oracle的va、biee与cas集成(版本12c)

一、biee单点登录

注:12c的实现方式和11g的实现方式大致都差不多。所以可以参考以下11g的操作步骤,链接如下:

http://blog.csdn.net/biplusplus/article/details/7884268

按照上面的链接操作完后,会发现还需要做相关的验证。


接下来就特别说明一下12c和11g的区别:

如果你仔细研究过"analytics.war"中的"web.xml"配置文件,就会发现多了一个筛选器配置

<filter>
      <filter-name>BISecurityFilter</filter-name>
      <filter-class>oracle.bi.security.filter.BISecurityFilter</filter-class>
      <init-param>
         <param-name>oracle.bi.security.filter.configuration.class</param-name>
         <param-value>com.siebel.analytics.web.SecurityFilterConfiguration</param-value>
      </init-param>
</filter>
<filter-mapping>
      <filter-name>BISecurityFilter</filter-name>
      <servlet-name>SAWBridge</servlet-name>
</filter-mapping>

正是因为这个筛选器所以失败了。


为了通过BISecurityFilter需要做如下的修改:

1、在BISecurityFilter筛选器前面添加一个“自定义筛选器”(作用:添加BISecurityFilter验证所需的cookie信息)

<filter>
	<filter-name>CasForInvokeContextFilter</filter-name>
	<filter-class>CasForInvokeContextFilter</filter-class>
</filter>
<filter-mapping>
	<filter-name>CasForInvokeContextFilter</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>


2、创建筛选器类

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import oracle.bi.security.BISecurityException;
import oracle.bi.security.login.BISessionToken;
import oracle.bi.security.system.SystemUser;

public class CasForInvokeContextFilter implements Filter {

	ServletContext sc = null;

	@Override
	public void destroy() {
	}

	@Override
	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
			throws IOException, ServletException {
		// 如果session中没有用户信息,则填充用户信息

		HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
		HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;

		String userName = httpServletRequest.getRemoteUser();
		SystemUser systemUser = SystemUser.getInstance();
		String encodeName = null;

		try {
			encodeName = systemUser.encryptWithSystemUserToken(userName);
		} catch (BISecurityException e) {
			e.printStackTrace();
		}

		Cookie sessionCookie = getCookie(httpServletRequest, BISessionToken.BI_SESSION_ID_COOKIE_NAME);
		if (sessionCookie != null && sessionCookie.getMaxAge() != 0) {
			// do nothing
		} else {
			Cookie cookie = new Cookie(BISessionToken.BI_SESSION_ID_COOKIE_NAME, encodeName);
			httpServletResponse.addCookie(cookie);
			// 让浏览器刷新,因为下一个filter里取不到cookie还,需要刷新一下
			httpServletResponse.sendRedirect(httpServletRequest.getRequestURL().toString());

			return;
		}

		chain.doFilter(servletRequest, servletResponse);

	}

	@Override
	public void init(FilterConfig config) throws ServletException {
		sc = config.getServletContext();
	}

	public Cookie getCookie(HttpServletRequest httpServletRequest, String name) {
		Cookie cookie = null;

		if (httpServletRequest.getCookies() != null) { // 如果Cookie不为空
			for (Cookie ob : httpServletRequest.getCookies()) { // 遍历Cookie
				if (ob.getName().equals(name)) {
					cookie = ob;
					break;
				}
			}
		}

		return cookie;
	}
}


注:里面有很多类都是来自下图中的包,例如:BISecurityException、BISessionToken、SystemUser



到此为止biee单点登录完成。




二、va单点登录

va和biee的差不多,biee需要操作的步骤va都要做,

不一样的是va中多了一个“weblogic容器资源保护机制”,仔细看“bitech-analysis-application-VASSO.ear--->bitech-analysis-webapp.war-->web.xml”,就会发现多了

以下配置:

	<login-config>
		<auth-method>CLIENT-CERT,FORM</auth-method>
		<form-login-config>
			<form-login-page>/login.jsp</form-login-page>
			<form-error-page>/login_failed.jsp</form-error-page>
		</form-login-config>
	</login-config>
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>freepages</web-resource-name>
			<url-pattern>/progress.gif</url-pattern>
			<url-pattern>/login.jsp</url-pattern>
			<url-pattern>/login_bics10.jsp</url-pattern>
			<url-pattern>/api/v1/plugins/*</url-pattern>
			<url-pattern>
				/api/v1/plugins/registry/requirejsConfig.js
			</url-pattern>
			<url-pattern>/loginhelper.js</url-pattern>
			<url-pattern>/loginhelper.css</url-pattern>
			<url-pattern>/login_failed.css</url-pattern>
		</web-resource-collection>
	</security-constraint>
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>*</web-resource-name>
			<url-pattern>/</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>valid-users</role-name>
		</auth-constraint>
	</security-constraint>
	<security-role>
		<role-name>valid-users</role-name>
	</security-role>


该配置是weblogic用来保护资源的,即使已经通过单点登录了,也逃不了再次登录。

(我也尝试过去掉该验证,虽然去掉了,但是正真访问资源的时候,就会提示权限不够,估计是va项目中有相关的判断)


为了实现只登录一次,在原来的基础上做了如下修改:


1、在web.xml中添加新的筛选器(放在筛选器的最后面)

<span style="white-space:pre">	</span><filter>
		<filter-name>ParameterFilter</filter-name>
		<filter-class>ParamFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>ParameterFilter</filter-name>
		<url-pattern>/login.jsp</url-pattern>
		<dispatcher>REQUEST</dispatcher>
		<dispatcher>FORWARD</dispatcher>
	</filter-mapping>

2、编写ParamFilter类

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;


public class ParamFilter implements Filter {

	@Override
	public void init(FilterConfig filterConfig) throws ServletException {
		// TODO Auto-generated method stub

	}

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		
		Map<String, String[]> m = new HashMap<String, String[]>(request.getParameterMap());
		//添加用户名密码
		m.put("j_username", new String[]{"hwp"});
		m.put("j_password", new String[]{"123"});
		
		request = new ParameterRequestWrapper((HttpServletRequest) request, m);
		
		
		chain.doFilter(request, response);
	}

	@Override
	public void destroy() {
		// TODO Auto-generated method stub

	}

}


import java.util.Enumeration;
import java.util.Map;
import java.util.Vector;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

class ParameterRequestWrapper extends HttpServletRequestWrapper {

	private Map<String, String[]> params;

	public ParameterRequestWrapper(HttpServletRequest request, Map<String, String[]> newParams) {
		super(request);
		
		this.params = newParams;

		// RequestDispatcher.forward parameter
		renewParameterMap(request);
		
	}

	@Override
	public String getParameter(String name) {
		String result = "";

		Object v = params.get(name);
		if (v == null) {
			result = null;
		} else if (v instanceof String[]) {
			String[] strArr = (String[]) v;
			if (strArr.length > 0) {
				result = strArr[0];
			} else {
				result = null;
			}
		} else if (v instanceof String) {
			result = (String) v;
		} else {
			result = v.toString();
		}

		return result;
	}

	@Override
	public Map<String, String[]> getParameterMap() {
		return params;
	}

	@Override
	public Enumeration<String> getParameterNames() {
		return new Vector<String>(params.keySet()).elements();
	}

	@Override
	public String[] getParameterValues(String name) {
		String[] result = null;

		Object v = params.get(name);
		if (v == null) {
			result = null;
		} else if (v instanceof String[]) {
			result = (String[]) v;
		} else if (v instanceof String) {
			result = new String[] { (String) v };
		} else {
			result = new String[] { v.toString() };
		}

		return result;
	}

	private void renewParameterMap(HttpServletRequest req) {
		
		String queryString = req.getQueryString();

		if (queryString != null && queryString.trim().length() > 0) {
			
			String[] params = queryString.split("&");

			for (int i = 0; i < params.length; i++) {
				int splitIndex = params[i].indexOf("=");
				if (splitIndex == -1) {
					continue;
				}

				String key = params[i].substring(0, splitIndex);

				if (!this.params.containsKey(key)) {
					if (splitIndex < params[i].length()) {
						String value = params[i].substring(splitIndex + 1);
						this.params.put(key, new String[] { value });
					}
				}
			}
		}
		
	}

}

3、自定义登录页面login.jsp(作用:自动提交表单、用户名和密码来自后台)


<%@ page language="java" contentType="text/html; charset=UTF-8"
	pageEncoding="UTF-8"%>
<%@taglib prefix="userfn" uri="mytaglib"%> 
<!DOCTYPE html>
<html> 
<body>
	
	<form name="forms1" action="j_security_check" method="POST" hidden="true">
		<input id="idUser" name="j_username" type="text" value="${userfn:getUserName(pageContext)}"  hidden="true"/>  
		<input id="idPassword" name="j_password" type="password" value="${userfn:getUserPassword(pageContext)}"  hidden="true"/> 
		<input type="submit" value="登录"  hidden="true">
	</form>
	

	<script type="text/javascript">
		document.forms1.submit();
	</script>

</body>

</html>

在web.xml中添加标签配置

<span style="white-space:pre">	</span><jsp-config>
		<taglib>
			<taglib-uri>mytaglib</taglib-uri>
			<taglib-location>/WEB-INF/userfn.tld</taglib-location>
		</taglib>
	</jsp-config>


新增tld文件


<?xml version="1.0" encoding="UTF-8" ?>
<taglib xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
	version="2.0">
	<tlib-version>1.0</tlib-version>
	<short-name>userfn</short-name>
	<function>
		<!--EL页面调用名字 -->
		<name>getUserName</name>
		<!--指定标签的处理类,指定了标签由哪个Java类来处理。 -->
		<function-class>taglib.function.UserFunction</function-class>
		<!--指定EL页面调用名字中实际调用的方法.指定处理类的实际方法.参数和回调函数要写完整路径 -->
		<function-signature>java.lang.String getUserName(javax.servlet.jsp.PageContext)</function-signature>

	</function>

	<function>
		<name>getUserPassword</name>
		<function-class>taglib.function.UserFunction</function-class>
		<function-signature>java.lang.String getUserPassword(javax.servlet.jsp.PageContext)</function-signature>
	</function>
</taglib>

新增tld的java类


package taglib.function;



import javax.servlet.http.HttpServletRequest;
import javax.servlet.jsp.PageContext;

public class UserFunction {

	public static String getUserName(PageContext pCtx) {
		if (pCtx == null) {
			return "No Page Context";
		}
		HttpServletRequest req = (HttpServletRequest) pCtx.getRequest();
		if (req == null) {
			return "No Remote User Found";
		}
		String name = null;
		try {
			name = req.getParameter("j_username");
		} catch (Exception exp) {
			return exp.toString();
		}
		return name;
	}
	
	public static String getUserPassword(PageContext pCtx) {
		if (pCtx == null) {
			return "No Page Context";
		}
		HttpServletRequest req = (HttpServletRequest) pCtx.getRequest();
		if (req == null) {
			return "No Remote User Found";
		}
		String password = null;
		try {
			password = req.getParameter("j_password");
		} catch (Exception exp) {
			return exp.toString();
		}
		return password;
	}

}

到此va修改完成











展开阅读全文

没有更多推荐了,返回首页