CAS配置(2)之主配置
WEB-INF目录
1.cas.properties文件(打开关闭SSL,主题,定制页面设置)
#默认端口配置
#server.name=http://localhost:8080
server.name=http://localhost:8080
#默认地址
#server.prefix=${server.name}/cas
server.prefix=${server.name}/zzcas
# IP address or CIDR subnet allowed to access the /status URI of CAS that exposes health check information
cas.securityContext.status.allowedSubnet=127.0.0.1
#CSS+JS设置
#默认设置
#cas.themeResolver.defaultThemeName=cas-theme-default
#皮肤主题
cas.themeResolver.defaultThemeName=cas-theme-zzmetro
#首页默认设置
#cas.viewResolver.basename=default_views
#相关页面定制
cas.viewResolver.basename=zzmetro_views
2.spring-configuration/ticketGrantingTicketCookieGenerator.xml(打开关闭SSL)
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<description>
This Spring Configuration file describes the cookie used to store the WARN parameter so that a user is warned whenever the CAS service
is used. You would modify this if you wanted to change the cookie path or the name.
</description>
<!--默认配置:开启SSL
-->
<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="true"
p:cookieMaxAge="-1"
p:cookieName="CASPRIVACY"
p:cookiePath="/zzcas" />
<!--x新配置:关闭SSL
<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="false"
p:cookieMaxAge="-1"
p:cookieName="CASPRIVACY"
p:cookiePath="/cas"
p:p:cookieSecure="false" />
-->
</beans>
3.spring-configuration/warnCookieGenerator.xml(打开关闭SSL)
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<description>
This Spring Configuration file describes the cookie used to store the WARN parameter so that a user is warned whenever the CAS service
is used. You would modify this if you wanted to change the cookie path or the name.
</description>
<!--默认配置:开启SSL
-->
<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="true"
p:cookieMaxAge="-1"
p:cookieName="CASPRIVACY"
p:cookiePath="/zzcas" />
<!--x新配置:关闭SSL
<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="false"
p:cookieMaxAge="-1"
p:cookieName="CASPRIVACY"
p:cookiePath="/cas"
p:p:cookieSecure="false" />
-->
</beans>
4.字符编码设置
spring-configuration/applicationContext.xml
<bean id="messageSource" class="org.jasig.cas.web.view.CasReloadableMessageBundle"
p:basenames-ref="basenames" p:fallbackToSystemLocale="false" p:defaultEncoding="UTF-8"
p:cacheSeconds="180" p:useCodeAsDefaultMessage="true" />
spring-configuration/filters.xml
<bean id="characterEncodingFilter" class="org.springframework.web.filter.CharacterEncodingFilter"
p:encoding="UTF-8"
p:forceEncoding="true" />
5.单点登录过期策略配置
<!--st的过期策略--> <bean id="serviceTicketExpirationPolicy" class="org.jasig.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy" c:numberOfUses="1" c:timeToKill="${st.timeToKillInSeconds:7200}" c:timeUnit-ref="SECONDS"/> <!-- TicketGrantingTicketExpirationPolicy: Default as of 3.5 --> <!-- Provides both idle and hard timeouts, for instance 2 hour sliding window with an 8 hour max lifetime --> <!--tgt的过期策略--> <!--当用户在2个小时(7200秒)之内不动移动鼠标或者进行系统超过8个小时(28800秒),则tgt过期--> <bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.TicketGrantingTicketExpirationPolicy" p:maxTimeToLiveInSeconds="${tgt.maxTimeToLiveInSeconds:28800}" p:timeToKillInSeconds="${tgt.timeToKillInSeconds:7200}"/>
6.cas-servlet.xml配置
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<!--新配置.接入数据库-->
<entry key-ref="dbAuthenticationHandler" value-ref="primaryPrincipalResolver" />
</map>
</constructor-arg>
<property name="authenticationPolicy">
<bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
</property>
</bean>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<!--MySql数据库认证-->
<!--
<property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
<property name="url"><value>jdbc:mysql://192.168.0.58:3306/cassso</value></property>
<property name="username"><value>metro_monitor</value></property>
<property name="password"><value>123456</value></property>
-->
<!--MsSql数据库认证-->
<property name="driverClassName"><value>com.microsoft.sqlserver.jdbc.SQLServerDriver</value></property>
<!-- <property name="url"><value>jdbc:sqlserver://192.168.0.58:1433;DatabaseName=CasSso</value></property>-->
<property name="url"><value>jdbc:sqlserver://192.168.0.3:1433;DatabaseName=ZhengZhouSso</value></property>
<property name="username"><value>sa</value></property>
<property name="password"><value>szhweb2010</value></property>
</bean>
<!--Mysql密码加密-->
<bean id="passwordEncoder"
class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
c:encodingAlgorithm="MD5"
p:characterEncoding="UTF-8" />
<!--验证处理-->
<bean id="dbAuthenticationHandler"
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource"></property>
<property name="sql" value="select LoginPassword as password from ssoaccount where LoginAccount=? "></property>
<property name="passwordEncoder" ref="passwordEncoder"></property>
</bean>
<bean id="primaryPrincipalResolver"
class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" >
<property name="attributeRepository" ref="attributeRepository" />
</bean>
<!-- 此处为增加部分 start -->
<bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao" >
<constructor-arg index="0" ref="dataSource"/>
<constructor-arg index="1" value="SELECT * FROM ssoaccount WHERE {0}"/>
<property name="queryAttributeMapping">
<map>
<!-- key对应登录信息, vlaue对应数据库字段 -->
<entry key="username" value="LoginAccount"/>
</map>
</property>
<property name="resultAttributeMapping">
<map>
<!-- key对应数据库字段 value对应attribute中的key -->
<entry key="Sex" value="Sex"/>
<entry key="Address" value="Address"/>
</map>
</property>
</bean>
<!-- 此处为增加部分 end -->
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
p:registeredServices-ref="registeredServicesList" />
<util:list id="registeredServicesList">
<bean class="org.jasig.cas.services.RegexRegisteredService"
p:id="0" p:name="HTTP and IMAP" p:description="Allows HTTP(S) and IMAP(S) protocols"
p:serviceId="^(https?|http?|imaps?)://.*" p:evaluationOrder="10000001"
p:enabled="true" p:allowedToProxy="true" />
</util:list>
<!--日志默认配置到文件-->
<!--
<bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
-->
<bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" />
</beans>
7.WEB-INF下新增文件inspektrThrottledSubmissionContext.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:p="http://www.springframework.org/schema/p" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd"> <aop:aspectj-autoproxy/> <bean id="inspektrThrottle" class="org.jasig.cas.web.support.InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter"> <constructor-arg index="0" ref="auditTrailManager" /> <constructor-arg index="1" ref="dataSource" /> </bean> <bean id="auditTrailManagementAspect" class="com.github.inspektr.audit.AuditTrailManagementAspect"> <!-- String applicationCode --> <constructor-arg index="0" value="CAS" /> <!-- PrincipalResolver auditablePrincipalResolver --> <constructor-arg index="1" ref="auditablePrincipalResolver" /> <!-- List<AuditTrailManager> auditTrailManagers --> <constructor-arg index="2"> <list> <ref bean="auditTrailManager" /> </list> </constructor-arg> <!-- Map<String,AuditActionResolver> auditActionResolverMap --> <constructor-arg index="3"> <map> <entry key="AUTHENTICATION_RESOLVER"> <ref local="authenticationActionResolver" /> </entry> <entry key="CREATE_TICKET_GRANTING_TICKET_RESOLVER"> <ref local="ticketCreationActionResolver" /> </entry> <entry key="DESTROY_TICKET_GRANTING_TICKET_RESOLVER"> <bean class="com.github.inspektr.audit.spi.support.DefaultAuditActionResolver" /> </entry> <entry key="GRANT_SERVICE_TICKET_RESOLVER"> <ref local="ticketCreationActionResolver" /> </entry> <entry key="GRANT_PROXY_GRANTING_TICKET_RESOLVER"> <ref local="ticketCreationActionResolver" /> </entry> <entry key="VALIDATE_SERVICE_TICKET_RESOLVER"> <ref local="ticketValidationActionResolver" /> </entry> <entry key="DELETE_SERVICE_ACTION_RESOLVER"> <ref local="deleteServiceActionResolver" /> </entry> <entry key="SAVE_SERVICE_ACTION_RESOLVER"> <ref local="saveServiceActionResolver" /> </entry> </map> </constructor-arg> <!-- Map<String,AuditResourceResolver> auditResourceResolverMap --> <constructor-arg index="4"> <map> <entry key="AUTHENTICATION_RESOURCE_RESOLVER"> <bean class="org.jasig.cas.audit.spi.CredentialsAsFirstParameterResourceResolver" /> </entry> <entry key="CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER"> <ref local="returnValueResourceResolver" /> </entry> <entry key="DESTROY_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER"> <ref local="ticketResourceResolver" /> </entry> <entry key="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER"> <bean class="org.jasig.cas.audit.spi.ServiceResourceResolver" /> </entry> <entry key="GRANT_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER"> <ref local="returnValueResourceResolver" /> </entry> <entry key="VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER"> <ref local="ticketResourceResolver" /> </entry> <entry key="DELETE_SERVICE_RESOURCE_RESOLVER"> <ref local="deleteServiceResourceResolver" /> </entry> <entry key="SAVE_SERVICE_RESOURCE_RESOLVER"> <ref local="saveServiceResourceResolver" /> </entry> </map> </constructor-arg> </bean> <bean id="saveServiceResourceResolver" class="com.github.inspektr.audit.spi.support.ParametersAsStringResourceResolver" /> <bean id="deleteServiceResourceResolver" class="org.jasig.cas.audit.spi.ServiceManagementResourceResolver" /> <bean id="saveServiceActionResolver" class="com.github.inspektr.audit.spi.support.DefaultAuditActionResolver"> <constructor-arg index="0" value="_SUCCEEDED" /> <constructor-arg index="1" value="_FAILED" /> </bean> <bean id="deleteServiceActionResolver" class="com.github.inspektr.audit.spi.support.ObjectCreationAuditActionResolver"> <constructor-arg index="0" value="_SUCCEEDED" /> <constructor-arg index="1" value="_FAILED" /> </bean> <bean id="auditablePrincipalResolver" class="org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver"> <constructor-arg index="0" ref="ticketRegistry" /> </bean> <bean id="authenticationActionResolver" class="com.github.inspektr.audit.spi.support.DefaultAuditActionResolver"> <!-- String successSuffix --> <constructor-arg index="0" value="_SUCCESS" /> <!-- String failureSuffix --> <constructor-arg index="1" value="_FAILED" /> </bean> <bean id="ticketCreationActionResolver" class="com.github.inspektr.audit.spi.support.DefaultAuditActionResolver"> <!-- String successSuffix --> <constructor-arg index="0" value="_CREATED" /> <!-- String failureSuffix --> <constructor-arg index="1" value="_NOT_CREATED" /> </bean> <bean id="ticketValidationActionResolver" class="com.github.inspektr.audit.spi.support.DefaultAuditActionResolver"> <!-- String successSuffix --> <constructor-arg index="0" value="D" /> <!-- String failureSuffix --> <constructor-arg index="1" value="_FAILED" /> </bean> <bean id="returnValueResourceResolver" class="com.github.inspektr.audit.spi.support.ReturnValueAsStringResourceResolver" /> <bean id="ticketResourceResolver" class="org.jasig.cas.audit.spi.TicketAsFirstParameterResourceResolver" /> <!--日志配置到数据库--> <bean id="auditTrailManager" class="com.github.inspektr.audit.support.JdbcAuditTrailManager"> <constructor-arg index="0" ref="inspektrTransactionTemplate" /> <property name="dataSource" ref="dataSource" /> </bean> <bean id="inspektrTransactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager" p:dataSource-ref="dataSource" /> <bean id="inspektrTransactionTemplate" class="org.springframework.transaction.support.TransactionTemplate" p:transactionManager-ref="inspektrTransactionManager" p:isolationLevelName="ISOLATION_READ_COMMITTED" p:propagationBehaviorName="PROPAGATION_REQUIRED" /> </beans>
8.View页面,Css,Js等文件参考原默认文件拷贝进行修改,拷贝出来的文件夹或者文件名,参照前面cas.properties配置
9.添加Jar包
cas-server-support-jdbc-4.0.0.jar
hibernate-entitymanager-4.1.4.Final.jar
mysql-connector-java-5.1.40-bin.jar
sqljdbc4.jar
上述JAR包添加至WEB-INF/lib/目录下面
10.部分数据表脚本
/****** Object: Table [dbo].[com_audit_trail] Script Date: 04/10/2017 13:19:17 ******/ SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO CREATE TABLE [dbo].[com_audit_trail]( [Id] [int] IDENTITY(1,1) NOT NULL, [AUD_USER] [nvarchar](100) NULL, [AUD_CLIENT_IP] [nvarchar](15) NULL, [AUD_SERVER_IP] [nvarchar](15) NULL, [AUD_RESOURCE] [nvarchar](100) NULL, [AUD_ACTION] [nvarchar](100) NULL, [APPLIC_CD] [nvarchar](15) NULL, [AUD_DATE] [datetime] NULL ) ON [PRIMARY] GO
注意:用户表返回的密码字段,经SQL查询后,返回的必须是password,比如:select LoginPassword as password from ssoaccount where LoginAccount=? ,本SQL脚本会随着数据库不同而不同
11.登录成功,票据验证返回其他信息
配置文件修改
<!-- 此处为增加部分 start --> <bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao" > <constructor-arg index="0" ref="dataSource"/> <constructor-arg index="1" value="SELECT * FROM ssoaccount WHERE {0}"/> <property name="queryAttributeMapping"> <map> <!-- key对应登录信息, vlaue对应数据库字段 --> <entry key="username" value="LoginAccount"/> </map> </property> <property name="resultAttributeMapping"> <map> <!-- key对应数据库字段 value对应attribute中的key --> <entry key="Sex" value="Sex"/> <entry key="Address" value="Address"/> </map> </property> </bean> <!-- 此处为增加部分 end -->
修正casServiceValidationSuccess.jsp文件修正:
<%@ page session="false" contentType="application/xml; charset=UTF-8" %> <%@ page import="java.util.Map.Entry" %> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user>${fn:escapeXml(assertion.primaryAuthentication.principal.id)}</cas:user> <c:if test="${not empty pgtIou}"> <cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket> </c:if> <c:if test="${fn:length(assertion.chainedAuthentications) > 1}"> <cas:proxies> <c:forEach var="proxy" items="${assertion.chainedAuthentications}" varStatus="loopStatus" begin="0" end="${fn:length(assertion.chainedAuthentications)-2}" step="1"> <cas:proxy>${fn:escapeXml(proxy.principal.id)}</cas:proxy> </c:forEach> </cas:proxies> </c:if> <c:if test="${fn:length(assertion.primaryAuthentication.principal.attributes) > 0}"> <cas:attributes> <c:forEach var="attr" items="${assertion.primaryAuthentication.principal.attributes}" varStatus="loopStatus" begin="0" end="${fn:length(assertion.primaryAuthentication.principal.attributes)}" step="1"> <%-- ${attr.value['class'].simpleName} fails for List: use scriptlet instead --%> <% Entry entry = (Entry) pageContext.getAttribute("attr"); Object value = entry.getValue(); pageContext.setAttribute("isAString", value instanceof String); %> <c:choose> <%-- it's a String, output it once --%> <c:when test="${isAString}"> <cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}> </c:when> <%-- if attribute is multi-valued, list each value under the same attribute name --%> <c:otherwise> <c:forEach var="attrval" items="${attr.value}"> <cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attrval)}</cas:${fn:escapeXml(attr.key)}> </c:forEach> </c:otherwise> </c:choose> </c:forEach> </cas:attributes> </c:if> </cas:authenticationSuccess> </cas:serviceResponse>
至此:Cas的主要的配置基本完成