单点登录JA-SIG研究分析
一、数据库配置
1.复杂数据库驱动jar文件到cas服务端网站的lib目录下
2.修改CasServer/WEB-INF/deployerConfigContext.xml文件:
![]()
<!-- 注释掉如下代码-->
![]()
<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
![]()
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
![]()
<property name="sql" value="select PASSWORD_ from ID_USER where NAME_=?"/>
![]()
<property name="passwordEncoder" ref="passwordEncoder"/>
![]()
<property name="dataSource" ref="dataSource"/>
![]()
</bean>
![]()
<!-- 数据源定义 -->
![]()
<bean id="dataSource"
![]()
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
![]()
<property name="driverClassName" value="${db.driver}" />
![]()
<property name="url" value="${db.url}" />
![]()
<property name="username" value="${db.username}" />
![]()
<property name="password" value="${db.password}" />
![]()
</bean>
![]()
<bean id="passwordEncoder"
![]()
class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
![]()
autowire="byName">
![]()
<constructor-arg value="MD5" />
![]()
</bean>
![]()
database.hibernate.dialect=org.hibernate.dialect.OracleDialect
![]()
#database.hibernate.dialect=org.hibernate.dialect.MySQLDialect
![]()
#database.hibernate.dialect=org.hibernate.dialect.HSQLDialect
![]()
db.driver=oracle.jdbc.driver.OracleDriver
![]()
db.url=jdbc/:oracle/:thin/:@localhost/:1521/:master
![]()
db.username=casusername
![]()
db.password=caspwd
![]()
<!-- 注释掉如下代码-->
![]()
<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
![]()
<bean
![]()
class="com.jihong.cas.adaptors.ldap.BindLdapAuthenticationHandler">
![]()
<property name="filter" value="uid=%u" />
![]()
<!-- 基节点 -->
![]()
<property name="searchBase"
![]()
value="OU=单位,O=TJJU" />
![]()
<property name="contextSource" ref="contextSource" />
![]()
</bean>
![]()
<bean id="contextSource"
![]()
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
![]()
<property name="password" value="secret" />
![]()
<property name="pooled" value="true" />
![]()
<property name="urls">
![]()
<list>
![]()
<value>ldap://192.168.0.1:389/</value>
![]()
</list>
![]()
</property>
![]()
<!-- property name="userName" value="uid=admin,O=TJJU" /-->
![]()
<property name="baseEnvironmentProperties">
![]()
<map>
![]()
<entry>
![]()
<key>
![]()
<value>
![]()
java.naming.security.authentication
![]()
</value>
![]()
</key>
![]()
<value>simple</value>
![]()
</entry>
![]()
</map>
![]()
</property>
![]()
</bean>
![]()
<bean id="serviceRegistryDao"
![]()
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />
![]()
<bean id="serviceRegistryDao"
![]()
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
![]()
<!-- 注册客户端 -->
![]()
<property name="registeredServices">
![]()
<list>
![]()
<!-- 一个客户端配置 -->
![]()
<bean
![]()
class="org.jasig.cas.services.RegisteredServiceImpl"
![]()
p:id="1"
![]()
p:description="Tout Nancy 2"
![]()
p:serviceId="*://localhost:8080/**"
![]()
p:name="Tout Nancy 2"
![]()
p:theme="nancy2"
![]()
p:allowedToProxy="true"
![]()
p:enabled="true"
![]()
p:ssoEnabled="true"
![]()
p:anonymousAccess="false">
![]()
<!-- 允许的属性 -->
![]()
<property name="allowedAttributes" value="Name,telephoneNumber,fullName,mail,eduPersonAffiliation,groupMembership"/>
![]()
</bean>
![]()
</list>
![]()
</property>
![]()
</bean>
![]()
<bean id="attributeRepository"
![]()
class="org.jasig.services.persondir.support.StubPersonAttributeDao">
![]()
<property name="backingMap">
![]()
<map>
![]()
<entry key="uid" value="uid" />
![]()
<entry key="eduPersonAffiliation"
![]()
value="eduPersonAffiliation" />
![]()
<entry key="groupMembership" value="groupMembership" />
![]()
</map>
![]()
</property>
![]()
</bean>
![]()
<bean id="attributeRepository"
![]()
class="com.jihong.services.persondir.support.ldap.LdapPersonAttributeDao">
![]()
<property name="baseDN" value="OU=单位,O=TJJU" />
![]()
<property name="query" value="(uid={0})" />
![]()
<property name="contextSource" ref="contextSource" />
![]()
<property name="ldapAttributesToPortalAttributes">
![]()
<map>
![]()
<entry key="cn" value="Name" />
![]()
<entry value="Telephone" key="telephoneNumber" />
![]()
<entry value="Full Name" key="fullName" />
![]()
<entry value="Email" key="mail" />
![]()
<entry key="eduPersonAffiliation"
![]()
value="eduPersonAffiliation" />
![]()
<entry key="groupMembership" value="groupMembership" />
![]()
</map>
![]()
</property>
![]()
</bean>
1.复杂数据库驱动jar文件到cas服务端网站的lib目录下
2.修改CasServer/WEB-INF/deployerConfigContext.xml文件:
<!-- 注释掉如下代码--><bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> 替换成:
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"> <property name="sql" value="select PASSWORD_ from ID_USER where NAME_=?"/> <property name="passwordEncoder" ref="passwordEncoder"/> <property name="dataSource" ref="dataSource"/> </bean> 在文件末尾加入:
<!-- 数据源定义 --> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName" value="${db.driver}" /> <property name="url" value="${db.url}" /> <property name="username" value="${db.username}" /> <property name="password" value="${db.password}" /> </bean> <bean id="passwordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" autowire="byName"> <constructor-arg value="MD5" /> </bean> 在CasServer/WEB-INF/cas.properties文件中添加:
database.hibernate.dialect=org.hibernate.dialect.OracleDialect#database.hibernate.dialect=org.hibernate.dialect.MySQLDialect#database.hibernate.dialect=org.hibernate.dialect.HSQLDialectdb.driver=oracle.jdbc.driver.OracleDriverdb.url=jdbc/:oracle/:thin/:@localhost/:1521/:masterdb.username=casusernamedb.password=caspwd 二、LDAP配置
1.复杂cas-server-support-ldap-3.2.jar文件到cas服务端网站的lib目录下
2.修改CasServer/WEB-INF/deployerConfigContext.xml文件:
<!-- 注释掉如下代码--><bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
替换成:(注意:位置)
<bean class="com.jihong.cas.adaptors.ldap.BindLdapAuthenticationHandler"> <property name="filter" value="uid=%u" /> <!-- 基节点 --> <property name="searchBase" value="OU=单位,O=TJJU" /> <property name="contextSource" ref="contextSource" /> </bean>在文件末尾加入:
<bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> <property name="password" value="secret" /> <property name="pooled" value="true" /> <property name="urls"> <list> <value>ldap://192.168.0.1:389/</value> </list> </property> <!-- property name="userName" value="uid=admin,O=TJJU" /--> <property name="baseEnvironmentProperties"> <map> <entry> <key> <value> java.naming.security.authentication </value> </key> <value>simple</value> </entry> </map> </property> </bean> 三、分析deployerConfigContext.xml的其他配置
1.客户端登陆服务配置:每加入一个客户端网站都需修改这个配置。
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" /> 例如:
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> <!-- 注册客户端 --> <property name="registeredServices"> <list> <!-- 一个客户端配置 --> <bean class="org.jasig.cas.services.RegisteredServiceImpl" p:id="1" p:description="Tout Nancy 2" p:serviceId="*://localhost:8080/**" p:name="Tout Nancy 2" p:theme="nancy2" p:allowedToProxy="true" p:enabled="true" p:ssoEnabled="true" p:anonymousAccess="false"> <!-- 允许的属性 --> <property name="allowedAttributes" value="Name,telephoneNumber,fullName,mail,eduPersonAffiliation,groupMembership"/> </bean> </list> </property> </bean>2.属性注册:从数据库中读取的属性
<bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"> <property name="backingMap"> <map> <entry key="uid" value="uid" /> <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> <entry key="groupMembership" value="groupMembership" /> </map> </property> </bean> 例如:从LDAP中读取属性
<bean id="attributeRepository" class="com.jihong.services.persondir.support.ldap.LdapPersonAttributeDao"> <property name="baseDN" value="OU=单位,O=TJJU" /> <property name="query" value="(uid={0})" /> <property name="contextSource" ref="contextSource" /> <property name="ldapAttributesToPortalAttributes"> <map> <entry key="cn" value="Name" /> <entry value="Telephone" key="telephoneNumber" /> <entry value="Full Name" key="fullName" /> <entry value="Email" key="mail" /> <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> <entry key="groupMembership" value="groupMembership" /> </map> </property> </bean>转自:http://www.cnblogs.com/huangzhex/archive/2008/05/12/1193750.html
浙公网安备 33010602011771号