步骤如下
一:
在cas-4.0.0\cas-server-webapp\pom.xml中添加依赖后(如下方所示),打开cmd在cas-4.0.0\cas-server-webapp文件夹下运行mvn clean package,然后将cas-4.0.0\cas-server-webapp\target下的cas.war包部署至tomcat
Xml代码
- <dependency>
- <groupId>org.jasig.cas</groupId>
- <artifactId>cas-server-support-jdbc</artifactId>
- <version>${project.version}</version>
- <type>jar</type>
- </dependency>
- <!-- https://mvnrepository.com/artifact/commons-dbcp/commons-dbcp -->
- <dependency>
- <groupId>commons-dbcp</groupId>
- <artifactId>commons-dbcp</artifactId>
- <version>1.4</version>
- </dependency>
- <!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
- <dependency>
- <groupId>mysql</groupId>
- <artifactId>mysql-connector-java</artifactId>
- <version>5.1.6</version>
- </dependency>
二:
本地创建数据库,并新建表 cas_user,创建语句如下载
Sql代码
- create table cas_user (
- id bigint not null auto_increment,
- email varchar(255),
- username varchar(255) not null unique,
- name varchar(255),
- password varchar(255),
- primary key (id)
- ) ENGINE=InnoDB;
三:
配置数据库相关文件,在tomcat-for-cas\webapps\cas\WEB-INF\deployerConfigContext.xml中配置对应的datasource,数据库地址,用户名,密码,以及查询用户的sql。需要注意的是,如果是自己建的表,要把相应的字段名,数据库名替换掉,以及,不要忘记注释掉默认用户名密码的配置(casuser/Mellon)。下载以下配置可以全拷贝
Xml代码
- <?xml version="1.0" encoding="UTF-8"?>
- <!--
- Licensed to Jasig under one or more contributor license
- agreements. See the NOTICE file distributed with this work
- for additional information regarding copyright ownership.
- Jasig licenses this file to you under the Apache License,
- Version 2.0 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a
- copy of the License at the following location:
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
- -->
- <!--
- | deployerConfigContext.xml centralizes into one file some of the declarative configuration that
- | all CAS deployers will need to modify.
- |
- | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment.
- | The beans declared in this file are instantiated at context initialization time by the Spring
- | ContextLoaderListener declared in web.xml. It finds this file because this
- | file is among those declared in the context parameter "contextConfigLocation".
- |
- | By far the most common change you will need to make in this file is to change the last bean
- | declaration to replace the default authentication handler with
- | one implementing your approach for authenticating usernames and passwords.
- +-->
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:tx="http://www.springframework.org/schema/tx"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:sec="http://www.springframework.org/schema/security"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
- http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
- <!--
- | The authentication manager defines security policy for authentication by specifying at a minimum
- | the authentication handlers that will be used to authenticate credential. While the AuthenticationManager
- | interface supports plugging in another implementation, the default PolicyBasedAuthenticationManager should
- | be sufficient in most cases.
- +--> 下载
- <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
- <constructor-arg>
- <map>
- <!--
- | IMPORTANT
- | Every handler requires a unique name.
- | If more than one instance of the same handler class is configured, you must explicitly
- | set its name to something other than its default name (typically the simple class name).
- -->
- <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
- <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />
- </map>
- </constructor-arg>
- <!-- Uncomment the metadata populator to allow clearpass to capture and cache the password
- This switch effectively will turn on clearpass.
- <property name="authenticationMetaDataPopulators">
- <util:list>
- <bean class="org.jasig.cas.extension.clearpass.CacheCredentialsMetaDataPopulator"
- c:credentialCache-ref="encryptedMap" />
- </util:list>
- </property>
- -->
- <!--
- | Defines the security policy around authentication. Some alternative policies that ship with CAS:
- |
- | * NotPreventedAuthenticationPolicy - all credential must either pass or fail authentication
- | * AllAuthenticationPolicy - all presented credential must be authenticated successfully
- | * RequiredHandlerAuthenticationPolicy - specifies a handler that must authenticate its credential to pass
- -->
- <property name="authenticationPolicy">
- <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
- </property>
- </bean>
- <!-- Required for proxy ticket mechanism. -->
- <bean id="proxyAuthenticationHandler"
- class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
- p:httpClient-ref="httpClient" p:requireSecure="true" />
- <!--
- | TODO: Replace this component with one suitable for your enviroment.
- |
- | This component provides authentication for the kind of credential used in your environment. In most cases
- | credential is a username/password pair that lives in a system of record like an LDAP directory.
- | The most common authentication handler beans:
- | 下载
- | * org.jasig.cas.authentication.LdapAuthenticationHandler
- | * org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler
- | * org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler
- | * org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler
- -->
- <bean id="primaryAuthenticationHandler"
- class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
- <property name="dataSource" ref="dataSource"/>
- <property name="sql" value="select password from cas_user where username = ?"/>
- </bean>
- <!-- Required for proxy ticket mechanism -->
- <bean id="proxyPrincipalResolver"
- class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
- <!--
- | Resolves a principal from a credential using an attribute repository that is configured to resolve
- | against a deployer-specific store (e.g. LDAP).
- -->
- <bean id="primaryPrincipalResolver"
- class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" >
- <property name="attributeRepository" ref="selfAttributeRepository" />
- </bean>
- <!--
- Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation
- may go against a database or LDAP server. The id should remain "attributeRepository" though.
- +-->
- <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"
- p:backingMap-ref="attrRepoBackingMap" />
- <util:map id="attrRepoBackingMap">
- <entry key="uid" value="uid" />
- <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
- <entry key="groupMembership" value="groupMembership" />
- </util:map>
- <!--
- Sample, in-memory data store for the ServiceRegistry. A real implementation
- would probably want to replace this with the JPA-backed ServiceRegistry DAO
- The name of this bean should remain "serviceRegistryDao".
- +-->
- <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
- p:registeredServices-ref="registeredServicesList" />
- <util:list id="registeredServicesList">
- <bean class="org.jasig.cas.services.RegexRegisteredService"
- p:id="0" p:name="HTTP and IMAP" p:description="Allows HTTP(S) and IMAP(S) protocols"
- p:serviceId="^(https?|imaps?)://.*" p:evaluationOrder="10000001" />
- <!--
- Use the following definition instead of the above to further restrict access
- to services within your domain (including sub domains).
- Note that example.com must be replaced with the domain you wish to permit.
- This example also demonstrates the configuration of an attribute filter
- that only allows for attributes whose length is 3.
- -->
- <!--
- <bean class="org.jasig.cas.services.RegexRegisteredService">
- <property name="id" value="1" />
- <property name="name" value="HTTP and IMAP on example.com" />
- <property name="description" value="Allows HTTP(S) and IMAP(S) protocols on example.com" />
- <property name="serviceId" value="^(https?|imaps?)://([A-Za-z0-9_-]+\.)*example\.com/.*" />
- <property name="evaluationOrder" value="0" />
- <property name="attributeFilter">
- <bean class="org.jasig.cas.services.support.RegisteredServiceRegexAttributeFilter" c:regex="^\w{3}$" />
- </property>
- </bean>
- -->
- </util:list>
- <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
- <bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" />
- 下载
- <util:list id="monitorsList">
- <bean class="org.jasig.cas.monitor.MemoryMonitor" p:freeMemoryWarnThreshold="10" />
- <!--
- NOTE
- The following ticket registries support SessionMonitor:
- * DefaultTicketRegistry
- * JpaTicketRegistry
- Remove this monitor if you use an unsupported registry.
- -->
- <bean class="org.jasig.cas.monitor.SessionMonitor"
- p:ticketRegistry-ref="ticketRegistry"
- p:serviceTicketCountWarnThreshold="5000"
- p:sessionCountWarnThreshold="100000" />
- </util:list>
- <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
- <property name="driverClassName">
- <value>com.mysql.jdbc.Driver</value>
- </property>
- <property name="url">
- <value>jdbc:mysql://localhost:3306/test</value>
- </property>
- <property name="username">
- <value>root</value>
- </property>
- <property name="password">
- <value>123456</value>
- </property>
- </bean>
- <bean id="selfAttributeRepository"
- class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
- <constructor-arg index="0" ref="dataSource" />
- <constructor-arg index="1"
- value="select username,password from cas_user where {0}" />
- <!-- 组装sql用的查询条件属性 -->
- <property name="queryAttributeMapping">
- <map>
- <!-- key必须是uername而且是小写否则会导致取不到用户的其它信息,value对应数据库用户名字段,系统会自己匹配 -->
- <entry key="username" value="username" />
- <entry key="password" value="password" />
- </map>
- </property>
- <property name="resultAttributeMapping">
- <map>
- <!-- key为对应的数据库字段名称,value为提供给客户端获取的属性名字,系统会自动填充值 -->
- <entry key="username" value="username"></entry>
- <entry key="password" value="password"></entry>
- </map>
- </property>
- </bean>
- </beans>
时间: 2024-10-10 22:06:42