最近,在做CAS单点登陆的一个模块,由于公司的产品太多,各个系统都要部署,在开发中Https的证书的部署比较麻烦,所以,打算把CAS的Https去掉。具体的修改如下
1.修改cas-servlet.xml
把上面连个bean中的p:cookieSecure="true "修改为p:cookieSecure="false"
2.修改deployerConfigContext.xml
添加p:requireSecure="false"
3.修改casclient的客户端
修改客户端的https验证
(1).edu.yale.its.tp.cas.client.filter.edu.yale.its.tp.cas.client.filter
把这两段内容注释掉
(2).修改edu.yale.its.tp.cas.util.SecureURL
把这段内容注释掉
1.修改cas-servlet.xml
- <bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
- p:cookieSecure="true"
- p:cookieMaxAge="-1"
- p:cookieName="CASPRIVACY"
- p:cookiePath="/cas" />
- <bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
- p:cookieSecure="true "
- p:cookieMaxAge="-1"
- p:cookieName="CASTGC"
- p:cookiePath="/cas" />
<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" p:cookieSecure="true" p:cookieMaxAge="-1" p:cookieName="CASPRIVACY" p:cookiePath="/cas" /> <bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" p:cookieSecure="true " p:cookieMaxAge="-1" p:cookieName="CASTGC" p:cookiePath="/cas" />
把上面连个bean中的p:cookieSecure="true "修改为p:cookieSecure="false"
2.修改deployerConfigContext.xml
- <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
- p:httpClient-ref="httpClient" />
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" />
添加p:requireSecure="false"
3.修改casclient的客户端
修改客户端的https验证
(1).edu.yale.its.tp.cas.client.filter.edu.yale.its.tp.cas.client.filter
- if (! casValidate.startsWith("https://")){
- throw new ServletException("validateUrl must start with https://, its current value is [" + casValidate + "]");
- }
- if (casServiceUrl != null){
- if (! (casServiceUrl.startsWith("https://")|| (casServiceUrl.startsWith("http://") ))){
- throw new ServletException("service URL must start with http:// or https://; its current value is [" + casServiceUrl + "]");
- }
- }
if (! casValidate.startsWith("https://")){ throw new ServletException("validateUrl must start with https://, its current value is [" + casValidate + "]"); } if (casServiceUrl != null){ if (! (casServiceUrl.startsWith("https://")|| (casServiceUrl.startsWith("http://") ))){ throw new ServletException("service URL must start with http:// or https://; its current value is [" + casServiceUrl + "]"); } }
把这两段内容注释掉
(2).修改edu.yale.its.tp.cas.util.SecureURL
- if (!u.getProtocol().equals("https")){
- // IOException may not be the best exception we could throw here
- // since the problem is with the URL argument we were passed, not
- // IO. -awp9
- log.error("retrieve(" + url + ") on an illegal URL since protocol was not https.");
- throw new IOException("only 'https' URLs are valid for this method");
- }
if (!u.getProtocol().equals("https")){ // IOException may not be the best exception we could throw here // since the problem is with the URL argument we were passed, not // IO. -awp9 log.error("retrieve(" + url + ") on an illegal URL since protocol was not https."); throw new IOException("only 'https' URLs are valid for this method"); }
把这段内容注释掉