我的百度空间中也可以访问到这些文章:hi.baidu.com/five00
编写CAS的配置文件deployerConfigContext-ldap.xml,这里配置了关于Ldap认证源的各种信息,代码如下:
<?
xml
version
=
"1.0"
encoding
=
"UTF-8"
?>
<!
DOCTYPE
beans
PUBLIC
"-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd"
>
<
beans
>
<
bean
id
=
"authenticationManager"
class
=
"org.jasig.cas.authentication.AuthenticationManagerImpl"
>
<
property
name
=
"credentialsToPrincipalResolvers"
>
<
list
>
<
bean
class
=
"org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
<
bean
class
=
"org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
/>
</
list
>
</
property
>
<
property
name
=
"authenticationHandlers"
>
<
list
>
<
bean
class
=
"org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
/>
<
bean
class
=
"org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
/>
<
bean
class
=
"org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
>
<
property
name
=
"filter"
value
=
"uid=%u"
/>
<!--
基节点
-->
<
property
name
=
"searchBase"
value
=
"ou=People,ou=rootOrg,o=sevenSeas"
/>
<
property
name
=
"contextSource"
ref
=
"contextSource"
/>
</
bean
>
</
list
>
</
property
>
</
bean
>
<
bean
id
=
"contextSource"
class
=
"org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"
>
<
property
name
=
"password"
value
=
"secret"
/>
<
property
name
=
"pooled"
value
=
"true"
/>
<
property
name
=
"urls"
>
<
list
>
<
value
>
ldap://localhost:10389/
</
value
>
</
list
>
</
property
>
<!—
管理员
-->
<
property
name
=
"userName"
value
=
"uid=admin,ou=system"
/>
<
property
name
=
"baseEnvironmentProperties"
>
<
map
>
<
entry
>
<
key
><
value
>
java.naming.security.authentication
</
value
></
key
>
<
value
>
simple
</
value
>
</
entry
>
</
map
>
</
property
>
</
bean
>
</
beans
>
如果使用
ou=People,ou=rootOrg,o=sevenSeas
节点,如第7章的图所示,输出日志信息为:
[DEBUG] 2007-12-20 13:28:51,675 org.jasig.cas.web.flow.AuthenticationViaFormAction - Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow
[DEBUG] 2007-12-20 13:28:51,675 org.jasig.cas.CentralAuthenticationServiceImpl - Attempting to create TicketGrantingTicket for admin
username is [admin]
password is [secret]
[DEBUG] 2007-12-20 13:28:51,722 org.springframework.ldap.support.LdapContextSource - Principal: 'uid=admin,ou=system'
[DEBUG] 2007-12-20 13:28:52,113 org.springframework.ldap.support.LdapContextSource - Got Ldap context on server 'ldap://localhost:10389/'
cns is [[cn=admin]]
cns.isEmpty() is [false]
cns.size() is [1]
!this.allowMultipleAccounts is [true]
|
这是日志信息显示只有一个cn=admin的用户,可以进行Ldap认证。
如果将节点改为o=sevenSeas的话,如图:
以sevenSeas为基节点
再次验证日志信息会出现如下显示:
[DEBUG] 2007-12-20 13:43:56,347 org.jasig.cas.web.flow.AuthenticationViaFormAction - Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow
[DEBUG] 2007-12-20 13:43:56,347 org.jasig.cas.CentralAuthenticationServiceImpl - Attempting to create TicketGrantingTicket for admin
username is [admin]
password is [secret]
[DEBUG] 2007-12-20 13:43:56,363 org.springframework.ldap.support.LdapContextSource - Principal: 'uid=admin,ou=system'
[DEBUG] 2007-12-20 13:43:56,394 org.springframework.ldap.support.LdapContextSource - Got Ldap context on server 'ldap://localhost:10389/'
cns is [[cn=admin,ou=Roles,ou=rootOrg, cn=admin,ou=People,ou=rootOrg]]
cns.isEmpty() is [false]
cns.size() is [2]
!this.allowMultipleAccounts is [true]
|
这时我们看到people和role节点下面都有cn=admin,这时候
allowMultipleAccounts
的值为
true
,意味着当前有多歌同名帐号,系统不知道该选择哪个,所以会验证失败。这是需要注意的地方。v