最近在研究CAS单点登录,因为https被浏览器的不信任问题,影响登录。故将https协议修改成http协议。现将修改步骤记录如下:
CAS服务端修改:
1、修改 cas\WEB-INF\spring-configuration目录下的ticketGrantingTicketCookieGenerator.xml
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="true"
p:cookieMaxAge="-1"
p:cookieName="CASTGC"
p:cookiePath="/cas" />
把cookieSecure属性修改为false。(默认true是用的http是协议)。
2、修改deployerConfigContext.xml
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
添加p:requireSecure="false" 属性。
3、修改部署CAS服务端的tomcat容器的server.xml
注释掉配置https协议添加的如下代码:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:/keys/smallkey"
keystorePass="111111"/>
CAS客服端修改
下载casclient的源码cas-client-3.1.6-SRC.zip,解压。
1、修改edu.yale.its.tp.cas.client.filter.edu.yale.its.tp.cas.client.filter 包下的CASFilter.java
if (casServiceUrl != null){
if (! (casServiceUrl.startsWith("https://")|| (casServiceUrl.startsWith("http://") ))){
throw new ServletException("service URL must start with http:// or https://; its current value is [" + casServiceUrl + "]");
}
if (! casValidate.startsWith("https://")){
throw new ServletException("validateUrl must start with https://, its current value is [" + casValidate + "]");
注释掉以上两段代码。
2、修改edu.yale.its.tp.cas.util包下的SecureURL.java
if (!u.getProtocol().equals("https")){
// IOException may not be the best exception we could throw here
// since the problem is with the URL argument we were passed, not
// IO. -awp9
log.error("retrieve(" + url + ") on an illegal URL since protocol was not https.");
throw new IOException("only 'https' URLs are valid for this method");
}
注释以上一段代码。
重新编译以上两个类为.class文件,打包 casclient的源码为.jar。替换掉客服端的casclient.jar
3、修改客服端项目的web.xml中的casServerLoginUrl属性为http://xxx:xx/cas/login
重启服务,大功告成!