cas 单点登录配置速成Word下载.docx
《cas 单点登录配置速成Word下载.docx》由会员分享,可在线阅读,更多相关《cas 单点登录配置速成Word下载.docx(14页珍藏版)》请在冰豆网上搜索。
![cas 单点登录配置速成Word下载.docx](https://file1.bdocx.com/fileroot1/2023-1/4/76f2e3f5-b196-4859-95fa-59421ab32807/76f2e3f5-b196-4859-95fa-59421ab328071.gif)
4.
/property>
5.
url"
6.
jdbc:
mysql:
//192.168.1.100/ires?
useUnicode=true&
characterEncoding=UTF-8&
autoReconnect=true<
7.
8.
username"
9.
ires<
10.
11.
password"
12.
i709394<
13.
14.<
/bean>
定义MD5的加密方式
passwordEncoder"
org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
autowire="
byName"
constructor-arg
value="
MD5"
/>
4.<
配置authenticationManager下面的authenticationHandlers属性
org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
dataSource"
ref="
sql"
select
community_password
from
community_user_info
where
lower(community_user_munity_user)
=
lower(?
)"
5.<
修改点2:
获取用户信息保存,方便各个客户端可以统一得到用户信息
1.定义attributeRepository,通过jdbc查询用户的详细信息,可以把用户表或用户的所属组织机构或角色等查询出来。
attributeRepository"
org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao"
index="
0"
1"
list>
username<
/list>
/constructor-arg>
2"
*
(SELECT
orgn_organization.id
orgn_organization
left
join
orgn_member
on
orgn_member.orgn_id
community_user_info.id
orgn_member.user_id
community_user_munity_user
?
)
as
orgnId
community_user=?
14.
columnsToAttributes"
15.
map>
16.
entry
key="
id"
17.
community_user"
userName"
18.
orgnId"
19.
is_admin"
isAdmin"
20.
21.
/map>
22.
23.
2.配置authenticationManager中credentialsToPrincipalResolvers属性
org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
<
注意:
默认cas登录服务器没有把用户信息传到客户端中,所以要修改WEB-INF\view\jsp\protocol\2.0\casServiceValidationSuccess.jsp文件,增加
c:
if
test="
${fn:
length(assertion.chainedAuthentications[fn:
length(assertion.chainedAuthentications)-1].principal.attributes)
0}"
2.<
cas:
attributes>
3.<
forEach
var="
attr"
items="
${assertion.chainedAuthentications[fn:
length(assertion.chainedAuthentications)-1].principal.attributes}"
escapeXml(attr.key)}>
escapeXml(attr.value)}<
/cas:
8.<
/c:
forEach>
9.<
10.<
if>
修改点3:
用数据库来保存登录的会话
这样服务器在重新启动的时候不会丢失会话。
1.修改ticketRegistry.xml文件
将默认的ticketRegistry改成
ticketRegistry"
org.jasig.cas.ticket.registry.JpaTicketRegistry"
entityManagerFactory"
org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"
jpaVendorAdapter"
org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"
generateDdl"
true"
showSql"
jpaProperties"
props>
prop
hibernate.dialect"
org.hibernate.dialect.MySQLDialect<
/prop>
hibernate.hbm2ddl.auto"
update<
/props>
transactionManager"
org.springframework.orm.jpa.JpaTransactionManager"
p:
entityManagerFactory-ref="
24.
tx:
annotation-driven
transaction-manager="
25.
26.
27.
28.
29.
driverClassName="
com.mysql.jdbc.Driver"
30.
url="
//192.168.1.100:
3306/cas?
autoReconnect=true"
31.
password="
709394"
32.
username="
itravel"
配置完之后还需要一些jar的支持,根据提示那些包缺少到网上找。
修改点4:
配置remenberme的功能,可以让客户端永久保存session
authenticationManager增加authenticationMetaDataPopulators属性
authenticationMetaDataPopulators"
org.jasig.cas.authentication.principal.RememberMeAuthenticationMetaDataPopulator"
2.修改cas-servlet.xml
修改authenticationViaFormAction配置变成
authenticationViaFormAction"
org.jasig.cas.web.flow.AuthenticationViaFormAction"
centralAuthenticationService-ref="
centralAuthenticationService"
formObjectClass="
org.jasig.cas.authentication.principal.RememberMeUsernamePasswordCredentials"
formObjectName="
credentials"
validator-ref="
UsernamePasswordCredentialsValidator"
warnCookieGenerator-ref="
warnCookieGenerator"
增加UsernamePasswordCredentialsValidator
org.jasig.cas.validation.UsernamePasswordCredentialsValidator"
修改ticketExpirationPolicies.xml,grantingTicketExpirationPolicy配置如下,注意时间要加大,不然session很容易过期,达不到rememberme的效果。
grantingTicketExpirationPolicy"
org.jasig.cas.ticket.support.RememberMeDelegatingExpirationPolicy"
sessionExpirationPolicy"
org.jasig.cas.ticket.support.TimeoutExpirationPolicy"
2592000000"
rememberMeExpirationPolicy"
12.<
登录页面要增加隐藏字段rememberMe,值是true,或用一个checkbox来勾选。
修改点5:
取消https验证
在网络安全性较好,对系统安全没有那么高的情况下可以取消https验证,使系统更加容易部署。
1.修改ticketGrantingTicketCookieGenerator.xml
ticketGrantingTicketCookieGenerator"
org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
cookieSecure="
false"
cookieMaxAge="
-1"
cookieName="
CASTGC"
cookiePath="
/cas"
cookieSecure改成false,客户端web.xml中单独服务器的链接改成http
使用https协议的配置
1.证书生成和导入
下面是一个生成证书和导入证书的bat脚本,如果web应用和单独登录服务器部署在同一台机可以一起执行
C++代码
1.@echo
off
2.if
"
%JAVA_HOME%"
==
goto
error
3.@echo
on
5.@echo
6.cls
7.rem
please
set
the
env
JAVA_HOME
before
run
this
bat
file
8.rem
delete
alia
tomcat
it
is
existed
9.keytool
-delete
-alias
tomcatsso
-keystore
%JAVA_HOME%/jre/lib/security/cacerts"
-storepass
changeit
10.keytool
11.REM
(注释:
清除系统中可能存在的名字为tomcatsso
的同名证书)
12.rem
list
all
alias
in
cacerts
13.keytool
-list
14.REM
列出系统证书仓库中存在证书名称列表)
15.rem
generator
a
key
16.keytool
-genkey
-keyalg
RSA
-dname
cn=localhost"
17.REM
指定使用RSA算法,生成别名为tomcatsso的证书,存贮口令为changeit,证书的DN为"
cn=linly"
,这个DN必须同当前主机完整名称一致哦,切记!
!
)
18.rem
export
19.keytool
-export
-file
%java_home%/jre/lib/security/tomcatsso.crt"
20.REM
从keystore中导出别名为tomcatsso的证书,生成文件tomcatsso.crt)
21.rem
import
into
trust
22.keytool
-import
%java_home%/jre/lib/security/cacerts"
23.REM
将tomcatsso.crt导入jre的可信任证书仓库。
注意,安装JDK是有两个jre目录,一个在jdk底下,一个是独立的jre,这里的目录必须同Tomcat使用的jre目录一致,否则后面Tomca