CAS 4.0 配置开发手冊

1    下载

地址http://downloads.jasig.org/

cas-server-4.0.0-release.tar.gz

cas-client-3.3.3-release.tar.gz

2    配置

解压cas-server-4.0.0。将当中module/cas-server-webapp-4.0.0.war拷贝到Tomcat的webapps文件夹下,重命名为cas.war。启动Tomcat解开压缩。

2.1 CAS的HTTP模式与HTTPS设置


1)cas\WEB-INF\deployerConfigContext.xml。新增p:requireSecure="false"

<bean id="proxyAuthenticationHandler"          class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"

p:httpClient-ref="httpClient" p:requireSecure="false"/>

2)cas\WEB-INF\spring-configuration

ticketGrantingTicketCookieGenerator.xml设置p:cookieSecure="false"

warnCookieGenerator.xml设置p:cookieSecure="false"

http://localhost:8080/cas。进入登录页面。

默认用户为casuser/Mellon,登录成功即配置完毕。

2.2 设置利用数据库来验证用户

需依赖:c3p0-0.9.1.2.jar。mysql-connector-java-5.1.21.jar。cas-server-support-jdbc-4.0.0.jar


cas\WEB-INF\deployerConfigContext.xml

1)更换验证方式

<!--

<bean id="primaryAuthenticationHandler"

class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">

<property name="users">

<map>

<entry key="casuser" value="Mellon"/>

</map>

</property>

</bean>

-->

<!-- Define the DB Connection -->

<bean id="dataSource"

class="com.mchange.v2.c3p0.ComboPooledDataSource"

p:driverClass="com.mysql.jdbc.Driver"

p:jdbcUrl="jdbc:mysql://127.0.0.1:3306/hztraffic?useUnicode=true&amp;characterEncoding=UTF-8&amp;zeroDateTimeBehavior=convertToNull"

p:user="root"

p:password="root" />

<!-- Define the encode method-->

<!--<bean id="passwordEncoder"

class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" autowire="byName">

<constructor-arg value="MD5"/>

</bean> -->

<bean id="passwordEncoder"

class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"

c:encodingAlgorithm="MD5"

p:characterEncoding="UTF-8" />

<bean id="dbAuthHandler"

class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"

p:dataSource-ref="dataSource"

p:sql="select password from hztraffic.user_data where name=?

and used=1"

p:passwordEncoder-ref="passwordEncoder"/>

<!-- p:passwordEncoder-ref="passwordEncoder" -->

2)更换验证Handle

<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">

<constructor-arg>

<map>

<!--

| IMPORTANT

| Every handler requires a unique name.

| If more than one instance of the same handler class is configured, you must explicitly

| set its name to something other than its default name (typically the simple class name).

-->

<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />

<entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver" />

<!-- <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" /> -->

</map>

</constructor-arg>

http://localhost:8080/cas,进入登录页面。

默认用户为casuser/Mellon,登录成功即配置完毕。

3    编译

3.1 Eclipse导入project

3.2 License文件设置

Failed goal com.mycila.maven-license-plugin

注意src文件夹与cas-server-webapp平级,此外,不论什么关于Sever文件的改动,文件头的License声明须要加入。

JSP/JS/CSS。否则编译检測通过不了。


<%--

Licensed to Jasig under one or more contributor license

agreements. See the NOTICE file distributed with this work

for additional information regarding copyright ownership.

Jasig licenses this file to you under the
Apache License,

Version 2.0 (the "License"); you may not use this file

except in compliance with the License.  You may obtain a

copy of the License at the following location:

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,

software distributed under the License is distributed on an

"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

KIND, either express or implied.  See the License for the

specific language governing permissions and limitations

under the License.

--%>

4    定制

4.1 登录/登出页面

4.2 同意退出后重定向

5    接入

5.1 WEB接入

5.1.1 非Spring模式

在ClientprojectWEB-INF/lib下加入cas-client-core-3.2.1.jar包。

改动web.xml例如以下:


<!-- ======================== 单点登录/登出 ======================== -->

<!-- 该过滤器用于实现单点登出功能,可选配置。 -->

<filter>

<filter-name>CAS Single Sign Out Filter</filter-name>

<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>

</filter>

<!-- 该过滤器负责用户的认证工作,必须启用它 -->

<filter>

<filter-name>CAS Authentication Filter</filter-name>

<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>

<init-param>

<param-name>casServerLoginUrl</param-name>

<param-value>https://localhost:8443/cas/login</param-value>

</init-param>

<init-param>

<param-name>serverName</param-name>

<param-value>http://localhost:8080</param-value>

</init-param>

</filter>

<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->

<filter>

<filter-name>CAS Validation Filter</filter-name>

<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>

<init-param>

<param-name>casServerUrlPrefix</param-name>

<param-value>https://localhost:8443/cas</param-value>

</init-param>

<init-param>

<param-name>serverName</param-name>

<param-value>http://localhost:8080</param-value>

</init-param>

<init-param>

<param-name>redirectAfterValidation</param-name>

<param-value>true</param-value>

</init-param>

</filter>

<!-- 该过滤器负责实现HttpServletRequest请求的包裹,

比方同意开发人员通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名。可选配置。
-->

<filter>

<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>

<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>

</filter>

<!-- 该过滤器使得开发人员能够通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。

比方AssertionHolder.getAssertion().getPrincipal().getName()。

-->

<filter>

<filter-name>CAS Assertion Thread Local Filter</filter-name>

<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>

</filter>

<filter-mapping>

<filter-name>CAS Single Sign Out Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>CAS Authentication Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>CAS Validation Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>CAS Assertion Thread Local Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<listener>

<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>

</listener>

<!-- ======================== 单点登录/登出结束 ======================== -->

如今执行Clientproject,首次訪问任一页面就会跳转到https://localhost:8443/cas/login进行认证。同一时候,把你的退出链接设置为:https://sso.wsria.com/cas/logout 就可以实现单点推出。

5.1.2 Spring方式

引用cas-client-core.jar

Web.xml。注意casSingleSignOutFilter必须位于最前面


<listener>       
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>

</listener>

<!-- ======================== 单点登录/登出 ======================== -->

<filter>

<filter-name>casSingleSignOutFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>casSingleSignOutFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter>

<filter-name>casAuthenticationFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>casAuthenticationFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter>

<filter-name>casTicketValidationFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>casTicketValidationFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter>

<filter-name>casHttpServletRequestWrapperFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>casHttpServletRequestWrapperFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter>

<filter-name>casAssertionThreadLocalFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>casAssertionThreadLocalFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<!-- ======================== 单点登录/登出结束 ======================== -->

appliationContext.xml


<bean
id="casSingleSignOutFilter"

        class="org.jasig.cas.client.session.SingleSignOutFilter"
/>

<bean
name="casAuthenticationFilter"

class="org.jasig.cas.client.authentication.AuthenticationFilter"

p:casServerLoginUrl="http://localhost:9000/uq-w-cas/login"

p:renew="false"

p:gateway="false"
p:serverName="http://localhost:8080"
/>

<bean
name="casTicketValidationFilter"

class="org.jasig.cas.client.validation.Cas10TicketValidationFilter"

p:serverName="http://localhost:8080"

p:redirectAfterValidation="true">

<property
name="ticketValidator">

<bean
class="org.jasig.cas.client.validation.Cas10TicketValidator">

<!-- 相应于casServerUrlPrefix -->

<constructor-arg
index="0"
value="http://localhost:9000/uq-w-cas"
/>

</bean>

</property>

</bean>

<bean
id="casHttpServletRequestWrapperFilter"

class="org.jasig.cas.client.util.HttpServletRequestWrapperFilter"
/>

<bean
id="casAssertionThreadLocalFilter"

class="org.jasig.cas.client.util.AssertionThreadLocalFilter"
/>

页面


<%

AttributePrincipal  principal= (AttributePrincipal)request.getUserPrincipal();

String username = "i am username";

if(null!=principal){

username=principal.getName();

%>

<h1>登录成功,这是client1啊</h1><br/>

用户名:<%=username
%><br/>

<a
href="http://localhost:8989/Casclient2/index.jsp">进入客户端2</a><br/>

<a
href="http://localhost:9000/uq-w-cas/logout?service=http://localhost:9000/uq-w-cas/">退出</a><br/

<%

}

%>

5.2 client

project依赖例如以下:


import java.io.BufferedReader;

import java.io.IOException;

import java.io.InputStreamReader;

import java.util.ArrayList;

import java.util.List;

import org.apache.http.HttpEntity;

import org.apache.http.HttpResponse;

import org.apache.http.NameValuePair;

import org.apache.http.client.entity.UrlEncodedFormEntity;

import org.apache.http.client.methods.HttpGet;

import org.apache.http.client.methods.HttpPost;

import org.apache.http.cookie.Cookie;

import org.apache.http.impl.client.DefaultHttpClient;

import org.apache.http.message.BasicNameValuePair;

import org.apache.http.protocol.HTTP;

public
class CasUtil {

//Cas server address

static
final String server =
"http://localhost:9000/cas/login";

public
static void main(String[] args)
throws IOException {

//Login and get the cookie

Cookie cookie = getTicketGrantingTicket(server,
"13082838818",

"13082838818");

if (cookie !=
null) {

System.out.println(cookie);

}

}

private
static Cookie getTicketGrantingTicket(String server,

String username, String password) throws IOException {

DefaultHttpClient client = new DefaultHttpClient();

HttpPost post = new HttpPost(server);

//Login parameters

List<NameValuePair> nvps = new ArrayList<NameValuePair>();

nvps.add(new BasicNameValuePair("username", username));

nvps.add(new BasicNameValuePair("password", password));

String[] dynamicPara = doCasLoginRequest(client, server);

nvps.add(new BasicNameValuePair("lt", dynamicPara[0]));

nvps.add(new BasicNameValuePair("execution", dynamicPara[1]));

nvps.add(new BasicNameValuePair("_eventId",
"submit"));

//Font Code

post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));

try {

HttpResponse response = client.execute(post);

HttpEntity entity = response.getEntity();

if (entity !=
null) {

//CASTGC: the default cookie name

Cookie cookie = getCookieValue(client,
"CASTGC");

entity.consumeContent();

return cookie;

}

} catch (Exception e) {

e.printStackTrace();

}

return
null;

}

private
static Cookie getCookieValue(DefaultHttpClient httpclient,

String name) {

List<Cookie> cookies = httpclient.getCookieStore().getCookies();

if (cookies.isEmpty()) {

return
null;

} else {

for (int i = 0; i < cookies.size(); i++) {

Cookie cookie = cookies.get(i);

if (cookie.getName().equalsIgnoreCase(name)) {

return cookie;

}

}

}

return
null;

}

//Simulate the login action and get the dynamic parameters
lt and execution

private
static String[] doCasLoginRequest(DefaultHttpClient httpclient,

String url) throws IOException {

String[] result = new String[2];

HttpGet httpget = new HttpGet(url);

HttpResponse response = httpclient.execute(httpget);

HttpEntity entity = response.getEntity();

BufferedReader rd = new BufferedReader(new InputStreamReader(

entity.getContent(), "UTF-8"));

String tempLine = rd.readLine();

String sLt = "<input type=\"hidden\" name=\"lt\" value=\"";

String sEx = "<input type=\"hidden\" name=\"execution\" value=\"";

while (tempLine !=
null) {

int iLt = tempLine.indexOf(sLt);

int iEx = tempLine.indexOf(sEx);

if (iLt != -1) {

String s1 = tempLine.substring(iLt + sLt.length());

int index1 = s1.indexOf("\"");

if (index1 != -1)

result[0] = s1.substring(0, index1);

}

if (iEx != -1) {

String s1 = tempLine.substring(iEx + sEx.length());

int index1 = s1.indexOf("\"");

if (index1 != -1)

result[1] = s1.substring(0, index1);

}

tempLine = rd.readLine();

}

if (entity !=
null) {

entity.consumeContent();

}

return result;

}

//Cookie convert

private javax.servlet.http.Cookie
convertToServletCookie(Cookie cookie) {

javax.servlet.http.Cookie retCookie = new javax.servlet.http.Cookie(

cookie.getName(), cookie.getValue());

retCookie.setComment(cookie.getComment());

retCookie.setDomain(cookie.getDomain());

retCookie.setHttpOnly(false);

retCookie.setSecure(false);

retCookie.setPath(cookie.getPath());

retCookie.setVersion(cookie.getVersion());

retCookie.setMaxAge((int) ((cookie.getExpiryDate().getTime() - System

.currentTimeMillis()) / 1000));

return retCookie;

}

}

部分图片未上传。如有须要,请给我留言。

时间: 2024-10-11 22:02:07

CAS 4.0 配置开发手冊的相关文章

CAS 4.0 配置开发手册

1    下载 地址http://downloads.jasig.org/ cas-server-4.0.0-release.tar.gz cas-client-3.3.3-release.tar.gz 2    配置 解压cas-server-4.0.0,将其中module/cas-server-webapp-4.0.0.war复制到Tomcat的webapps目录下,重命名为cas.war,启动Tomcat解开压缩. 2.1 CAS的HTTP模式与HTTPS设置 1)cas\WEB-INF\

阿里Java开发手冊之编程规约

对于程序猿来说,编程规范能够养成良好的编程习惯,提高代码质量,减少沟通成本.就在2月9号,阿里出了一份Java开发手冊(正式版),分为编程规约.异常日志.MySQL规约,project规约.安全规约五个章节. 这里我依据阿里的编程规约,重点记录(黑色加粗部分)自己还未做好的一些规范,同一时候方便查阅. 编程规约 一.命名规约 [强制]代码中的命名均不能下面划线或美元符号開始.也不能下面划线或美元符号结束. 反例: _name / __name / $Object / name_ / name$

Hadoop-2.4.0分布式安装手冊

文件夹 文件夹 1 1. 前言 2 2. 部署 2 2.1. 机器列表 2 2.2. 主机名 2 2.2.1. 暂时改动主机名 3 2.2.2. 永久改动主机名 3 2.3. 免password登录范围 4 3. 约定 4 3.1. 安装文件夹约定 4 3.2. 服务port约定 5 4. 工作详单 6 5. JDK安装 6 5.1. 下载安装包 6 5.2. 安装步骤 6 6. 免passwordssh2登录 7 7. Hadoop安装和配置 8 7.1. 下载安装包 8 7.2. 安装和环境

vue 3.0 配置开发环境和测试环境

1.在项目里的根目录里加入了3个文件(与vue.config.js同级) .env   线上环境 .env.development 开发环境 .env.testbuild  测试环境 2.在上边3个文件中: 使用VUE_APP_URL = “接口url”书写格式:VUE_APP_[自定义name] 3在pakejson里面配置打包环境 4.在config里面部分配置 module.exports = { publicPath:'/',    // 公共路径 outputDir: 'dist',

OBIEE开发手冊

Creating a Repository Using the Oracle BI 11g Administration Tool http://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/bi/bi11115/biadmin11g_02/biadmin11g.htm?cid=5690&ssid=0 Creating Analyses and Building Dashboards http://www.oracle.com/we

OAM配置代理手冊

?? 创建webgate与ohs共享实例,copy文件到ohs实例文件夹. 1)进入webgage部署工具文件夹 ????? Cd ?/%webgate_home%/webgate/ohs/tools/deployWebGate ????????? 2)运行部署命令: ???? ./deployWebGateInstance.sh –w /%wt_home%/ /instances/instance1/config/OHS/ohs1–oh /%webgate_home% ???????????

逗比之——程序猿装逼手冊1(0基础版)

一.准备工作 "工欲善其事必先利其器." 1.电脑不一定要配置高,可是双屏是必须的,越大越好,能一个横屏一个竖屏更好.一个用来查资料,一个用来写代码.总之要显得信息量非常大,效率非常高. 2.椅子不一定要舒服,可是一定要能够半躺着. 3.大量的便签,各种的颜色的,用来记录每天要完毕的事务,多多益善.沿着电脑屏幕的边框,尽量贴满,显出有非常多事情的样子. 4.工具书,orelly的,机械工业,电子工业什么的都能够,能英文就英文,不行影印版的也能够,反正越厚越好,并且千万不要放在书架上,一

[wxWidgets]_[初级]_[配置codeblock+wxWidgets3.0.1开发环境]

配置Codeblock+wxWidgets-3.0.1开发环境 作者: Sai 1. 下载codeblock,进官网,首先提醒下,下载工具一定要进官网,最新,没木马. http://www.codeblocks.org/downloads/binaries 选在SourceForge.net下载吧. codeblocks-13.12mingw-setup-TDM-GCC-481.exe 2. 下载最新wxWidgets版本 3.0.1稳定版. http://www.wxwidgets.org/d

Oracle 10g 10.2.0.1 在Oracle Linux 5.4 32Bit RAC安装手冊(一抹曦阳)

Oracle 10g 10.2.0.1 在Oracle Linux 5.4 32Bit RAC安装手冊(一抹曦阳).pdf下载地址 ,step by step http://download.csdn.net/detail/rlhua/7699223