referenceWord文档下载推荐.docx

1、useUnicode=true&characterEncoding=UTF-8&autoReconnect=trueusernamerootpasswordi7093942. 定义MD5的加密方式beanid=passwordEncoderclass=org.jasig.cas.authentication.handler.DefaultPasswordEncoderconstructor-arg value=MD5/3. 配置authenticationManager下面的authenticationHandlers属性bean class=org.jasig.cas.adaptor

2、s.jdbc.QueryDatabaseAuthenticationHandlerdataSource ref= /sql value=select password from users where username = ?property name=2.2获取用户信息,方便客户端统一得到用户信息1.定义attributeRepository，通过jdbc查询用户的详细信息。bean id=”attributeRepository” org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDaoconstru

3、ctor-arg index=01 listusername/constructor-arg2select id,username,is_admin from users where username = ?columnsToAttributesmapentry key=idis_admin/map2.配置authenticationManager中credentialsToPrincipalResolvers属性org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolverattrib

4、uteRepository默认服务器没有把用户信息传到客户端中，所以要修改WEB-INFviewjspprotocol2.0casServiceValidationSuccess.jsp文件，增加XML/HTML代码c:if test=$fn:length（assertion.chainedAuthenticationsfn:length（assertion.chainedAuthentications）-1.principal.attributes） 0cas:attributesforEach var=attr items=$assertion.chainedAuthentications

5、fn:length（assertion.chainedAuthentications）-1.principal.attributesescapeXml（attr.key）escapeXml（attr.value）if2.3用数据库来保存登录的会话这样服务器在重新启动的时候不会丢失会话。1.修改ticketRegistry.xml文件，将默认的ticketRegistry改成ticketRegistryorg.jasig.cas.ticket.registry.JpaTicketRegistryentityManagerFactoryorg.springframework.orm.jpa.Loc

6、alContainerEntityManagerFactoryBeanjpaVendorAdapterorg.springframework.orm.jpa.vendor.HibernateJpaVendorAdaptergenerateDdltrueshowSqljpaPropertiespropsprop key=hibernate.dialectorg.hibernate.dialect.MySQLDialecthibernate.hbm2ddl.autoupdatetransactionManagerorg.springframework.orm.jpa.JpaTransactionM

7、anager p:entityManagerFactory-ref=tx:annotation-driven transaction-manager=bean id=driverClassName=com.mysql.jdbc.Driverurl=/192.168.1.100:3306/cas?autoReconnect=truepassword=709394username=itravel配置完之后还需要一些jar的支持，根据提示那些包缺少到网上找。配置remenber me的功能，可以让客户端永久保存session1.修改deployerConfigContext.xml文件authent

8、icationManager增加authenticationMetaDataPopulators属性authenticationMetaDataPopulatorsorg.jasig.cas.authentication.principal.RememberMeAuthenticationMetaDataPopulator2.修改cas-servlet.xml修改authenticationViaFormAction配置变成authenticationViaFormActionorg.jasig.cas.web.flow.AuthenticationViaFormActioncentralAu

9、thenticationService-ref=centralAuthenticationServiceformObjectClass=org.jasig.cas.authentication.principal.RememberMeUsernamePasswordCredentialsformObjectName=credentialsvalidator-ref=UsernamePasswordCredentialsValidatorwarnCookieGenerator-ref=warnCookieGenerator增加UsernamePasswordCredentialsValidato

10、rorg.jasig.cas.validation.UsernamePasswordCredentialsValidator修改ticketExpirationPolicies.xml，grantingTicketExpirationPolicy配置如下，注意时间要加大，不然session很容易过期，达不到remember me的效果。grantingTicketExpirationPolicyorg.jasig.cas.ticket.support.RememberMeDelegatingExpirationPolicysessionExpirationPolicyorg.jasig.cas

11、.ticket.support.TimeoutExpirationPolicy2592000000rememberMeExpirationPolicy修改点5：取消https验证在网络安全性较好，对系统安全没有那么高的情况下可以取消https验证，使系统更加容易部署。1.修改ticketGrantingTicketCookieGenerator.xmlticketGrantingTicketCookieGeneratororg.jasig.cas.web.support.CookieRetrievingCookieGeneratorcookieSecure=falsecookieMaxAge=

12、-1cookieName=CASTGCcookiePath=/casp:cookieSecure改成false，客户端web.xml中单独服务器的链接改成httpwarnCookieGenerator.xml的p:cookieSecure同样设置为falsedeployerConfigContext.xml 改成：org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandlerhttpClient-ref=httpClientrequireSecure=增加p:使用http

13、s协议的配置1.证书生成和导入下面是一个生成证书和导入证书的bat脚本，如果web应用和单独登录服务器部署在同一台机可以一起执行C+代码echo offif %JAVA_HOME% = goto errorecho onclsrem please set the env JAVA_HOME before run this bat filerem delete alia tomcat if it is existedkeytool -delete -alias tomcatsso -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass

14、changeitkeytool -delete -alias tomcatsso -storepass changeitREM （注释： 清除系统中可能存在的名字为tomcatsso 的同名证书）rem list all alias in the cacertskeytool -list -keystore 列出系统证书仓库中存在证书名称列表）rem generator a keykeytool -genkey -keyalg RSA -alias tomcatsso -dname cn=localhost指定使用RSA算法，生成别名为tomcatsso的证书，存贮口令为changeit，证书

15、的DN为cn=linly ，这个DN必须同当前主机完整名称一致哦，切记！）rem export the keykeytool -export -alias tomcatsso -file %java_home%/jre/lib/security/tomcatsso.crt从keystore中导出别名为tomcatsso的证书，生成文件tomcatsso.crt）rem import into trust cacertskeytool -import -alias tomcatsso -file -keystore %java_home%/jre/lib/security/cacerts将tom

16、catsso.crt导入jre的可信任证书仓库。注意，安装JDK是有两个jre目录，一个在jdk底下，一个是独立的jre，这里的目录必须同Tomcat使用的jre目录一致，否则后面Tomcat的HTTPS通讯就找不到证书了）pause:errorecho 请先设置JAVA_HOME环境变量end3.将.keystore文件拷贝到tomcat的conf目录下面，注意.keystore会在证书生成的时候生成到系统的用户文件夹中，如windows会生产到C:Documents and Settingsyourusername下面2.配置tomcat，把https协议的8443端口打开，指定证书的位置

17、。Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups= disableUploadTimeout= acceptCount=100 scheme=https secure= clientAuth= sslProtocol=TLS keystoreFile=conf/.keystore keystorePass=changeit truststoreFile=C:Program FilesJavajdk1.5.0_07jrelib

18、securitycacerts客户端配置cas官方网站上面的客户端下载地址比较隐秘，没有完全公开，具体地址为/www.ja-sig.org/downloads/cas-clients/下载最新的cas-client-3.1.6-release.zip（http:/www.ja-sig.org/downloads/cas-clients/cas-client-3.1.6-release.zip）1.解压后把modules下面的包放到我们的web应用中serverName是我们web应用的地址和端口注意serverName是客户端应用context-paramparam-nameserverNameparam-value/192.168.1.145:81/context-paramfilterfilter-nameCAS Single Sign Out Filterfilter-class org.jasig.cas.client.session.SingleSignOutFilter/filter-class/filterfilter-mappingurl-pattern/*