1.下载Yale CAS资源
详见http://www.cnpoint.com/web/2007/0107/content_4883.htm。设置好服务器端,这个过程不复杂,主要是生成服务器端证书和客户端证书,因为CAS SSO使用SSL加密协议进行通信处理。测试页面: https://fox.com:8443/cas-server-webapp-3.1.1/login
2.下载JForum-2.1.8
详见http://www.jforum.net/download.jsp。建议下载src开发版本,这样可以导入到Eclipse下进行源码调整。测试页面:http://localhost:8080/jforum-2.1.8
3.整合处理,主要为如下三步骤
1.filter处理
打开${TOMCAT_HOME}/webapps/jforum-2.1.8/WEB-INF/web.xml,加入如下filter代码:
.....
< filter >
< filter-name > CAS Filter </ filter-name >
< filter-class > edu.yale.its.tp.cas.client.filter.CASFilter </ filter-class >
< init-param >
< param-name >
edu.yale.its.tp.cas.client.filter.loginUrl
</ param-name >
< param-value >
https://fox.com:8443/cas-server-webapp-3.1.1/login
</ param-value >
</ init-param >
< init-param >
< param-name >
edu.yale.its.tp.cas.client.filter.validateUrl
</ param-name >
< param-value >
https://fox.com:8443/cas-server-webapp-3.1.1/proxyValidate
</ param-value >
</ init-param >
< init-param >
< param-name >
edu.yale.its.tp.cas.client.filter.serverName
</ param-name >
< param-value > localhost:8080 </ param-value >
</ init-param >
</ filter >
< filter-mapping >
< filter-name > CAS Filter </ filter-name >
< url-pattern > /* </ url-pattern >
</ filter-mapping >
.....
< filter >
< filter-name > CAS Filter </ filter-name >
< filter-class > edu.yale.its.tp.cas.client.filter.CASFilter </ filter-class >
< init-param >
< param-name >
edu.yale.its.tp.cas.client.filter.loginUrl
</ param-name >
< param-value >
https://fox.com:8443/cas-server-webapp-3.1.1/login
</ param-value >
</ init-param >
< init-param >
< param-name >
edu.yale.its.tp.cas.client.filter.validateUrl
</ param-name >
< param-value >
https://fox.com:8443/cas-server-webapp-3.1.1/proxyValidate
</ param-value >
</ init-param >
< init-param >
< param-name >
edu.yale.its.tp.cas.client.filter.serverName
</ param-name >
< param-value > localhost:8080 </ param-value >
</ init-param >
</ filter >
< filter-mapping >
< filter-name > CAS Filter </ filter-name >
< url-pattern > /* </ url-pattern >
</ filter-mapping >
.....
此Filter建立放在最上面,让请求资源首先定向到https://fox.com:8443/cas-server-webapp-3.1.1/login,CAS服务端进行认证处理,再继续客户应用处理(filters)
2.根据RemoteUserSSO,可以另外创建一个文件如CasUserSSO,其实现原始SSO类:
/*
* Copyright (c) JForum Team
* All rights reserved.
*
* Redistribution and use in source and binary forms,
* with or without modification, are permitted provided
* that the following conditions are met:
*
* 1) Redistributions of source code must retain the above
* copyright notice, this list of conditions and the
* following disclaimer.
* 2) Redistributions in binary form must reproduce the
* above copyright notice, this list of conditions and
* the following disclaimer in the documentation and/or
* other materials provided with the distribution.
* 3) Neither the name of "Rafael Steil" nor
* the names of its contributors may be used to endorse
* or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT
* HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
* BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
* OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE
*
* Created on Mar 28, 2005 7:22:52 PM
* The JForum Project
* http://www.jforum.net
*/
package net.jforum.sso;
import net.jforum.context.RequestContext;
import net.jforum.entities.UserSession;
/**
* @author Rafael Steil
* @author Daniel Campagnoli
* @version $Id: SSO.java,v 1.8 2006/08/23 02:13:53 rafaelsteil Exp $
*/
public interface SSO
{
/**
* Authenticates an user.
* This method should check if the incoming user is authorized
* to access the forum.
* @param request The request object
* @return The username, if authentication succeded, or <code>nulll</code>
* otherwise.
*/
public String authenticateUser(RequestContext request);
/**
* Check to see if the user for the current {@link UserSession} is the same user by
* single sign on mechanisim.
* @param userSession the current user session
* @param request the current request
* @return if the UserSession is valid
*/
public boolean isSessionValid(UserSession userSession, RequestContext request);
}
CasUserSSO.java:
package net.jforum.sso;
import net.jforum.context.RequestContext;
import net.jforum.entities.UserSession;
import net.jforum.util.preferences.ConfigKeys;
import net.jforum.util.preferences.SystemGlobals;
import org.apache.log4j.Logger;
import edu.yale.its.tp.cas.client.ServiceTicketValidator;
public class CasUserSSO implements SSO {
static final Logger logger = Logger.getLogger(CasUserSSO.class.getName());
public String authenticateUser(RequestContext request) {
String username = (String) request.getSessionContext().getAttribute(
"edu.yale.its.tp.cas.client.filter.user");
logger.info("Login User:" + username);
return username;
}
public boolean isSessionValid(UserSession userSession,
RequestContext request) {
ServiceTicketValidator sv = new ServiceTicketValidator();
String remoteUser = sv.getUser();
// user has since logged out
if (remoteUser == null
&& userSession.getUserId() != SystemGlobals
.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {
return false;
}
// user has since logged in
else if (remoteUser != null
&& userSession.getUserId() == SystemGlobals
.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {
return false;
}
// user has changed user
else if (remoteUser != null
&& !remoteUser.equals(userSession.getUsername())) {
return false;
}
return true;
}
}
这部分主要是处理SSO认证,获取认证中心传来的username等等。
3.修改SystemGlobals.properties文件
打开${TOMCAT_HOME}/webapps/jforum-2.1.8/WEB-INF/config/SystemGlobals.properties,如下设定:authentication.type = sso
sso.implementation = net.jforum.sso.CasUserSSO
sso.redirect = https://fox.com:8443/cas-server-webapp-3.1.1/login
4.整合测试:
a.键入:http://localhost:8080/jforum-2.1.8b.确认证书处理
c.键入SSO用户名/密码,CAS SSO缺省的是使用SimpleTestUsernamePasswordAuthenticationHandler,即要求用户名与密码一致才能通过验证,可以调整CAS SSO Server端使用Database进行用户校验处理,如下调整
deployerConfigContext.xml.
<!--
<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> -->
< bean class ="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler" >
< property name ="sql" value ="select password from app_user where username=?" />
< property name ="dataSource" ref ="dataSource" />
< property name ="passwordEncoder" >
< bean class ="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" >
< constructor-arg value ="SHA" />
</ bean >
</ property >
</ bean >
<!--
<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> -->
< bean class ="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler" >
< property name ="sql" value ="select password from app_user where username=?" />
< property name ="dataSource" ref ="dataSource" />
< property name ="passwordEncoder" >
< bean class ="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" >
< constructor-arg value ="SHA" />
</ bean >
</ property >
</ bean >