单点登录JASIG研究分析

  一、数据库配置
        1.复杂数据库驱动jar文件到cas服务端网站的lib目录下
        2.修改CasServer/WEB-INF/deployerConfigContext.xml文件：
            

<!-- 注释掉如下代码-->
<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />

        替换成:
        

                <bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
                    <property name="sql" value="select PASSWORD_ from ID_USER where NAME_=?"/>
                    <property name="passwordEncoder" ref="passwordEncoder"/>
                    <property name="dataSource" ref="dataSource"/>
                </bean>

        在文件末尾加入：

<!-- 数据源定义 -->
    <bean id="dataSource"
        class="org.springframework.jdbc.datasource.DriverManagerDataSource">
        <property name="driverClassName" value="${db.driver}" />
        <property name="url" value="${db.url}" />
        <property name="username" value="${db.username}" />
        <property name="password" value="${db.password}" />
    </bean>
    <bean id="passwordEncoder"
        class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
        autowire="byName">
        <constructor-arg value="MD5" />
    </bean>

        在CasServer/WEB-INF/cas.properties文件中添加:

database.hibernate.dialect=org.hibernate.dialect.OracleDialect
#database.hibernate.dialect=org.hibernate.dialect.MySQLDialect
#database.hibernate.dialect=org.hibernate.dialect.HSQLDialect
db.driver=oracle.jdbc.driver.OracleDriver
db.url=jdbc/:oracle/:thin/:@localhost/:1521/:master
db.username=casusername
db.password=caspwd

     二、LDAP配置
            1.复杂cas-server-support-ldap-3.2.jar文件到cas服务端网站的lib目录下
            2.修改CasServer/WEB-INF/deployerConfigContext.xml文件：
            

<!-- 注释掉如下代码-->
<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />

 

        替换成:（注意:位置）

<bean
                    class="com.jihong.cas.adaptors.ldap.BindLdapAuthenticationHandler">
                    <property name="filter" value="uid=%u" />
                    <!-- 基节点 -->
                    <property name="searchBase"
                        value="OU=单位,O=TJJU" />
                    <property name="contextSource" ref="contextSource" />
                </bean>

在文件末尾加入：

<bean id="contextSource"
        class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
        <property name="password" value="secret" />
        <property name="pooled" value="true" />
        <property name="urls">
            <list>
                <value>ldap://192.168.0.1:389/</value>
            </list>
        </property>
        <!-- property name="userName" value="uid=admin,O=TJJU" /-->
        <property name="baseEnvironmentProperties">
            <map>
                <entry>
                    <key>
                        <value>
                            java.naming.security.authentication
                        </value>
                    </key>
                    <value>simple</value>
                </entry>
            </map>
        </property>
    </bean>

     三、分析deployerConfigContext.xml的其他配置
         1.客户端登陆服务配置:每加入一个客户端网站都需修改这个配置。   

<bean id="serviceRegistryDao"
        class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />

        例如:

<bean id="serviceRegistryDao"
        class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
        <!-- 注册客户端 -->
        <property name="registeredServices">
            <list>
            <!-- 一个客户端配置 -->
                <bean
                    class="org.jasig.cas.services.RegisteredServiceImpl" 
                    p:id="1"
                    p:description="Tout Nancy 2" 
                    p:serviceId="*://localhost:8080/**"
                    p:name="Tout Nancy 2" 
                    p:theme="nancy2" 
                    p:allowedToProxy="true"
                    p:enabled="true" 
                    p:ssoEnabled="true" 
                    p:anonymousAccess="false">
                    <!-- 允许的属性 -->
                    <property name="allowedAttributes" value="Name,telephoneNumber,fullName,mail,eduPersonAffiliation,groupMembership"/>
                </bean>
            </list>
        </property>
    </bean>

        2.属性注册:从数据库中读取的属性

 

<bean id="attributeRepository"
        class="org.jasig.services.persondir.support.StubPersonAttributeDao">
        <property name="backingMap">
            <map>
                <entry key="uid" value="uid" />
                <entry key="eduPersonAffiliation"
                    value="eduPersonAffiliation" />
                <entry key="groupMembership" value="groupMembership" />
            </map>
        </property>
    </bean>

    例如：从LDAP中读取属性

<bean id="attributeRepository"
        class="com.jihong.services.persondir.support.ldap.LdapPersonAttributeDao">
        <property name="baseDN" value="OU=单位,O=TJJU" />
        <property name="query" value="(uid={0})" />
        <property name="contextSource" ref="contextSource" />
        <property name="ldapAttributesToPortalAttributes">
            <map>
                <entry key="cn" value="Name" />
                <entry value="Telephone" key="telephoneNumber" />
                <entry value="Full Name" key="fullName" />
                <entry value="Email" key="mail" />
                <entry key="eduPersonAffiliation"
                    value="eduPersonAffiliation" />
                <entry key="groupMembership" value="groupMembership" />
            </map>
        </property>
    </bean>

转自：http://www.cnblogs.com/huangzhex/archive/2008/05/12/1193750.html