免费视频淫片aa毛片_日韩高清在线亚洲专区vr_日韩大片免费观看视频播放_亚洲欧美国产精品完整版

打開APP
userphoto
未登錄

開通VIP,暢享免費電子書等14項超值服

開通VIP
CAS干單點登陸(SSO)
CAS做單點登陸(SSO)——集成Java Web 項目

添加cas-client的jar包

下載cas-client,地址:http://www.ja-sig.org/downloads/cas-clients/,當前最新版本是cas-client-3.2.1-release.zip。然后解壓cas-client-3.2.1-release.zip,在modules拷貝cas-client-core-3.2.1.jar應用的WEB-INF/lib目錄中

撰寫支持CAS集成的客戶化包

除了在web.xml添加CAS內(nèi)置的filter外(具體看配置web.xml),我們需要撰寫自己支持CAS集成的客戶化包。大致思路如下:

	@Override	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {				HttpServletRequest request = (HttpServletRequest)servletRequest;		HttpServletResponse response = (HttpServletResponse)servletResponse;				HttpSession session = request.getSession();		//在session中自定義一個參數(shù),以它來校驗是否完成過自動登陸		Object user_login = session.getAttribute(AURORA_USER_LOGIN);		if (user_login != null){			//登陸過,就繼續(xù)執(zhí)行其他filter			filterChain.doFilter(request, response);			return;		}		//通過CAS的API獲得登陸賬號		String loginName = AssertionHolder.getAssertion().getPrincipal().getName();		try {			//執(zhí)行本系統(tǒng)的登陸。跟平常同時校驗用戶名和密碼不同,這里只有用戶名。			executeLoginProc(request,response,loginName);		} catch (Exception e) {			logger.log(Level.SEVERE, "executeLoginProc error:", e);			return;		}		//登陸成功		session.setAttribute(AURORA_USER_LOGIN, Boolean.TRUE);		//跳轉到登陸成功后的頁面		response.sendRedirect(roleSelectPageUrl);	}

把這個class打包成一個jar拷貝到應用的WEB-INF/lib目錄中。

如果有興趣,還可以簡單了解下org.jasig.cas.client.authentication.AuthenticationFilter這個CAS內(nèi)置filter的功能

public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {    HttpServletRequest request = (HttpServletRequest)servletRequest;    HttpServletResponse response = (HttpServletResponse)servletResponse;    HttpSession session = request.getSession(false); //檢查自定義屬性"_const_cas_assertion_"    Assertion assertion = session != null ? (Assertion)session.getAttribute("_const_cas_assertion_") : null;

    if (assertion != null) {   //已經(jīng)成功登陸過CAS      filterChain.doFilter(request, response);      return;    }  //拿到url,并檢查url參數(shù)中的ticket是否有效    String serviceUrl = constructServiceUrl(request, response);    String ticket = CommonUtils.safeGetParameter(request, getArtifactParameterName());    boolean wasGatewayed = this.gatewayStorage.hasGatewayedAlready(request, serviceUrl);

    if ((CommonUtils.isNotBlank(ticket)) || (wasGatewayed)) {   //ticket有效      filterChain.doFilter(request, response);      return;    }

    this.log.debug("no ticket and no assertion found");    String modifiedServiceUrl;    String modifiedServiceUrl;    if (this.gateway) {      this.log.debug("setting gateway attribute in session");      modifiedServiceUrl = this.gatewayStorage.storeGatewayInformation(request, serviceUrl);    } else {      modifiedServiceUrl = serviceUrl;    }

    if (this.log.isDebugEnabled()) {      this.log.debug("Constructed service url: " + modifiedServiceUrl);    }

    String urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), modifiedServiceUrl, this.renew, this.gateway);

    if (this.log.isDebugEnabled()) {      this.log.debug("redirecting to \"" + urlToRedirectTo + "\"");    }  //重定向到cas的登陸頁面    response.sendRedirect(urlToRedirectTo);  }


 

修改web.xml

在應用WEB-INF/web.xml添加filter的內(nèi)容,效果如下所示

<!-- ======================== 單點登錄開始 ======================== -->	<!-- 用于單點退出,該過濾器用于實現(xiàn)單點登出功能,可選配置-->	<listener>		<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>	</listener>	<!-- 該過濾器用于實現(xiàn)單點登出功能,可選配置。 -->	<filter>		<filter-name>CAS Single Sign Out Filter</filter-name>		<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>	</filter>	<filter-mapping>		<filter-name>CAS Single Sign Out Filter</filter-name>		<url-pattern>/*</url-pattern>	</filter-mapping>	<!-- 該過濾器負責用戶的認證工作,必須啟用它 -->	<filter>		<filter-name>CASFilter</filter-name>		<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>		<init-param>			<param-name>casServerLoginUrl</param-name>			<param-value>https://sso.aurora-framework.org:8080/cas/login</param-value>			<!--這里的server是服務端的IP-->		</init-param>		<init-param>			<param-name>serverName</param-name>			<param-value>https://sso.aurora-framework.org:8080</param-value>		</init-param>	</filter>	<filter-mapping>		<filter-name>CASFilter</filter-name>		<url-pattern>/*</url-pattern>	</filter-mapping>	<!-- 該過濾器負責對Ticket的校驗工作,必須啟用它 -->	<filter>		<filter-name>CAS Validation Filter</filter-name>		<filter-class>			org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>		<init-param>			<param-name>casServerUrlPrefix</param-name>			<param-value>https://sso.aurora-framework.org:8080/cas</param-value>		</init-param>		<init-param>			<param-name>serverName</param-name>			<param-value>https://sso.aurora-framework.org:8080</param-value>		</init-param>	</filter>	<filter-mapping>		<filter-name>CAS Validation Filter</filter-name>		<url-pattern>/*</url-pattern>	</filter-mapping>	<!--		該過濾器負責實現(xiàn)HttpServletRequest請求的包裹,		比如允許開發(fā)者通過HttpServletRequest的getRemoteUser()方法獲得SSO登錄用戶的登錄名,可選配置。	-->	<filter>		<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>		<filter-class>			org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>	</filter>	<filter-mapping>		<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>		<url-pattern>/*</url-pattern>	</filter-mapping>	<!--		該過濾器使得開發(fā)者可以通過org.jasig.cas.client.util.AssertionHolder來獲取用戶的登錄名。		比如AssertionHolder.getAssertion().getPrincipal().getName()。	-->	<filter>		<filter-name>CAS Assertion Thread Local Filter</filter-name>		<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>	</filter>	<filter-mapping>		<filter-name>CAS Assertion Thread Local Filter</filter-name>		<url-pattern>/*</url-pattern>	</filter-mapping>		<!-- 自動根據(jù)單點登錄的結果設置本系統(tǒng)的用戶信息-->	<filter>		<display-name>AutoSetUserAdapterFilter</display-name>		<filter-name>AutoSetUserAdapterFilter</filter-name>		<filter-class>aurora.plugin.sso.cas.AutoSetUserFilter</filter-class>		<init-param>			<param-name>roleSelectPageUrl</param-name>			<param-value>https://sso.aurora-framework.org:8080/yourapp/role_select.screen</param-value>		</init-param>	</filter>	<filter-mapping>		<filter-name>AutoSetUserAdapterFilter</filter-name>		<url-pattern>/*</url-pattern>	</filter-mapping>	<!-- ======================== 單點登錄結束 ======================== -->

 

前面幾個都是CAS標準配置,最后一個AutoSetUserAdapterFilter(自定義,可以取其他任意名字)才是我們支持cas的客戶化程序。其中roleSelectPageUrl是指用戶完成單點登錄后跳轉的頁面。

本文檔撰寫時java web項目和CAS用同一個tomcat,所以都用的https。否則只需要配置CAS的鏈接為HTTPS,本項目連接用HTTP。

 

修改CAS的認證邏輯

CAS默認的邏輯是用戶名和密碼一致就可以登陸,現(xiàn)在需要把原web系統(tǒng)的用戶名和密碼校驗挪到CAS中。這里假設原先web系統(tǒng)中有一張sys_user表存儲了用戶名和MD5散列后的密碼。

 

打開cas/WEB-INF/deployerConfigContext.xml

  1. 注釋掉SimpleTestUsernamePasswordAuthenticationHandler這個Handler,并添加

     

    <bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">	<property ref="dataSource" name="dataSource"></property>	<property name="sql" value="select t.encrypted_user_password from sys_user t where t.user_name=?"></property>                     	<property ref="MD5PasswordEncoder" name="passwordEncoder"></property></bean>


     

  2.  在文件末尾之前加入數(shù)據(jù)庫的鏈接:

        <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">        <property name="driverClassName">            <value>oracle.jdbc.driver.OracleDriver</value>        </property>        <property name="url">            <value>jdbc:oracle:thin:@yourIP:1521:yourOracleInstanceId</value>        </property>        <property name="username">            <value>yourName</value>        </property>        <property name="password">            <value>yourPassword</value>        </property>    </bean>    <bean id="MD5PasswordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">        <constructor-arg index="0">            <value>MD5</value>        </constructor-arg>    </bean>

     

  3. cas加入jdbc支持
    復制cas-server-3.5.2\modules\cas-server-support-jdbc-3.5.2.jaroracle驅動(這里采用oracle數(shù)據(jù))的ojdbc14.jar或者classes12.jar放到cas/WEB-INF/lib目錄下。

  4. 重新登陸Web系統(tǒng)

    重啟tomcat,在瀏覽器中輸入https://sso.aurora-framework.org:8080/yourapp/,自動跳轉到如下頁面:

  5. 輸入web系統(tǒng)預先定義的用戶名和密碼,并跳轉到自定義(web.xml中定義的)登陸成功后的頁面。

本站僅提供存儲服務,所有內(nèi)容均由用戶發(fā)布,如發(fā)現(xiàn)有害或侵權內(nèi)容,請點擊舉報。
打開APP,閱讀全文并永久保存 查看更多類似文章
猜你喜歡
類似文章
CAS單點登錄應用
sso單點登錄
cas 配置與自定義開發(fā)
統(tǒng)一身份認證(CAS)簡單說明與設計方案
CAS 與 Spring Security 3.1整合配置詳解
用Yale CAS Server 來實現(xiàn)單點登陸(SSO)
更多類似文章 >>
生活服務
分享 收藏 導長圖 關注 下載文章
綁定賬號成功
后續(xù)可登錄賬號暢享VIP特權!
如果VIP功能使用有故障,
可點擊這里聯(lián)系客服!

聯(lián)系客服