!-- Attribute mapping between principal (key) and LDAP (value) names used to perform the LDAP search. By default, multiple search criteria are ANDed together. Set the queryType property to change to OR. --> <property name="queryAttributeMapping"><map> <entry key="username" value="a.userCode" /></map> </property> <property name="resultAttributeMapping"><map> <!-- Mapping beetween LDAP entry attributes (key) and Principal's (value) --> <entry value="databaseName" key="databaseName" /></map> </property></bean> <!-- Sample, in-memory data store for the ServiceRegistry. A real implementation would probably want to replace this with the JPA-backed ServiceRegistry DAO The name of this bean should remain "serviceRegistryDao". +--> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" p:registeredServices-ref="registeredServicesList" /> <util:list id="registeredServicesList"> <bean class="org.jasig.cas.services.RegexRegisteredService" p:id="0" p:name="HTTP and IMAP" p:description="Allows HTTP(S) and IMAP(S) protocols" p:serviceId="^(https?|imaps?)://.*" p:evaluationOrder="10000001" /> <!-- Use the following definition instead of the above to further restrict access to services within your domain (including sub domains). Note that example.com must be replaced with the domain you wish to permit. This example also demonstrates the configuration of an attribute filter that only allows for attributes whose length is 3. --> <!-- <bean class="org.jasig.cas.services.RegexRegisteredService"> <property name="id" value="1" /> <property name="name" value="HTTP and IMAP on example.com" /> <property name="description" value="Allows HTTP(S) and IMAP(S) protocols on example.com" /> <property name="serviceId" value="^(https?|imaps?)://([A-Za-z0-9_-]+\.)*example\.com/.*" /> <property name="evaluationOrder" value="0" /> <property name="attributeFilter"> <bean class="org.jasig.cas.services.support.RegisteredServiceRegexAttributeFilter" c:regex="^\w{3}$" /> </property> </bean> --> </util:list> <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> <bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" /> <util:list id="monitorsList"> <bean class="org.jasig.cas.monitor.MemoryMonitor" p:freeMemoryWarnThreshold="10" /> <!-- NOTE The following ticket registries support SessionMonitor: * DefaultTicketRegistry * JpaTicketRegistry Remove this monitor if you use an unsupported registry. --> <bean class="org.jasig.cas.monitor.SessionMonitor" p:ticketRegistry-ref="ticketRegistry" p:serviceTicketCountWarnThreshold="5000" p:sessionCountWarnThreshold="100000" /> </util:list></beans>
2. 将几个需要的jar包放入到cas的lib目录下:
• c3p0-0.9.5.1.jar
• cas-server-support-jdbc-4.0.3.jar
• mchange-commons-java-0.2.10.jar
• mysql-connector-java-5.1.40.jar
【连接测试】
1. 链接地址:http://localhost:8080/cas
登录界面如下:
2. 输入正确的用户名密码,登录成功:
3. 输入错误的密码,登录失败:
【总结】
本篇自定义数据库连接配置属于CAS Server中最基本也是最首要的配置,很简单,只需要修改一个核心的
配置文件即可,除此之外,想要定制一款CAS加入到自己的项目中,还有很多需要自定义配置的地方。下篇博客继续分
享。
0 0
- 【CAS】自定义数据库连接配置
- 【CAS】自定义Controller配置
- cas 配置与自定义开发
- cas 配置与自定义开发
- cas配置与自定义开发
- CI 框架自定义数据库连接配置
- 【CAS】自定义多条件查询配置
- CAS自定义
- log4j 配置数据库连接池添加自定义信息
- CAS配置
- cas 配置
- cas配置
- CAS配置
- cas配置
- Cas用户密码自定义加密
- cas自定义登录页面
- CAS 自定义数据源
- CAS自定义登录验证
- Android运行时权限工具类
- 娱乐视频直播背后的技术支持——DASH重构
- MongoDB的存储结构及对空间使用率的影响
- 【Prison Break】第五天(4.1)
- C#的山寨版的串口调式助手
- 【CAS】自定义数据库连接配置
- 1 多线程下载一个文件(普通的java工程:java实现)
- 【win32】高仿QQ截图
- (23)插值查找
- Q&A——图形渲染(三)
- 应用启动图标的适配
- java4种线程池的使用
- Java设计线程安全的类
- 坐标移动