CAS配置(2)之主配置

WEB-INF目录

1.cas.properties文件(打开关闭SSL,主题,定制页面设置)

#默认端口配置

#server.name=http://localhost:8080
server.name=http://localhost:8080
#默认地址
#server.prefix=${server.name}/cas
server.prefix=${server.name}/zzcas
# IP address or CIDR subnet allowed to access the /status URI of CAS that exposes health check information
cas.securityContext.status.allowedSubnet=127.0.0.1

#CSS+JS设置
#默认设置
#cas.themeResolver.defaultThemeName=cas-theme-default

#皮肤主题
cas.themeResolver.defaultThemeName=cas-theme-zzmetro

#首页默认设置
#cas.viewResolver.basename=default_views
#相关页面定制
cas.viewResolver.basename=zzmetro_views

 

2.spring-configuration/ticketGrantingTicketCookieGenerator.xml(打开关闭SSL)

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:p="http://www.springframework.org/schema/p"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
	<description>
	This Spring Configuration file describes the cookie used to store the WARN parameter so that a user is warned whenever the CAS service
	is used.  You would modify this if you wanted to change the cookie path or the name.
	</description>
	
  <!--默认配置:开启SSL
  -->
	<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
		p:cookieSecure="true"
		p:cookieMaxAge="-1"
		p:cookieName="CASPRIVACY"
		p:cookiePath="/zzcas" />
  <!--x新配置:关闭SSL
  <bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
    p:cookieSecure="false"
    p:cookieMaxAge="-1"
    p:cookieName="CASPRIVACY"
    p:cookiePath="/cas" 
    p:p:cookieSecure="false" />
    -->
</beans>

  3.spring-configuration/warnCookieGenerator.xml(打开关闭SSL)

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:p="http://www.springframework.org/schema/p"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
	<description>
	This Spring Configuration file describes the cookie used to store the WARN parameter so that a user is warned whenever the CAS service
	is used.  You would modify this if you wanted to change the cookie path or the name.
	</description>
	
  <!--默认配置:开启SSL
  -->
	<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
		p:cookieSecure="true"
		p:cookieMaxAge="-1"
		p:cookieName="CASPRIVACY"
		p:cookiePath="/zzcas" />
  <!--x新配置:关闭SSL
  <bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
    p:cookieSecure="false"
    p:cookieMaxAge="-1"
    p:cookieName="CASPRIVACY"
    p:cookiePath="/cas" 
    p:p:cookieSecure="false" />
    -->
</beans>

4.字符编码设置

spring-configuration/applicationContext.xml

  <bean id="messageSource" class="org.jasig.cas.web.view.CasReloadableMessageBundle"
          p:basenames-ref="basenames" p:fallbackToSystemLocale="false" p:defaultEncoding="UTF-8"
          p:cacheSeconds="180" p:useCodeAsDefaultMessage="true" />

spring-configuration/filters.xml

  <bean id="characterEncodingFilter" class="org.springframework.web.filter.CharacterEncodingFilter"
            p:encoding="UTF-8"
            p:forceEncoding="true" />

 5.单点登录过期策略配置

    <!--st的过期策略-->
    <bean id="serviceTicketExpirationPolicy" class="org.jasig.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy"
          c:numberOfUses="1" c:timeToKill="${st.timeToKillInSeconds:7200}" c:timeUnit-ref="SECONDS"/>

    <!-- TicketGrantingTicketExpirationPolicy: Default as of 3.5 -->
    <!-- Provides both idle and hard timeouts, for instance 2 hour sliding window with an 8 hour max lifetime -->
    <!--tgt的过期策略-->
    <!--当用户在2个小时(7200秒)之内不动移动鼠标或者进行系统超过8个小时(28800秒),则tgt过期-->
    <bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.TicketGrantingTicketExpirationPolicy"
          p:maxTimeToLiveInSeconds="${tgt.maxTimeToLiveInSeconds:28800}"
          p:timeToKillInSeconds="${tgt.timeToKillInSeconds:7200}"/>

6.cas-servlet.xml配置

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">

<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<!--新配置.接入数据库-->
<entry key-ref="dbAuthenticationHandler" value-ref="primaryPrincipalResolver" />
</map>
</constructor-arg>
<property name="authenticationPolicy">
<bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
</property>
</bean>


<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">

<!--MySql数据库认证-->
<!--
<property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
<property name="url"><value>jdbc:mysql://192.168.0.58:3306/cassso</value></property>
<property name="username"><value>metro_monitor</value></property>
<property name="password"><value>123456</value></property>
-->

<!--MsSql数据库认证-->
<property name="driverClassName"><value>com.microsoft.sqlserver.jdbc.SQLServerDriver</value></property>
<!-- <property name="url"><value>jdbc:sqlserver://192.168.0.58:1433;DatabaseName=CasSso</value></property>-->
<property name="url"><value>jdbc:sqlserver://192.168.0.3:1433;DatabaseName=ZhengZhouSso</value></property>
<property name="username"><value>sa</value></property>
<property name="password"><value>szhweb2010</value></property>

</bean>

<!--Mysql密码加密-->
<bean id="passwordEncoder"
class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
c:encodingAlgorithm="MD5"
p:characterEncoding="UTF-8" />

<!--验证处理-->
<bean id="dbAuthenticationHandler"
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource"></property>
<property name="sql" value="select LoginPassword as password from ssoaccount where LoginAccount=? "></property>
<property name="passwordEncoder" ref="passwordEncoder"></property>
</bean>

<bean id="primaryPrincipalResolver"
class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" >
<property name="attributeRepository" ref="attributeRepository" />
</bean>


<!-- 此处为增加部分 start -->
<bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao" >
<constructor-arg index="0" ref="dataSource"/>
<constructor-arg index="1" value="SELECT * FROM ssoaccount WHERE {0}"/>
<property name="queryAttributeMapping">
<map>
<!-- key对应登录信息, vlaue对应数据库字段 -->
<entry key="username" value="LoginAccount"/>
</map>
</property>
<property name="resultAttributeMapping">
<map>
<!-- key对应数据库字段 value对应attribute中的key -->
<entry key="Sex" value="Sex"/>
<entry key="Address" value="Address"/>
</map>
</property>
</bean>
<!-- 此处为增加部分 end -->

<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
p:registeredServices-ref="registeredServicesList" />

<util:list id="registeredServicesList">
<bean class="org.jasig.cas.services.RegexRegisteredService"
p:id="0" p:name="HTTP and IMAP" p:description="Allows HTTP(S) and IMAP(S) protocols"
p:serviceId="^(https?|http?|imaps?)://.*" p:evaluationOrder="10000001"
p:enabled="true" p:allowedToProxy="true" />
</util:list>

<!--日志默认配置到文件-->
<!--
<bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
-->
<bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" />
</beans>

7.WEB-INF下新增文件inspektrThrottledSubmissionContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xmlns:p="http://www.springframework.org/schema/p"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                           http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd">

  <aop:aspectj-autoproxy/>

  <bean id="inspektrThrottle"
        class="org.jasig.cas.web.support.InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter">

    <constructor-arg index="0" ref="auditTrailManager" />
    <constructor-arg index="1" ref="dataSource" />

  </bean>

  <bean id="auditTrailManagementAspect" class="com.github.inspektr.audit.AuditTrailManagementAspect">
    <!-- String applicationCode -->
    <constructor-arg index="0" value="CAS" />

    <!-- PrincipalResolver auditablePrincipalResolver -->
    <constructor-arg index="1" ref="auditablePrincipalResolver" />

    <!-- List<AuditTrailManager> auditTrailManagers -->
    <constructor-arg index="2">
      <list>
        <ref bean="auditTrailManager" />
      </list>
    </constructor-arg>

    <!-- Map<String,AuditActionResolver> auditActionResolverMap -->
    <constructor-arg index="3">
      <map>
        <entry key="AUTHENTICATION_RESOLVER">
          <ref local="authenticationActionResolver" />
        </entry>
        <entry key="CREATE_TICKET_GRANTING_TICKET_RESOLVER">
          <ref local="ticketCreationActionResolver" />
        </entry>
        <entry key="DESTROY_TICKET_GRANTING_TICKET_RESOLVER">
          <bean class="com.github.inspektr.audit.spi.support.DefaultAuditActionResolver" />
        </entry>
        <entry key="GRANT_SERVICE_TICKET_RESOLVER">
          <ref local="ticketCreationActionResolver" />
        </entry>
        <entry key="GRANT_PROXY_GRANTING_TICKET_RESOLVER">
          <ref local="ticketCreationActionResolver" />
        </entry>
        <entry key="VALIDATE_SERVICE_TICKET_RESOLVER">
          <ref local="ticketValidationActionResolver" />
        </entry>
        <entry key="DELETE_SERVICE_ACTION_RESOLVER">
          <ref local="deleteServiceActionResolver" />
        </entry>
        <entry key="SAVE_SERVICE_ACTION_RESOLVER">
          <ref local="saveServiceActionResolver" />
        </entry>
      </map>
    </constructor-arg>

    <!-- Map<String,AuditResourceResolver> auditResourceResolverMap -->
    <constructor-arg index="4">
      <map>
        <entry key="AUTHENTICATION_RESOURCE_RESOLVER">
          <bean class="org.jasig.cas.audit.spi.CredentialsAsFirstParameterResourceResolver" />
        </entry>
        <entry key="CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER">
          <ref local="returnValueResourceResolver" />
        </entry>
        <entry key="DESTROY_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER">
          <ref local="ticketResourceResolver" />
        </entry>
        <entry key="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER">
          <bean class="org.jasig.cas.audit.spi.ServiceResourceResolver" />
        </entry>
        <entry key="GRANT_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER">
          <ref local="returnValueResourceResolver" />
        </entry>
        <entry key="VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER">
          <ref local="ticketResourceResolver" />
        </entry>
        <entry key="DELETE_SERVICE_RESOURCE_RESOLVER">
          <ref local="deleteServiceResourceResolver" />
        </entry>
        <entry key="SAVE_SERVICE_RESOURCE_RESOLVER">
          <ref local="saveServiceResourceResolver" />
        </entry>
      </map>
    </constructor-arg>
  </bean>

  <bean id="saveServiceResourceResolver" class="com.github.inspektr.audit.spi.support.ParametersAsStringResourceResolver" />

  <bean id="deleteServiceResourceResolver" class="org.jasig.cas.audit.spi.ServiceManagementResourceResolver" />

  <bean id="saveServiceActionResolver" class="com.github.inspektr.audit.spi.support.DefaultAuditActionResolver">
    <constructor-arg index="0" value="_SUCCEEDED" />
    <constructor-arg index="1" value="_FAILED" />
  </bean>

  <bean id="deleteServiceActionResolver" class="com.github.inspektr.audit.spi.support.ObjectCreationAuditActionResolver">
    <constructor-arg index="0" value="_SUCCEEDED" />
    <constructor-arg index="1" value="_FAILED" />
  </bean>

  <bean id="auditablePrincipalResolver" class="org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver">
    <constructor-arg index="0" ref="ticketRegistry" />
  </bean>

  <bean id="authenticationActionResolver"
        class="com.github.inspektr.audit.spi.support.DefaultAuditActionResolver">
    <!-- String successSuffix -->
    <constructor-arg index="0" value="_SUCCESS" />

    <!-- String failureSuffix -->
    <constructor-arg index="1" value="_FAILED" />
  </bean>

  <bean id="ticketCreationActionResolver"
        class="com.github.inspektr.audit.spi.support.DefaultAuditActionResolver">
    <!-- String successSuffix -->
    <constructor-arg index="0" value="_CREATED" />

    <!-- String failureSuffix -->
    <constructor-arg index="1" value="_NOT_CREATED" />
  </bean>

  <bean id="ticketValidationActionResolver"
        class="com.github.inspektr.audit.spi.support.DefaultAuditActionResolver">
    <!-- String successSuffix -->
    <constructor-arg index="0" value="D" />

    <!-- String failureSuffix -->
    <constructor-arg index="1" value="_FAILED" />
  </bean>

  <bean id="returnValueResourceResolver"
        class="com.github.inspektr.audit.spi.support.ReturnValueAsStringResourceResolver" />

  <bean id="ticketResourceResolver"
        class="org.jasig.cas.audit.spi.TicketAsFirstParameterResourceResolver" />

  <!--日志配置到数据库-->
  <bean id="auditTrailManager" class="com.github.inspektr.audit.support.JdbcAuditTrailManager">
    <constructor-arg index="0" ref="inspektrTransactionTemplate" />
    <property name="dataSource" ref="dataSource" />
  </bean>

  <bean id="inspektrTransactionManager"
        class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
        p:dataSource-ref="dataSource"
      />

  <bean id="inspektrTransactionTemplate"
        class="org.springframework.transaction.support.TransactionTemplate"
        p:transactionManager-ref="inspektrTransactionManager"
        p:isolationLevelName="ISOLATION_READ_COMMITTED"
        p:propagationBehaviorName="PROPAGATION_REQUIRED"
      />
</beans>

8.View页面,Css,Js等文件参考原默认文件拷贝进行修改,拷贝出来的文件夹或者文件名,参照前面cas.properties配置

9.添加Jar包

cas-server-support-jdbc-4.0.0.jar

hibernate-entitymanager-4.1.4.Final.jar

mysql-connector-java-5.1.40-bin.jar

sqljdbc4.jar

上述JAR包添加至WEB-INF/lib/目录下面

10.部分数据表脚本

/****** Object:  Table [dbo].[com_audit_trail]    Script Date: 04/10/2017 13:19:17 ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO

CREATE TABLE [dbo].[com_audit_trail](
	[Id] [int] IDENTITY(1,1) NOT NULL,
	[AUD_USER] [nvarchar](100) NULL,
	[AUD_CLIENT_IP] [nvarchar](15) NULL,
	[AUD_SERVER_IP] [nvarchar](15) NULL,
	[AUD_RESOURCE] [nvarchar](100) NULL,
	[AUD_ACTION] [nvarchar](100) NULL,
	[APPLIC_CD] [nvarchar](15) NULL,
	[AUD_DATE] [datetime] NULL
) ON [PRIMARY]

GO

注意:用户表返回的密码字段,经SQL查询后,返回的必须是password,比如:select LoginPassword as password from ssoaccount where LoginAccount=? ,本SQL脚本会随着数据库不同而不同

11.登录成功,票据验证返回其他信息

配置文件修改

 <!-- 此处为增加部分 start -->  
    <bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao" >  
        <constructor-arg index="0" ref="dataSource"/>  
        <constructor-arg index="1" value="SELECT * FROM ssoaccount WHERE {0}"/>  
        <property name="queryAttributeMapping">  
            <map>  
                <!-- key对应登录信息, vlaue对应数据库字段 -->  
                <entry key="username" value="LoginAccount"/>  
            </map>  
        </property>  
        <property name="resultAttributeMapping">  
            <map>  
                <!-- key对应数据库字段  value对应attribute中的key -->  
                <entry key="Sex" value="Sex"/>  
                <entry key="Address" value="Address"/>  
            </map>  
        </property>  
    </bean>  
    <!-- 此处为增加部分 end --> 

修正casServiceValidationSuccess.jsp文件修正:

<%@ page session="false" contentType="application/xml; charset=UTF-8" %>
<%@ page import="java.util.Map.Entry" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
    <cas:authenticationSuccess>
        <cas:user>${fn:escapeXml(assertion.primaryAuthentication.principal.id)}</cas:user>
        <c:if test="${not empty pgtIou}">
            <cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket>
        </c:if>
        <c:if test="${fn:length(assertion.chainedAuthentications) > 1}">
            <cas:proxies>
                <c:forEach var="proxy" items="${assertion.chainedAuthentications}" varStatus="loopStatus" begin="0"
                           end="${fn:length(assertion.chainedAuthentications)-2}" step="1">
                    <cas:proxy>${fn:escapeXml(proxy.principal.id)}</cas:proxy>
                </c:forEach>
            </cas:proxies>
        </c:if>

        <c:if test="${fn:length(assertion.primaryAuthentication.principal.attributes) > 0}">
            <cas:attributes>
                <c:forEach var="attr"
                           items="${assertion.primaryAuthentication.principal.attributes}"
                           varStatus="loopStatus" begin="0"
                           end="${fn:length(assertion.primaryAuthentication.principal.attributes)}"
                           step="1">
                   	<%-- ${attr.value['class'].simpleName} fails for List: use scriptlet instead --%>
                   	<%
                   	    Entry entry = (Entry) pageContext.getAttribute("attr");
                   	    Object value = entry.getValue();
                   	    pageContext.setAttribute("isAString", value instanceof String);
                   	%>
                    <c:choose>
                        <%-- it's a String, output it once --%>
                        <c:when test="${isAString}">
                            <cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
                        </c:when>
                        <%-- if attribute is multi-valued, list each value under the same attribute name --%>
                        <c:otherwise>
                            <c:forEach var="attrval" items="${attr.value}">
                                <cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attrval)}</cas:${fn:escapeXml(attr.key)}>
                            </c:forEach>
                        </c:otherwise>
                    </c:choose>
                </c:forEach>
            </cas:attributes>
        </c:if>

    </cas:authenticationSuccess>
</cas:serviceResponse>

 

至此:Cas的主要的配置基本完成

 

posted @ 2017-04-10 13:36  李文学  阅读(930)  评论(0编辑  收藏  举报