[仿写]
http://www.ja-sig.org/downloads/cas/cas-server-3.1.1-release.zip
http://www.ja-sig.org/downloads/cas-clients/cas-client-java-2.1.1.zip
1
deployerConfigContext.xml
<!-- JDBC 执行SQL 通过数据库数据验证 --> <bean id="casDataSource" class="org.apache.commons.dbcp.BasicDataSource"> <property name="driverClassName"> <value>oracle.jdbc.driver.OracleDriver</value> </property> <property name="url"> <value>jdbc:jdbc:oracle:thin:@192.168.89.28:1521:orcl</value> </property> <property name="username"> <value>blog</value> </property> <property name="password"> <value>password</value> </property> </bean> <bean id="passwordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" autowire="byName"> <constructor-arg value="MD5"/> </bean>
id="authenticationManager"
<property name="authenticationHandlers"> <list> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <!-- xwl 默认验证方法 <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> --> <!-- xwl Query Database Validation--> <bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"> <property name="dataSource" ref="casDataSource" /> <property name="sql" value="select u.pwd from users u where lower(u.login) = lower(?)" /> <property name="passwordEncoder" ref="passwordEncoder" /> </bean> <!-- xwl 添加新的 SSOAuthenticationHandler --> <bean class="com.sso.SSOAuthenticationHandler"> </bean> </list> </property>
2
2.配置authenticationManager中credentialsToPrincipalResolvers属性
<bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver">
<property name="attributeRepository" ref="attributeRepository" /> </bean>
注意:默认cas登录服务器没有把用户信息传到客户端中,所以要修改WEB-INF\view\jsp\protocol\2.0\casServiceValidationSuccess.jsp文件,增加
<!-- 把用户信息传到客户端中 --> <c:if test="${fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes) > 0}"> <cas:attributes> <c:forEach var="attr" items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}"> <cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}> </c:forEach> </cas:attributes> </c:if>
3 ticketRegistry.xml
<!-- Ticket Registry save cache--> <bean id="ticketRegistry" class="org.jasig.cas.ticket.registry.DefaultTicketRegistry" /> <!-- XWL ticket JPA Save DB <bean id="ticketRegistry" class="org.jasig.cas.ticket.registry.JpaTicketRegistry"> <constructor-arg index="0" ref="entityManagerFactory" /> </bean> --> <bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"> <property name="dataSource" ref="dataSource"/> <property name="jpaVendorAdapter"> <bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"> <property name="generateDdl" value="true"/> <property name="showSql" value="true" /> </bean> </property> <property name="jpaProperties"> <props> <prop key="hibernate.dialect">org.hibernate.dialect.OracleDialect</prop> <!-- <prop key="hibernate.hbm2ddl.auto">update</prop> --> </props> </property> </bean> <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager" p:entityManagerFactory-ref="entityManagerFactory" /> <tx:annotation-driven transaction-manager="transactionManager"/> <!-- XWL ticket org.apache.commons.dbcp.BasicDataSource.class --> <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" p:driverClassName="oracle.jdbc.driver.OracleDriver" p:url="jdbc:oracle:thin:@192.168.29.28:1521:orcl" p:password="blog" p:username="password" />
4 cas-servlet.xml 修改authenticationViaFormAction配置变成
<bean id="authenticationViaFormAction" class="org.jasig.cas.web.flow.AuthenticationViaFormAction" p:centralAuthenticationService-ref="centralAuthenticationService" p:formObjectClass="org.jasig.cas.authentication.principal.RememberMeUsernamePasswordCredentials" p:formObjectName="credentials" p:validator-ref="UsernamePasswordCredentialsValidator" p:warnCookieGenerator-ref="warnCookieGenerator" />
<!-- XWL Adition UsernamePasswordCredentialsValidator --> <!-- org.jasig.cas.authentication.principal.RememberMeUsernamePasswordCredentials com.sso.SSOAuthCredentials--> <bean id="UsernamePasswordCredentialsValidator" class="org.jasig.cas.validation.UsernamePasswordCredentialsValidator" />
5
- <bean id="UsernamePasswordCredentialsValidator" class="org.jasig.cas.validation.UsernamePasswordCredentialsValidator" />
修改ticketExpirationPolicies.xml,grantingTicketExpirationPolicy配置如下,注意时间要加大,不然session很容易过期,达不到remember me的效果。
<bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.RememberMeDelegatingExpirationPolicy"> <property name="sessionExpirationPolicy"> <bean class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy"> <constructor-arg index="0" value="2592000000" /> </bean> </property> <property name="rememberMeExpirationPolicy"> <bean class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy"> <constructor-arg index="0" value="2592000000" /> </bean> </property> </bean>
6
在网络安全性较好,对系统安全没有那么高的情况下可以取消https验证,使系统更加容易部署。
1.修改ticketGrantingTicketCookieGenerator.xml
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" p:cookieSecure="false" p:cookieMaxAge="-1" p:cookieName="CASTGC" p:cookiePath="/cas" />
p:cookieSecure改成false,客户端web.xml中单独服务器的链接改成http
7
7