• cas服务器端deployerConfigContext.xml，需要cas-server-3.1.1-release.zip，即升级到3.1.1版本（因为需要支持SHA密码加密）：

将    

<bean
     class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
改为

       <bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
                            <property name="sql" value="select password from sys_login where login_code=?" />
                            <property name="dataSource" ref="dataSource" />
                <property name="passwordEncoder">
                  <bean class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
                      <constructor-arg value="SHA"/>
                  </bean>
                </property>                           
        </bean>
并新建：

        <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" destroy-method="close">
                <property name="driverClassName"><value>oracle.jdbc.driver.OracleDriver</value></property>
                <property name="url"><value>jdbc:oracle:thin:@localhost:1521:sid</value></property>
                <property name="username"><value>username</value></property>
                <property name="password"><value>password</value></property>
        </bean>

• 客户端acegi的applicationContext-security.xml配置：

    <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
        <property name="providers">
            <list>
                <!--<ref local="daoAuthenticationProvider"/>-->
                <ref local="casAuthenticationProvider"/>
                <ref local="anonymousAuthenticationProvider"/>
                <ref local="rememberMeAuthenticationProvider"/>
            </list>
        </property>
    </bean>

       <bean id="casAuthenticationProvider" class="org.acegisecurity.providers.cas.CasAuthenticationProvider">
              <property name="ticketValidator">
                     <ref bean="ticketValidator"/>
              </property>
              <property name="casProxyDecider">
                     <ref bean="casProxyDecider"/>
              </property>
              <property name="statelessTicketCache">
                     <ref bean="statelessTicketCache"/>
              </property>
              <property name="casAuthoritiesPopulator">
                     <ref bean="casAuthritiesPopulator"/>
              </property>
              <property name="key">
                     <value>some_unique_key</value>
              </property>
       </bean>
    
       <bean id="ticketValidator" class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">
              <property name="casValidate">
                     <value>https://localhost:8443/cas/proxyValidate</value>
              </property>
              <property name="serviceProperties">
                     <ref bean="serviceProperties"/>
              </property>
       </bean>
    
       <bean id="serviceProperties" class="org.acegisecurity.ui.cas.ServiceProperties">
              <property name="service">
                     <value>http://localhost:7001/psmis/j_security_check</value>
              </property>  
       </bean>
    
       <bean id="casProxyDecider" class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets"/>
    
       <bean id="statelessTicketCache" class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache">
              <property name="cache">
                     <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
                            <property name="cacheManager">
                                   <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
                            </property>
                            <property name="cacheName" value="userCache"/>
                     </bean>
              </property>
       </bean>
    
       <bean id="casAuthritiesPopulator" class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator">
              <property name="userDetailsService">
                     <ref bean="userDao"/>
              </property>
       </bean>
    <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint">
                     <property name="loginUrl">
                            <value>https://localhost:8443/cas/login</value>
                     </property>
                     <property name="serviceProperties">
                            <ref bean="serviceProperties"/>
                     </property>
    </bean>

• 客户端web.xml：

 <!-- CAS Filters -->
    <filter>
        <filter-name>CASFilter</filter-name>
        <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
        <init-param>
            <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
            <param-value>https://localhost:8443/cas/login</param-value>
        </init-param><!--这里的server是服务端的IP-->
        <init-param>
            <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
            <param-value>https://liupinghua:8443/cas/proxyValidate</param-value>
        </init-param><!--这里的serName是服务端的主机名，而且必须是-->
        <init-param>
          <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
          <param-value>localhost:7001</param-value><!--client:port就是需要CAS需要拦截的地址和端口，一般就是这个TOMCAT所启动的IP和port-->
        </init-param>
    </filter>

关于服务器的SSL配置可以参考部署yale CAS 服务器定制JDBC 数据库验证。

发表评论

IT瘾于2007年11月21日 下午05时37分23秒发布 #