1、4. /property5. url6. jdbc:mysql:/192.168.1.100/ires?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true7. 8. username9. ires10. 11. password12. i70939413. 14. 定义MD5的加密方式passwordEncoder org.jasig.cas.authentication.handler.DefaultPasswordEncoderautowire=byNameconstructor-argvalue=MD5/4. 配置auth
2、enticationManager下面的authenticationHandlers属性org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandlerdataSourceref=sqlselectcommunity_passwordfromcommunity_user_infowherelower(community_user_munity_user)=lower(?)5. username/constructor-arg2*,(SELECTorgn_organization.idorgn_organizationleftjoino
3、rgn_memberonorgn_member.orgn_idcommunity_user_info.idorgn_member.user_idcommunity_user_munity_user?)asorgnIdcommunity_user=?14. columnsToAttributes15. map16. entrykey=id17. community_useruserName18. orgnId19. is_adminisAdmin20. 21. /map22. 23. 2.配置authenticationManager中credentialsToPrincipalResolver
4、s属性org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver 注意:默认cas登录服务器没有把用户信息传到客户端中,所以要修改WEB-INFviewjspprotocol2.0casServiceValidationSuccess.jsp文件,增加c:iftest=$fn:length(assertion.chainedAuthenticationsfn:length(assertion.chainedAuthentications)-1.principal.attributes
5、)02. 3. escapeXml(attr.value)/cas:8. 9. 10. 修改点3:用数据库来保存登录的会话这样服务器在重新启动的时候不会丢失会话。1.修改ticketRegistry.xml文件将默认的ticketRegistry改成ticketRegistryorg.jasig.cas.ticket.registry.JpaTicketRegistryentityManagerFactoryorg.springframework.orm.jpa.LocalContainerEntityManagerFactoryBeanjpaVendorAdapterorg.springfr
6、amework.orm.jpa.vendor.HibernateJpaVendorAdaptergenerateDdltrueshowSqljpaPropertiespropsprophibernate.dialectorg.hibernate.dialect.MySQLDialecthibernate.hbm2ddl.autoupdatetransactionManagerorg.springframework.orm.jpa.JpaTransactionManagerp:entityManagerFactory-ref=24. tx:annotation-driventransaction
7、-manager=25. 26. 27. 28. 29. driverClassName=com.mysql.jdbc.Driver30. url=/192.168.1.100:3306/cas?autoReconnect=true31. password=70939432. username=itravel配置完之后还需要一些jar的支持,根据提示那些包缺少到网上找。修改点4:配置remenber me的功能,可以让客户端永久保存sessionauthenticationManager增加authenticationMetaDataPopulators属性authenticationMeta
8、DataPopulatorsorg.jasig.cas.authentication.principal.RememberMeAuthenticationMetaDataPopulator2.修改cas-servlet.xml修改authenticationViaFormAction配置变成authenticationViaFormActionorg.jasig.cas.web.flow.AuthenticationViaFormActioncentralAuthenticationService-ref=centralAuthenticationServiceformObjectClass=
9、org.jasig.cas.authentication.principal.RememberMeUsernamePasswordCredentialsformObjectName=credentialsvalidator-ref=UsernamePasswordCredentialsValidatorwarnCookieGenerator-ref=warnCookieGenerator增加UsernamePasswordCredentialsValidatororg.jasig.cas.validation.UsernamePasswordCredentialsValidator修改tick
10、etExpirationPolicies.xml,grantingTicketExpirationPolicy配置如下,注意时间要加大,不然session很容易过期,达不到remember me的效果。grantingTicketExpirationPolicyorg.jasig.cas.ticket.support.RememberMeDelegatingExpirationPolicysessionExpirationPolicyorg.jasig.cas.ticket.support.TimeoutExpirationPolicy2592000000rememberMeExpiratio
11、nPolicy12. 登录页面要增加隐藏字段rememberMe,值是true,或用一个checkbox来勾选。修改点5:取消https验证在网络安全性较好,对系统安全没有那么高的情况下可以取消https验证,使系统更加容易部署。1.修改ticketGrantingTicketCookieGenerator.xmlticketGrantingTicketCookieGeneratororg.jasig.cas.web.support.CookieRetrievingCookieGeneratorcookieSecure=falsecookieMaxAge=-1cookieName=CASTGC
12、cookiePath=/cascookieSecure改成false,客户端web.xml中单独服务器的链接改成http使用https协议的配置1.证书生成和导入下面是一个生成证书和导入证书的bat脚本,如果web应用和单独登录服务器部署在同一台机可以一起执行C+代码1. echooff 2. if%JAVA_HOME%=gotoerror 3. echoon 5. echo6. cls7. rempleasesettheenvJAVA_HOMEbeforerunthisbatfile8. remdeletealiatomcatitisexisted9. keytool-delete-alia
13、stomcatsso-keystore%JAVA_HOME%/jre/lib/security/cacerts-storepasschangeit10. keytool11. REM(注释:清除系统中可能存在的名字为tomcatsso的同名证书) 12. remlistallaliasincacerts13. keytool-list14. REM列出系统证书仓库中存在证书名称列表) 15. remgeneratorakey16. keytool-genkey-keyalgRSA-dnamecn=localhost17. REM指定使用RSA算法,生成别名为tomcatsso的证书,存贮口令为
14、changeit,证书的DN为cn=linly,这个DN必须同当前主机完整名称一致哦,切记!) 18. remexport19. keytool-export-file%java_home%/jre/lib/security/tomcatsso.crt20. REM从keystore中导出别名为tomcatsso的证书,生成文件tomcatsso.crt) 21. remimportintotrust22. keytool-import%java_home%/jre/lib/security/cacerts23. REM将tomcatsso.crt导入jre的可信任证书仓库。注意,安装JDK是有两个jre目录,一个在jdk底下,一个是独立的jre,这里的目录必须同Tomcat使用的jre目录一致,否则后面Tomca
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1