(原创)LDAP与CAS单点登录集成

 我的百度空间中也可以访问到这些文章:hi.baidu.com/five00
编写CAS的配置文件deployerConfigContext-ldap.xml,这里配置了关于Ldap认证源的各种信息,代码如下:
<? xml version = "1.0" encoding = "UTF-8" ?>
<! DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd" >
< beans >
< bean id = "authenticationManager"   class = "org.jasig.cas.authentication.AuthenticationManagerImpl" >
    < property name = "credentialsToPrincipalResolvers" >
        < list >
            < bean
        class = "org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
            < bean
    class = "org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
        </ list >
    </ property >
    < property name = "authenticationHandlers" >
        < list >
            < bean               class = "org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" />
 
< bean               class = "org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" />
            < bean       class = "org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
                < property name = "filter" value = "uid=%u" />
                 <!-- 基节点 -->
                < property name = "searchBase" value = "ou=People,ou=rootOrg,o=sevenSeas" />
                < property name = "contextSource" ref = "contextSource" />
            </ bean >
        </ list >
    </ property >
</ bean >
 
< bean id = "contextSource" class = "org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource" >
        < property name = "password" value = "secret" />
        < property name = "pooled" value = "true" />
        < property name = "urls" >
            < list >
                < value > ldap://localhost:10389/ </ value >
            </ list >
        </ property >
        <!— 管理员 -->
        < property name = "userName" value = "uid=admin,ou=system" />
        < property name = "baseEnvironmentProperties" >
            < map >
                < entry >
                        < key >< value > java.naming.security.authentication </ value ></ key >
                     < value > simple </ value >
                 </ entry >
             </ map >
        </ property >
    </ bean >             
   
</ beans >
如果使用 ou=People,ou=rootOrg,o=sevenSeas 节点,如第7章的图所示,输出日志信息为:
[DEBUG] 2007-12-20 13:28:51,675 org.jasig.cas.web.flow.AuthenticationViaFormAction - Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow
[DEBUG] 2007-12-20 13:28:51,675 org.jasig.cas.CentralAuthenticationServiceImpl - Attempting to create TicketGrantingTicket for admin
username is [admin]
password is [secret]
[DEBUG] 2007-12-20 13:28:51,722 org.springframework.ldap.support.LdapContextSource - Principal: 'uid=admin,ou=system'
[DEBUG] 2007-12-20 13:28:52,113 org.springframework.ldap.support.LdapContextSource - Got Ldap context on server 'ldap://localhost:10389/'
cns is [[cn=admin]]
cns.isEmpty() is [false]
cns.size() is [1]
!this.allowMultipleAccounts is [true]
这是日志信息显示只有一个cn=admin的用户,可以进行Ldap认证。
如果将节点改为o=sevenSeas的话,如图:
以sevenSeas为基节点
再次验证日志信息会出现如下显示:
[DEBUG] 2007-12-20 13:43:56,347 org.jasig.cas.web.flow.AuthenticationViaFormAction - Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow
[DEBUG] 2007-12-20 13:43:56,347 org.jasig.cas.CentralAuthenticationServiceImpl - Attempting to create TicketGrantingTicket for admin
username is [admin]
password is [secret]
[DEBUG] 2007-12-20 13:43:56,363 org.springframework.ldap.support.LdapContextSource - Principal: 'uid=admin,ou=system'
[DEBUG] 2007-12-20 13:43:56,394 org.springframework.ldap.support.LdapContextSource - Got Ldap context on server 'ldap://localhost:10389/'
cns is [[cn=admin,ou=Roles,ou=rootOrg, cn=admin,ou=People,ou=rootOrg]]
cns.isEmpty() is [false]
cns.size() is [2]
!this.allowMultipleAccounts is [true]
这时我们看到people和role节点下面都有cn=admin,这时候 allowMultipleAccounts 的值为 true ,意味着当前有多歌同名帐号,系统不知道该选择哪个,所以会验证失败。这是需要注意的地方。v
 
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值