CAS 4.0 配置开发手册

1    下载

地址http://downloads.jasig.org/

cas-server-4.0.0-release.tar.gz

cas-client-3.3.3-release.tar.gz

2    配置

解压cas-server-4.0.0,将其中module/cas-server-webapp-4.0.0.war复制到Tomcat的webapps目录下,重命名为cas.war,启动Tomcat解开压缩。

2.1 CAS的HTTP模式与HTTPS设置


1)cas\WEB-INF\deployerConfigContext.xml,新增p:requireSecure="false"

<bean id="proxyAuthenticationHandler"          class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"

p:httpClient-ref="httpClient" p:requireSecure="false"/>

2)cas\WEB-INF\spring-configuration

ticketGrantingTicketCookieGenerator.xml设置p:cookieSecure="false"

warnCookieGenerator.xml设置p:cookieSecure="false"

http://localhost:8080/cas,进入登录页面。

默认用户为casuser/Mellon,登录成功即配置完成。

2.2 设置利用数据库来验证用户

需依赖:c3p0-0.9.1.2.jar,mysql-connector-java-5.1.21.jar,cas-server-support-jdbc-4.0.0.jar


cas\WEB-INF\deployerConfigContext.xml

1)更换验证方式

<!--

<bean id="primaryAuthenticationHandler"

class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">

<property name="users">

<map>

<entry key="casuser" value="Mellon"/>

</map>

</property>

</bean>

-->

<!-- Define the DB Connection -->

<bean id="dataSource"

class="com.mchange.v2.c3p0.ComboPooledDataSource"

p:driverClass="com.mysql.jdbc.Driver"

p:jdbcUrl="jdbc:mysql://127.0.0.1:3306/hztraffic?useUnicode=true&amp;characterEncoding=UTF-8&amp;zeroDateTimeBehavior=convertToNull"

p:user="root"

p:password="root" />

<!-- Define the encode method-->

<!--<bean id="passwordEncoder"

class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" autowire="byName">

<constructor-arg value="MD5"/>

</bean> -->

<bean id="passwordEncoder"

class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"

c:encodingAlgorithm="MD5"

p:characterEncoding="UTF-8" />

<bean id="dbAuthHandler"

class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"

p:dataSource-ref="dataSource"

p:sql="select password from hztraffic.user_data where name=? and used=1"

p:passwordEncoder-ref="passwordEncoder"/>

<!-- p:passwordEncoder-ref="passwordEncoder" -->

2)更换验证Handle

<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">

<constructor-arg>

<map>

<!--

| IMPORTANT

| Every handler requires a unique name.

| If more than one instance of the same handler class is configured, you must explicitly

| set its name to something other than its default name (typically the simple class name).

-->

<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />

<entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver" />

<!-- <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" /> -->

</map>

</constructor-arg>

http://localhost:8080/cas,进入登录页面。

默认用户为casuser/Mellon,登录成功即配置完成。

3    编译

3.1 Eclipse导入工程

3.2 License文件设置

Failed goal com.mycila.maven-license-plugin

注意src目录与cas-server-webapp平级,此外,任何关于Sever文件的修改,文件头的License声明需要添加。JSP/JS/CSS,否则编译检测通过不了。


<%--

Licensed to Jasig under one or more contributor license

agreements. See the NOTICE file distributed with this work

for additional information regarding copyright ownership.

Jasig licenses this file to you under the
Apache License,

Version 2.0 (the "License"); you may not use this file

except in compliance with the License.  You may obtain a

copy of the License at the following location:

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,

software distributed under the License is distributed on an

"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

KIND, either express or implied.  See the License for the

specific language governing permissions and limitations

under the License.

--%>

4    定制

4.1 登录/登出页面

4.2 允许退出后重定向

5    接入

5.1 WEB接入

5.1.1 非Spring模式

在Client工程WEB-INF/lib下添加cas-client-core-3.2.1.jar包。

修改web.xml如下:


<!-- ======================== 单点登录/登出 ======================== -->

<!-- 该过滤器用于实现单点登出功能,可选配置。 -->

<filter>

<filter-name>CAS Single Sign Out Filter</filter-name>

<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>

</filter>

<!-- 该过滤器负责用户的认证工作,必须启用它 -->

<filter>

<filter-name>CAS Authentication Filter</filter-name>

<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>

<init-param>

<param-name>casServerLoginUrl</param-name>

<param-value>https://localhost:8443/cas/login</param-value>

</init-param>

<init-param>

<param-name>serverName</param-name>

<param-value>http://localhost:8080</param-value>

</init-param>

</filter>

<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->

<filter>

<filter-name>CAS Validation Filter</filter-name>

<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>

<init-param>

<param-name>casServerUrlPrefix</param-name>

<param-value>https://localhost:8443/cas</param-value>

</init-param>

<init-param>

<param-name>serverName</param-name>

<param-value>http://localhost:8080</param-value>

</init-param>

<init-param>

<param-name>redirectAfterValidation</param-name>

<param-value>true</param-value>

</init-param>

</filter>

<!-- 该过滤器负责实现HttpServletRequest请求的包裹,

比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。
-->

<filter>

<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>

<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>

</filter>

<!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。

比如AssertionHolder.getAssertion().getPrincipal().getName()。-->

<filter>

<filter-name>CAS Assertion Thread Local Filter</filter-name>

<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>

</filter>

<filter-mapping>

<filter-name>CAS Single Sign Out Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>CAS Authentication Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>CAS Validation Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>CAS Assertion Thread Local Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<listener>

<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>

</listener>

<!-- ======================== 单点登录/登出结束 ======================== -->

现在运行Client工程,首次访问任一页面就会跳转到https://localhost:8443/cas/login进行认证。同时,把你的退出链接设置为:https://sso.wsria.com/cas/logout 即可实现单点推出。

5.1.2 Spring方式

引用cas-client-core.jar

Web.xml,注意casSingleSignOutFilter必须位于最前面


<listener>       
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>

</listener>

<!-- ======================== 单点登录/登出 ======================== -->

<filter>

<filter-name>casSingleSignOutFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>casSingleSignOutFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter>

<filter-name>casAuthenticationFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>casAuthenticationFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter>

<filter-name>casTicketValidationFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>casTicketValidationFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter>

<filter-name>casHttpServletRequestWrapperFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>casHttpServletRequestWrapperFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter>

<filter-name>casAssertionThreadLocalFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>casAssertionThreadLocalFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<!-- ======================== 单点登录/登出结束 ======================== -->

appliationContext.xml


<bean
id="casSingleSignOutFilter"

        class="org.jasig.cas.client.session.SingleSignOutFilter"
/>

<bean
name="casAuthenticationFilter"

class="org.jasig.cas.client.authentication.AuthenticationFilter"

p:casServerLoginUrl="http://localhost:9000/uq-w-cas/login"

p:renew="false"

p:gateway="false"
p:serverName="http://localhost:8080"
/>

<bean
name="casTicketValidationFilter"

class="org.jasig.cas.client.validation.Cas10TicketValidationFilter"

p:serverName="http://localhost:8080"

p:redirectAfterValidation="true">

<property
name="ticketValidator">

<bean
class="org.jasig.cas.client.validation.Cas10TicketValidator">

<!-- 对应于casServerUrlPrefix -->

<constructor-arg
index="0"
value="http://localhost:9000/uq-w-cas"
/>

</bean>

</property>

</bean>

<bean
id="casHttpServletRequestWrapperFilter"

class="org.jasig.cas.client.util.HttpServletRequestWrapperFilter"
/>

<bean
id="casAssertionThreadLocalFilter"

class="org.jasig.cas.client.util.AssertionThreadLocalFilter"
/>

页面


<%

AttributePrincipal  principal= (AttributePrincipal)request.getUserPrincipal();

String username = "i am username";

if(null!=principal){

username=principal.getName();

%>

<h1>登录成功,这是客户端1啊</h1><br/>

用户名:<%=username
%><br/>

<a
href="http://localhost:8989/Casclient2/index.jsp">进入客户端2</a><br/>

<a
href="http://localhost:9000/uq-w-cas/logout?service=http://localhost:9000/uq-w-cas/">退出</a><br/

<%

}

%>

5.2 客户端

工程依赖如下:


import java.io.BufferedReader;

import java.io.IOException;

import java.io.InputStreamReader;

import java.util.ArrayList;

import java.util.List;

import org.apache.http.HttpEntity;

import org.apache.http.HttpResponse;

import org.apache.http.NameValuePair;

import org.apache.http.client.entity.UrlEncodedFormEntity;

import org.apache.http.client.methods.HttpGet;

import org.apache.http.client.methods.HttpPost;

import org.apache.http.cookie.Cookie;

import org.apache.http.impl.client.DefaultHttpClient;

import org.apache.http.message.BasicNameValuePair;

import org.apache.http.protocol.HTTP;

public
class
CasUtil {

//Cas server address

static
final
String server =
"http://localhost:9000/cas/login";

public
static void
main(String[] args)
throws IOException {

//Login and get the cookie

Cookie cookie = getTicketGrantingTicket(server,
"13082838818",

"13082838818");

if (cookie !=
null
) {

System.out.println(cookie);

}

}

private
static
Cookie getTicketGrantingTicket(String server,

String username, String password) throws IOException {

DefaultHttpClient client = new DefaultHttpClient();

HttpPost post = new HttpPost(server);

//Login parameters

List<NameValuePair> nvps = new ArrayList<NameValuePair>();

nvps.add(new BasicNameValuePair("username", username));

nvps.add(new BasicNameValuePair("password", password));

String[] dynamicPara = doCasLoginRequest(client, server);

nvps.add(new BasicNameValuePair("lt", dynamicPara[0]));

nvps.add(new BasicNameValuePair("execution", dynamicPara[1]));

nvps.add(new BasicNameValuePair("_eventId",
"submit"));

//Font Code

post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));

try {

HttpResponse response = client.execute(post);

HttpEntity entity = response.getEntity();

if (entity !=
null
) {

//CASTGC: the default cookie name

Cookie cookie = getCookieValue(client,
"CASTGC");

entity.consumeContent();

return cookie;

}

} catch (Exception e) {

e.printStackTrace();

}

return
null
;

}

private
static
Cookie getCookieValue(DefaultHttpClient httpclient,

String name) {

List<Cookie> cookies = httpclient.getCookieStore().getCookies();

if (cookies.isEmpty()) {

return
null
;

} else {

for (int i = 0; i < cookies.size(); i++) {

Cookie cookie = cookies.get(i);

if (cookie.getName().equalsIgnoreCase(name)) {

return cookie;

}

}

}

return
null
;

}

//Simulate the login action and get the dynamic parameters
lt and execution

private
static
String[] doCasLoginRequest(DefaultHttpClient httpclient,

String url) throws IOException {

String[] result = new String[2];

HttpGet httpget = new HttpGet(url);

HttpResponse response = httpclient.execute(httpget);

HttpEntity entity = response.getEntity();

BufferedReader rd = new BufferedReader(new InputStreamReader(

entity.getContent(), "UTF-8"));

String tempLine = rd.readLine();

String sLt = "<input type=\"hidden\" name=\"lt\" value=\"";

String sEx = "<input type=\"hidden\" name=\"execution\" value=\"";

while (tempLine !=
null
) {

int iLt = tempLine.indexOf(sLt);

int iEx = tempLine.indexOf(sEx);

if (iLt != -1) {

String s1 = tempLine.substring(iLt + sLt.length());

int index1 = s1.indexOf("\"");

if (index1 != -1)

result[0] = s1.substring(0, index1);

}

if (iEx != -1) {

String s1 = tempLine.substring(iEx + sEx.length());

int index1 = s1.indexOf("\"");

if (index1 != -1)

result[1] = s1.substring(0, index1);

}

tempLine = rd.readLine();

}

if (entity !=
null
) {

entity.consumeContent();

}

return result;

}

//Cookie convert

private javax.servlet.http.Cookie
convertToServletCookie(Cookie cookie) {

javax.servlet.http.Cookie retCookie = new javax.servlet.http.Cookie(

cookie.getName(), cookie.getValue());

retCookie.setComment(cookie.getComment());

retCookie.setDomain(cookie.getDomain());

retCookie.setHttpOnly(false);

retCookie.setSecure(false);

retCookie.setPath(cookie.getPath());

retCookie.setVersion(cookie.getVersion());

retCookie.setMaxAge((int) ((cookie.getExpiryDate().getTime() - System

.currentTimeMillis()) / 1000));

return retCookie;

}

}

部分图片未上传,如有需要,请给我留言。

时间: 2024-10-13 15:17:38

CAS 4.0 配置开发手册的相关文章

CAS 4.0 配置开发手冊

1    下载 地址http://downloads.jasig.org/ cas-server-4.0.0-release.tar.gz cas-client-3.3.3-release.tar.gz 2    配置 解压cas-server-4.0.0.将当中module/cas-server-webapp-4.0.0.war拷贝到Tomcat的webapps文件夹下,重命名为cas.war.启动Tomcat解开压缩. 2.1 CAS的HTTP模式与HTTPS设置 1)cas\WEB-INF

ThinkPHP5.0完全开发手册 --技术文档

1.ThinkPHP5.0完全开发手册.chm 链接:https://pan.baidu.com/s/1199wK6q6O9IyOf5RU_-Xow 提取码:hnek 2.ThinkPHP5.0完全开发手册.pdf 链接:https://pan.baidu.com/s/1oC1VxkjdGpfmN6e_u6gE3w 提取码:gk0v 原文地址:https://www.cnblogs.com/qikeyishu/p/10493651.html

vue 3.0 配置开发环境和测试环境

1.在项目里的根目录里加入了3个文件(与vue.config.js同级) .env   线上环境 .env.development 开发环境 .env.testbuild  测试环境 2.在上边3个文件中: 使用VUE_APP_URL = “接口url”书写格式:VUE_APP_[自定义name] 3在pakejson里面配置打包环境 4.在config里面部分配置 module.exports = { publicPath:'/',    // 公共路径 outputDir: 'dist',

阿里巴巴Java开发手册1.4.0

转自官网 前言 <阿里巴巴Java开发手册>是阿里巴巴集团技术团队的集体智慧结晶和经验总结,经历了多次大规模一线实战的检验及不断完善,系统化地整理成册,回馈给广大开发者.现代软件行业的高速发展对开发者的综合素质要求越来越高,因为不仅是编程知识点,其它维度的知识点也会影响到软件的最终交付质量.比如:数据库的表结构和索引设计缺陷可能带来软件上的架构缺陷或性能风险:工程结构混乱导致后续维护艰难:没有鉴权的漏洞代码易被黑客攻击等等.所以本手册以Java开发者为中心视角,划分为编程规约.异常日志.单元测

阿里巴巴 Java 开发手册 1.4.0

一.编程规约(一) 命名风格1. [强制]代码中的命名均不能以下划线或美元符号开始,也不能以下划线或美元符号结束.反例: _name / __name / $name / name_ / name$ / name__2. [强制]代码中的命名严禁使用拼音与英文混合的方式,更不允许直接使用中文的方式.说明:正确的英文拼写和语法可以让阅读者易于理解,避免歧义.注意,即使纯拼音命名方式也要避免采用.正例: alibaba / taobao / youku / hangzhou 等国际通用的名称,可视同

weiPHP----OneThink1.0开发手册

OneThink1.0开发手册 OneThink系列开发手册在线版 登录 简介 安装 后台使用帮助 架构设计 二次开发指南 附录 安装 复制本页链接 普通环境安装 环境需求: PHP>=5.3.0 扩展 Mysql/Mysqli/PDO , GD2 ,mbstring 在环境检测通过后,最重要的步骤就是填写数据库信息了. 数据库连接类型 : 根据php安装的数据库扩展选择,建议mysqli,不建议mysql 数据库服务器:数据库和web服务器位于同一服务器时,填写127.0.0.1或localh

nginx1.9.4 +php 5.5.29+yii2.0配置手册

nginx1.9.4 +php 5.5.29+yii2.0配置手册 目录 一.????php5.5.29安装配置????2 二.????nginx1.9.4安装配置????2 三.????yii2.0安装配置????2 1.????基础版安装????2 2.????高级版安装????8 四.????问题????8 五.????参考资料????8 六.????附注????8 ? ? ? php5.5.29安装配置 php下载地址:http://php.net/downloads.php 下载php

[wxWidgets]_[初级]_[配置codeblock+wxWidgets3.0.1开发环境]

配置Codeblock+wxWidgets-3.0.1开发环境 作者: Sai 1. 下载codeblock,进官网,首先提醒下,下载工具一定要进官网,最新,没木马. http://www.codeblocks.org/downloads/binaries 选在SourceForge.net下载吧. codeblocks-13.12mingw-setup-TDM-GCC-481.exe 2. 下载最新wxWidgets版本 3.0.1稳定版. http://www.wxwidgets.org/d

AMP+EPP3.0的开发环境配置

经过摸索,总结出下列Apache.MySQL.PHP.EPP.ZendDebugger的开发环境配置方法: 版本: Apache: Apache-httpd-2.2.25-win32-x86-no_ssl.msi MySQL:mysql-5.5.28-win32.zip PHP:php-5.3.28-Win32-VC9-x86.msi EPP:EPP3_Setup.rar ZendDebugger:ZendDebugger-20110410-cygwin_nt-i386.zip 一.先安装上述软