• CAS配置(2)之主配置


    WEB-INF目录

    1.cas.properties文件(打开关闭SSL,主题,定制页面设置)

    #默认端口配置

    #server.name=http://localhost:8080
    server.name=http://localhost:8080
    #默认地址
    #server.prefix=${server.name}/cas
    server.prefix=${server.name}/zzcas
    # IP address or CIDR subnet allowed to access the /status URI of CAS that exposes health check information
    cas.securityContext.status.allowedSubnet=127.0.0.1

    #CSS+JS设置
    #默认设置
    #cas.themeResolver.defaultThemeName=cas-theme-default

    #皮肤主题
    cas.themeResolver.defaultThemeName=cas-theme-zzmetro

    #首页默认设置
    #cas.viewResolver.basename=default_views
    #相关页面定制
    cas.viewResolver.basename=zzmetro_views

    2.spring-configuration/ticketGrantingTicketCookieGenerator.xml(打开关闭SSL)

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xmlns:p="http://www.springframework.org/schema/p"
           xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
    	<description>
    	This Spring Configuration file describes the cookie used to store the WARN parameter so that a user is warned whenever the CAS service
    	is used.  You would modify this if you wanted to change the cookie path or the name.
    	</description>
    	
      <!--默认配置:开启SSL
      -->
    	<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
    		p:cookieSecure="true"
    		p:cookieMaxAge="-1"
    		p:cookieName="CASPRIVACY"
    		p:cookiePath="/zzcas" />
      <!--x新配置:关闭SSL
      <bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
        p:cookieSecure="false"
        p:cookieMaxAge="-1"
        p:cookieName="CASPRIVACY"
        p:cookiePath="/cas" 
        p:p:cookieSecure="false" />
        -->
    </beans>
    

      3.spring-configuration/warnCookieGenerator.xml(打开关闭SSL)

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xmlns:p="http://www.springframework.org/schema/p"
           xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
    	<description>
    	This Spring Configuration file describes the cookie used to store the WARN parameter so that a user is warned whenever the CAS service
    	is used.  You would modify this if you wanted to change the cookie path or the name.
    	</description>
    	
      <!--默认配置:开启SSL
      -->
    	<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
    		p:cookieSecure="true"
    		p:cookieMaxAge="-1"
    		p:cookieName="CASPRIVACY"
    		p:cookiePath="/zzcas" />
      <!--x新配置:关闭SSL
      <bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
        p:cookieSecure="false"
        p:cookieMaxAge="-1"
        p:cookieName="CASPRIVACY"
        p:cookiePath="/cas" 
        p:p:cookieSecure="false" />
        -->
    </beans>
    

    4.字符编码设置

    spring-configuration/applicationContext.xml

      <bean id="messageSource" class="org.jasig.cas.web.view.CasReloadableMessageBundle"
              p:basenames-ref="basenames" p:fallbackToSystemLocale="false" p:defaultEncoding="UTF-8"
              p:cacheSeconds="180" p:useCodeAsDefaultMessage="true" />
    

    spring-configuration/filters.xml

      <bean id="characterEncodingFilter" class="org.springframework.web.filter.CharacterEncodingFilter"
                p:encoding="UTF-8"
                p:forceEncoding="true" />
    

     5.单点登录过期策略配置

        <!--st的过期策略-->
        <bean id="serviceTicketExpirationPolicy" class="org.jasig.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy"
              c:numberOfUses="1" c:timeToKill="${st.timeToKillInSeconds:7200}" c:timeUnit-ref="SECONDS"/>
    
        <!-- TicketGrantingTicketExpirationPolicy: Default as of 3.5 -->
        <!-- Provides both idle and hard timeouts, for instance 2 hour sliding window with an 8 hour max lifetime -->
        <!--tgt的过期策略-->
        <!--当用户在2个小时(7200秒)之内不动移动鼠标或者进行系统超过8个小时(28800秒),则tgt过期-->
        <bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.TicketGrantingTicketExpirationPolicy"
              p:maxTimeToLiveInSeconds="${tgt.maxTimeToLiveInSeconds:28800}"
              p:timeToKillInSeconds="${tgt.timeToKillInSeconds:7200}"/>
    

    6.cas-servlet.xml配置

    <?xml version="1.0" encoding="UTF-8"?>

    <beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:p="http://www.springframework.org/schema/p"
    xmlns:c="http://www.springframework.org/schema/c"
    xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:util="http://www.springframework.org/schema/util"
    xmlns:sec="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
    http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">

    <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
    <constructor-arg>
    <map>
    <!--新配置.接入数据库-->
    <entry key-ref="dbAuthenticationHandler" value-ref="primaryPrincipalResolver" />
    </map>
    </constructor-arg>
    <property name="authenticationPolicy">
    <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
    </property>
    </bean>


    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">

    <!--MySql数据库认证-->
    <!--
    <property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
    <property name="url"><value>jdbc:mysql://192.168.0.58:3306/cassso</value></property>
    <property name="username"><value>metro_monitor</value></property>
    <property name="password"><value>123456</value></property>
    -->

    <!--MsSql数据库认证-->
    <property name="driverClassName"><value>com.microsoft.sqlserver.jdbc.SQLServerDriver</value></property>
    <!-- <property name="url"><value>jdbc:sqlserver://192.168.0.58:1433;DatabaseName=CasSso</value></property>-->
    <property name="url"><value>jdbc:sqlserver://192.168.0.3:1433;DatabaseName=ZhengZhouSso</value></property>
    <property name="username"><value>sa</value></property>
    <property name="password"><value>szhweb2010</value></property>

    </bean>

    <!--Mysql密码加密-->
    <bean id="passwordEncoder"
    class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
    c:encodingAlgorithm="MD5"
    p:characterEncoding="UTF-8" />

    <!--验证处理-->
    <bean id="dbAuthenticationHandler"
    class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
    <property name="dataSource" ref="dataSource"></property>
    <property name="sql" value="select LoginPassword as password from ssoaccount where LoginAccount=? "></property>
    <property name="passwordEncoder" ref="passwordEncoder"></property>
    </bean>

    <bean id="primaryPrincipalResolver"
    class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" >
    <property name="attributeRepository" ref="attributeRepository" />
    </bean>


    <!-- 此处为增加部分 start -->
    <bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao" >
    <constructor-arg index="0" ref="dataSource"/>
    <constructor-arg index="1" value="SELECT * FROM ssoaccount WHERE {0}"/>
    <property name="queryAttributeMapping">
    <map>
    <!-- key对应登录信息, vlaue对应数据库字段 -->
    <entry key="username" value="LoginAccount"/>
    </map>
    </property>
    <property name="resultAttributeMapping">
    <map>
    <!-- key对应数据库字段 value对应attribute中的key -->
    <entry key="Sex" value="Sex"/>
    <entry key="Address" value="Address"/>
    </map>
    </property>
    </bean>
    <!-- 此处为增加部分 end -->

    <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
    p:registeredServices-ref="registeredServicesList" />

    <util:list id="registeredServicesList">
    <bean class="org.jasig.cas.services.RegexRegisteredService"
    p:id="0" p:name="HTTP and IMAP" p:description="Allows HTTP(S) and IMAP(S) protocols"
    p:serviceId="^(https?|http?|imaps?)://.*" p:evaluationOrder="10000001"
    p:enabled="true" p:allowedToProxy="true" />
    </util:list>

    <!--日志默认配置到文件-->
    <!--
    <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
    -->
    <bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" />
    </beans>

    7.WEB-INF下新增文件inspektrThrottledSubmissionContext.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xmlns:aop="http://www.springframework.org/schema/aop"
           xmlns:p="http://www.springframework.org/schema/p"
           xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                               http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd">
    
      <aop:aspectj-autoproxy/>
    
      <bean id="inspektrThrottle"
            class="org.jasig.cas.web.support.InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter">
    
        <constructor-arg index="0" ref="auditTrailManager" />
        <constructor-arg index="1" ref="dataSource" />
    
      </bean>
    
      <bean id="auditTrailManagementAspect" class="com.github.inspektr.audit.AuditTrailManagementAspect">
        <!-- String applicationCode -->
        <constructor-arg index="0" value="CAS" />
    
        <!-- PrincipalResolver auditablePrincipalResolver -->
        <constructor-arg index="1" ref="auditablePrincipalResolver" />
    
        <!-- List<AuditTrailManager> auditTrailManagers -->
        <constructor-arg index="2">
          <list>
            <ref bean="auditTrailManager" />
          </list>
        </constructor-arg>
    
        <!-- Map<String,AuditActionResolver> auditActionResolverMap -->
        <constructor-arg index="3">
          <map>
            <entry key="AUTHENTICATION_RESOLVER">
              <ref local="authenticationActionResolver" />
            </entry>
            <entry key="CREATE_TICKET_GRANTING_TICKET_RESOLVER">
              <ref local="ticketCreationActionResolver" />
            </entry>
            <entry key="DESTROY_TICKET_GRANTING_TICKET_RESOLVER">
              <bean class="com.github.inspektr.audit.spi.support.DefaultAuditActionResolver" />
            </entry>
            <entry key="GRANT_SERVICE_TICKET_RESOLVER">
              <ref local="ticketCreationActionResolver" />
            </entry>
            <entry key="GRANT_PROXY_GRANTING_TICKET_RESOLVER">
              <ref local="ticketCreationActionResolver" />
            </entry>
            <entry key="VALIDATE_SERVICE_TICKET_RESOLVER">
              <ref local="ticketValidationActionResolver" />
            </entry>
            <entry key="DELETE_SERVICE_ACTION_RESOLVER">
              <ref local="deleteServiceActionResolver" />
            </entry>
            <entry key="SAVE_SERVICE_ACTION_RESOLVER">
              <ref local="saveServiceActionResolver" />
            </entry>
          </map>
        </constructor-arg>
    
        <!-- Map<String,AuditResourceResolver> auditResourceResolverMap -->
        <constructor-arg index="4">
          <map>
            <entry key="AUTHENTICATION_RESOURCE_RESOLVER">
              <bean class="org.jasig.cas.audit.spi.CredentialsAsFirstParameterResourceResolver" />
            </entry>
            <entry key="CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER">
              <ref local="returnValueResourceResolver" />
            </entry>
            <entry key="DESTROY_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER">
              <ref local="ticketResourceResolver" />
            </entry>
            <entry key="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER">
              <bean class="org.jasig.cas.audit.spi.ServiceResourceResolver" />
            </entry>
            <entry key="GRANT_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER">
              <ref local="returnValueResourceResolver" />
            </entry>
            <entry key="VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER">
              <ref local="ticketResourceResolver" />
            </entry>
            <entry key="DELETE_SERVICE_RESOURCE_RESOLVER">
              <ref local="deleteServiceResourceResolver" />
            </entry>
            <entry key="SAVE_SERVICE_RESOURCE_RESOLVER">
              <ref local="saveServiceResourceResolver" />
            </entry>
          </map>
        </constructor-arg>
      </bean>
    
      <bean id="saveServiceResourceResolver" class="com.github.inspektr.audit.spi.support.ParametersAsStringResourceResolver" />
    
      <bean id="deleteServiceResourceResolver" class="org.jasig.cas.audit.spi.ServiceManagementResourceResolver" />
    
      <bean id="saveServiceActionResolver" class="com.github.inspektr.audit.spi.support.DefaultAuditActionResolver">
        <constructor-arg index="0" value="_SUCCEEDED" />
        <constructor-arg index="1" value="_FAILED" />
      </bean>
    
      <bean id="deleteServiceActionResolver" class="com.github.inspektr.audit.spi.support.ObjectCreationAuditActionResolver">
        <constructor-arg index="0" value="_SUCCEEDED" />
        <constructor-arg index="1" value="_FAILED" />
      </bean>
    
      <bean id="auditablePrincipalResolver" class="org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver">
        <constructor-arg index="0" ref="ticketRegistry" />
      </bean>
    
      <bean id="authenticationActionResolver"
            class="com.github.inspektr.audit.spi.support.DefaultAuditActionResolver">
        <!-- String successSuffix -->
        <constructor-arg index="0" value="_SUCCESS" />
    
        <!-- String failureSuffix -->
        <constructor-arg index="1" value="_FAILED" />
      </bean>
    
      <bean id="ticketCreationActionResolver"
            class="com.github.inspektr.audit.spi.support.DefaultAuditActionResolver">
        <!-- String successSuffix -->
        <constructor-arg index="0" value="_CREATED" />
    
        <!-- String failureSuffix -->
        <constructor-arg index="1" value="_NOT_CREATED" />
      </bean>
    
      <bean id="ticketValidationActionResolver"
            class="com.github.inspektr.audit.spi.support.DefaultAuditActionResolver">
        <!-- String successSuffix -->
        <constructor-arg index="0" value="D" />
    
        <!-- String failureSuffix -->
        <constructor-arg index="1" value="_FAILED" />
      </bean>
    
      <bean id="returnValueResourceResolver"
            class="com.github.inspektr.audit.spi.support.ReturnValueAsStringResourceResolver" />
    
      <bean id="ticketResourceResolver"
            class="org.jasig.cas.audit.spi.TicketAsFirstParameterResourceResolver" />
    
      <!--日志配置到数据库-->
      <bean id="auditTrailManager" class="com.github.inspektr.audit.support.JdbcAuditTrailManager">
        <constructor-arg index="0" ref="inspektrTransactionTemplate" />
        <property name="dataSource" ref="dataSource" />
      </bean>
    
      <bean id="inspektrTransactionManager"
            class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
            p:dataSource-ref="dataSource"
          />
    
      <bean id="inspektrTransactionTemplate"
            class="org.springframework.transaction.support.TransactionTemplate"
            p:transactionManager-ref="inspektrTransactionManager"
            p:isolationLevelName="ISOLATION_READ_COMMITTED"
            p:propagationBehaviorName="PROPAGATION_REQUIRED"
          />
    </beans>
    

    8.View页面,Css,Js等文件参考原默认文件拷贝进行修改,拷贝出来的文件夹或者文件名,参照前面cas.properties配置

    9.添加Jar包

    cas-server-support-jdbc-4.0.0.jar

    hibernate-entitymanager-4.1.4.Final.jar

    mysql-connector-java-5.1.40-bin.jar

    sqljdbc4.jar

    上述JAR包添加至WEB-INF/lib/目录下面

    10.部分数据表脚本

    /****** Object:  Table [dbo].[com_audit_trail]    Script Date: 04/10/2017 13:19:17 ******/
    SET ANSI_NULLS ON
    GO
    
    SET QUOTED_IDENTIFIER ON
    GO
    
    CREATE TABLE [dbo].[com_audit_trail](
    	[Id] [int] IDENTITY(1,1) NOT NULL,
    	[AUD_USER] [nvarchar](100) NULL,
    	[AUD_CLIENT_IP] [nvarchar](15) NULL,
    	[AUD_SERVER_IP] [nvarchar](15) NULL,
    	[AUD_RESOURCE] [nvarchar](100) NULL,
    	[AUD_ACTION] [nvarchar](100) NULL,
    	[APPLIC_CD] [nvarchar](15) NULL,
    	[AUD_DATE] [datetime] NULL
    ) ON [PRIMARY]
    
    GO
    

    注意:用户表返回的密码字段,经SQL查询后,返回的必须是password,比如:select LoginPassword as password from ssoaccount where LoginAccount=? ,本SQL脚本会随着数据库不同而不同

    11.登录成功,票据验证返回其他信息

    配置文件修改

     <!-- 此处为增加部分 start -->  
        <bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao" >  
            <constructor-arg index="0" ref="dataSource"/>  
            <constructor-arg index="1" value="SELECT * FROM ssoaccount WHERE {0}"/>  
            <property name="queryAttributeMapping">  
                <map>  
                    <!-- key对应登录信息, vlaue对应数据库字段 -->  
                    <entry key="username" value="LoginAccount"/>  
                </map>  
            </property>  
            <property name="resultAttributeMapping">  
                <map>  
                    <!-- key对应数据库字段  value对应attribute中的key -->  
                    <entry key="Sex" value="Sex"/>  
                    <entry key="Address" value="Address"/>  
                </map>  
            </property>  
        </bean>  
        <!-- 此处为增加部分 end --> 
    

    修正casServiceValidationSuccess.jsp文件修正:

    <%@ page session="false" contentType="application/xml; charset=UTF-8" %>
    <%@ page import="java.util.Map.Entry" %>
    <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
    <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
    <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
        <cas:authenticationSuccess>
            <cas:user>${fn:escapeXml(assertion.primaryAuthentication.principal.id)}</cas:user>
            <c:if test="${not empty pgtIou}">
                <cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket>
            </c:if>
            <c:if test="${fn:length(assertion.chainedAuthentications) > 1}">
                <cas:proxies>
                    <c:forEach var="proxy" items="${assertion.chainedAuthentications}" varStatus="loopStatus" begin="0"
                               end="${fn:length(assertion.chainedAuthentications)-2}" step="1">
                        <cas:proxy>${fn:escapeXml(proxy.principal.id)}</cas:proxy>
                    </c:forEach>
                </cas:proxies>
            </c:if>
    
            <c:if test="${fn:length(assertion.primaryAuthentication.principal.attributes) > 0}">
                <cas:attributes>
                    <c:forEach var="attr"
                               items="${assertion.primaryAuthentication.principal.attributes}"
                               varStatus="loopStatus" begin="0"
                               end="${fn:length(assertion.primaryAuthentication.principal.attributes)}"
                               step="1">
                       	<%-- ${attr.value['class'].simpleName} fails for List: use scriptlet instead --%>
                       	<%
                       	    Entry entry = (Entry) pageContext.getAttribute("attr");
                       	    Object value = entry.getValue();
                       	    pageContext.setAttribute("isAString", value instanceof String);
                       	%>
                        <c:choose>
                            <%-- it's a String, output it once --%>
                            <c:when test="${isAString}">
                                <cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
                            </c:when>
                            <%-- if attribute is multi-valued, list each value under the same attribute name --%>
                            <c:otherwise>
                                <c:forEach var="attrval" items="${attr.value}">
                                    <cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attrval)}</cas:${fn:escapeXml(attr.key)}>
                                </c:forEach>
                            </c:otherwise>
                        </c:choose>
                    </c:forEach>
                </cas:attributes>
            </c:if>
    
        </cas:authenticationSuccess>
    </cas:serviceResponse>
    

     

    至此:Cas的主要的配置基本完成

  • 相关阅读:
    centos6.5 mysql配置整理
    第四章 Web表单
    第三章 模板
    第二章 程序的基本结构
    第一章 安装
    常见网络错误代码(转)
    微软消息队列MessageQueue(MQ)
    基于.NET平台常用的框架整理(转)
    Sqlserver更新数据表xml类型字段内容某个节点值的脚本
    正则表达式_基础知识集合
  • 原文地址:https://www.cnblogs.com/oumi/p/6688429.html
Copyright © 2020-2023  润新知