referenceWord文档下载推荐.docx
《referenceWord文档下载推荐.docx》由会员分享,可在线阅读,更多相关《referenceWord文档下载推荐.docx(11页珍藏版)》请在冰豆网上搜索。
useUnicode=true&
amp;
characterEncoding=UTF-8&
autoReconnect=true<
username"
root<
password"
i709394<
/bean>
2.定义MD5的加密方式
bean
id="
passwordEncoder"
class="
org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
constructor-argvalue="
MD5"
/>
3.配置authenticationManager下面的authenticationHandlers属性
beanclass="
org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
dataSource"
ref="
/>
sql"
value="
selectpasswordfromuserswhereusername=?
"
property
name="
2.2获取用户信息,方便客户端统一得到用户信息
1.定义attributeRepository,通过jdbc查询用户的详细信息。
beanid=”attributeRepository”"
org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao"
constructor-argindex="
0"
1"
>
list>
username<
/list>
/constructor-arg>
2"
selectid,username,is_adminfromuserswhereusername=?
columnsToAttributes"
map>
entrykey="
id"
is_admin"
/map>
2.配置authenticationManager中credentialsToPrincipalResolvers属性
org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
attributeRepository"
\
默认服务器没有把用户信息传到客户端中,所以要修改WEB-INF\view\jsp\protocol\2.0\casServiceValidationSuccess.jsp文件,增加
XML/HTML代码
c:
iftest="
${fn:
length(assertion.chainedAuthentications[fn:
length(assertion.chainedAuthentications)-1].principal.attributes)>
0}"
cas:
attributes>
forEachvar="
attr"
items="
${assertion.chainedAuthentications[fn:
length(assertion.chainedAuthentications)-1].principal.attributes}"
escapeXml(attr.key)}>
escapeXml(attr.value)}<
/cas:
/c:
forEach>
if>
2.3用数据库来保存登录的会话
这样服务器在重新启动的时候不会丢失会话。
1.修改ticketRegistry.xml文件,将默认的ticketRegistry改成
ticketRegistry"
org.jasig.cas.ticket.registry.JpaTicketRegistry"
entityManagerFactory"
org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"
jpaVendorAdapter"
org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"
generateDdl"
true"
showSql"
jpaProperties"
props>
propkey="
hibernate.dialect"
org.hibernate.dialect.MySQLDialect<
/prop>
hibernate.hbm2ddl.auto"
update<
/props>
transactionManager"
org.springframework.orm.jpa.JpaTransactionManager"
p:
entityManagerFactory-ref="
tx:
annotation-driventransaction-manager="
bean
id="
driverClassName="
com.mysql.jdbc.Driver"
url="
//192.168.1.100:
3306/cas?
autoReconnect=true"
password="
709394"
username="
itravel"
配置完之后还需要一些jar的支持,根据提示那些包缺少到网上找。
配置remenberme的功能,可以让客户端永久保存session
1.修改deployerConfigContext.xml文件
authenticationManager增加authenticationMetaDataPopulators属性
authenticationMetaDataPopulators"
org.jasig.cas.authentication.principal.RememberMeAuthenticationMetaDataPopulator"
2.修改cas-servlet.xml
修改authenticationViaFormAction配置变成
authenticationViaFormAction"
org.jasig.cas.web.flow.AuthenticationViaFormAction"
centralAuthenticationService-ref="
centralAuthenticationService"
formObjectClass="
org.jasig.cas.authentication.principal.RememberMeUsernamePasswordCredentials"
formObjectName="
credentials"
validator-ref="
UsernamePasswordCredentialsValidator"
warnCookieGenerator-ref="
warnCookieGenerator"
增加UsernamePasswordCredentialsValidator
org.jasig.cas.validation.UsernamePasswordCredentialsValidator"
修改ticketExpirationPolicies.xml,grantingTicketExpirationPolicy配置如下,注意时间要加大,不然session很容易过期,达不到rememberme的效果。
grantingTicketExpirationPolicy"
org.jasig.cas.ticket.support.RememberMeDelegatingExpirationPolicy"
sessionExpirationPolicy"
org.jasig.cas.ticket.support.TimeoutExpirationPolicy"
2592000000"
rememberMeExpirationPolicy"
修改点5:
取消https验证
在网络安全性较好,对系统安全没有那么高的情况下可以取消https验证,使系统更加容易部署。
1.修改ticketGrantingTicketCookieGenerator.xml
ticketGrantingTicketCookieGenerator"
org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
cookieSecure="
false"
cookieMaxAge="
-1"
cookieName="
CASTGC"
cookiePath="
/cas"
p:
cookieSecure改成false,客户端web.xml中单独服务器的链接改成http
warnCookieGenerator.xml的p:
cookieSecure同样设置为false
deployerConfigContext.xml改成:
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
httpClient-ref="
httpClient"
requireSecure="
增加p:
使用https协议的配置
1.证书生成和导入
下面是一个生成证书和导入证书的bat脚本,如果web应用和单独登录服务器部署在同一台机可以一起执行
C++代码
@echooff
if"
%JAVA_HOME%"
=="
gotoerror
@echoon
cls
rempleasesettheenvJAVA_HOMEbeforerunthisbatfile
remdeletealiatomcatifitisexisted
keytool-delete-aliastomcatsso-keystore"
%JAVA_HOME%/jre/lib/security/cacerts"
-storepasschangeit
keytool-delete-aliastomcatsso-storepasschangeit
REM(注释:
清除系统中可能存在的名字为tomcatsso的同名证书)
remlistallaliasinthecacerts
keytool-list-keystore"
列出系统证书仓库中存在证书名称列表)
remgeneratorakey
keytool-genkey-keyalgRSA-aliastomcatsso-dname"
cn=localhost"
指定使用RSA算法,生成别名为tomcatsso的证书,存贮口令为changeit,证书的DN为"
cn=linly"
,这个DN必须同当前主机完整名称一致哦,切记!
!
)
remexportthekey
keytool-export-aliastomcatsso-file"
%java_home%/jre/lib/security/tomcatsso.crt"
从keystore中导出别名为tomcatsso的证书,生成文件tomcatsso.crt)
remimportintotrustcacerts
keytool-import-aliastomcatsso-file"
-keystore"
%java_home%/jre/lib/security/cacerts"
将tomcatsso.crt导入jre的可信任证书仓库。
注意,安装JDK是有两个jre目录,一个在jdk底下,一个是独立的jre,这里的目录必须同Tomcat使用的jre目录一致,否则后面Tomcat的HTTPS通讯就找不到证书了)
pause
:
error
echo请先设置JAVA_HOME环境变量
end
3.将.keystore文件拷贝到tomcat的conf目录下面,注意.keystore会在证书生成的时候生成到系统的用户文件夹中,如windows会生产到C:
\DocumentsandSettings\[yourusername]\下面
2.配置tomcat,把https协议的8443端口打开,指定证书的位置。
Connectorport="
8443"
maxHttpHeaderSize="
8192"
maxThreads="
150"
minSpareThreads="
25"
maxSpareThreads="
75"
enableLookups="
disableUploadTimeout="
acceptCount="
100"
scheme="
https"
secure="
clientAuth="
sslProtocol="
TLS"
keystoreFile="
conf/.keystore"
keystorePass="
changeit"
truststoreFile="
C:
\ProgramFiles\Java\jdk1.5.0_07\jre\lib\security\cacerts"
客户端配置
cas官方网站上面的客户端下载地址比较隐秘,没有完全公开,具体地址为
//www.ja-sig.org/downloads/cas-clients/
下载最新的cas-client-3.1.6-release.zip(http:
//www.ja-sig.org/downloads/cas-clients/cas-client-3.1.6-release.zip)
1.解压后把modules下面的包放到我们的web应用中
serverName是我们web应用的地址和端口
注意serverName是客户端应用
context-param>
param-name>
serverName<
/param-name>
param-value>
//192.168.1.145:
81<
/param-value>
/context-param>
filter>
filter-name>
CASSingleSignOutFilter<
/filter-name>
filter-class>
org.jasig.cas.client.session.SingleSignOutFilter
/filter-class>
/filter>
filter-mapping>
url-pattern>
/*<
/url-pattern>