- 浏览: 325682 次
- 性别:
- 来自: 上海
文章分类
- 全部博客 (101)
- Oracle (7)
- Java (15)
- Hibernate (3)
- Struts2 (6)
- Linux (8)
- MySql (9)
- Ajax (4)
- Spring (4)
- Eclipse (5)
- Window (2)
- 架构 (1)
- JSP (2)
- 软件工程 (1)
- CSS (1)
- Tomcat (3)
- mysql 5 中文参考手册 (1)
- FreeMarker (1)
- Redis (3)
- cas (7)
- jquery (1)
- Maven (5)
- 测试 (1)
- GWT (3)
- 资料收集 (1)
- dis (0)
- Powerdesigner (1)
- JavaScript (1)
- log4j (1)
- rabbitmq (0)
最新评论
-
sdyjmc:
好人啊,内牛满面啊~~
Maven打包,并获取依赖的jar包&&设置main方法启动 -
wangxiang243:
不错很实用!
Maven打包,并获取依赖的jar包&&设置main方法启动 -
啦啦123:
...
java字符串格式化:String.format()方法的使用 -
plandu:
不错,我有个问题,怎么通过sigar获取CPU序列号、硬盘卷标 ...
java如何实现系统监控、系统信息收集、sigar开源API的学习(转) -
记录成长:
你用什么软件画的流程图呀?
让CAS支持客户端自定义登陆页面——原理篇
- 前言:
CAS v2 定制自己的验证逻辑,大家已经很清楚了.[官方提供的sample只简单校验username,password是否相等].开发者可以通过实现PasswordHandler接口来使用其它的认证方式,如数据库用户的用户名和密码匹配认证,数字签名的验证,操作系统用户认证,以及LDAP用户认证等模式。比如:
<context-param> <param-name>edu.yale.its.tp.cas.authHandler</param-name> <param-value> edu.yale.its.tp.cas.auth.provider.KerberosAuthHandler </param-value> </context-param>
- 改变:
Yale CAS3代码全部重构,功能增强,且使用了Spring和SpringWebFlow[相关知识参见Spring论坛].
- 涉及点分析:
deployerConfigContext.xml是描述部署细节的,他通过web.xml如下描述而加载
<context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/applicationContext.xml, /WEB-INF/mydeployerConfigContext.xml </param-value> </context-param>
contextConfigLocation属性名在Spring MVC体系中,会自动获取.
----------------------------
deployerConfigContext.xml文件是所有CAS deployer应该关心的东西,在这里,你可以对CAS的三个核心玩意进行自己的定制:
1.AuthenticationManager
<!--
| This bean declares our AuthenticationManager. The CentralAuthenticationService service bean
| declared in applicationContext.xml picks up this AuthenticationManager by reference to its id,
| "authenticationManager". Most deployers will be able to use the default AuthenticationManager
| implementation and so do not need to change the class of this bean. We include the whole
| AuthenticationManager here in the userConfigContext.xml so that you can see the things you will
| need to change in context.
+-->
2.credentialsToPrincipalResolvers
<!--
| UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login
| by default and produces SimplePrincipal instances conveying the username from the credentials.
|
| If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also
| need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the
| Credentials you are using.
+-->
3.authenticationHandlers
这个authenticationHandler可是所有CAS用户都需要修改的地方
1.AuthenticationManager
<!--
| This bean declares our AuthenticationManager. The CentralAuthenticationService service bean
| declared in applicationContext.xml picks up this AuthenticationManager by reference to its id,
| "authenticationManager". Most deployers will be able to use the default AuthenticationManager
| implementation and so do not need to change the class of this bean. We include the whole
| AuthenticationManager here in the userConfigContext.xml so that you can see the things you will
| need to change in context.
+-->
2.credentialsToPrincipalResolvers
<!--
| UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login
| by default and produces SimplePrincipal instances conveying the username from the credentials.
|
| If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also
| need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the
| Credentials you are using.
+-->
3.authenticationHandlers
这个authenticationHandler可是所有CAS用户都需要修改的地方
<!--
| This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS
| into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
| where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your
| local authentication strategy. You might accomplish this by coding a new such handler and declaring
| edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
+-->
- 实现:
思路:没撒子说的,就是实现自己的Hadnle.为了避免重新编译cas代码,使用ant部署自己的jar到目标的lib中,并替换web.xml以及引进自己的配置文件mydeployerConfigContext.xml
步骤:
A:在应用服务器中配置DS[略]
B:修改web.xml
<context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/applicationContext.xml, /WEB-INF/mydeployerConfigContext.xml </param-value> </context-param>
C:web.xml加入DS引用
<resource-ref>
<description> Resource reference to a factory for java.sql.Connection instances that may be used for talking to a particular database that is configured in the server.xml file. </description> <res-ref-name> jdbc/EmployeeDB </res-ref-name> <res-type> javax.sql.DataSource </res-type> <res-auth> Container </res-auth> </resource-ref>
D:添加mydeployerConfigContext.xml
内容如下:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> <beans> <!-- | This bean declares our AuthenticationManager. The CentralAuthenticationService service bean | declared in applicationContext.xml picks up this AuthenticationManager by reference to its id, | "authenticationManager". Most deployers will be able to use the default AuthenticationManager | implementation and so do not need to change the class of this bean. We include the whole | AuthenticationManager here in the userConfigContext.xml so that you can see the things you will | need to change in context. +--> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <!-- | This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate. | The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which | supports the presented credentials. | | AuthenticationManagerImpl uses these resolvers for two purposes. First, it uses them to identify the Principal | attempting to authenticate to CAS /login . In the default configuration, it is the DefaultCredentialsToPrincipalResolver | that fills this role. If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are | using. | | Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket. | In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose. | You will need to change this list if you are identifying services by something more or other than their callback URL. +--> <property name="credentialsToPrincipalResolvers"> <list> <!-- | UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login | by default and produces SimplePrincipal instances conveying the username from the credentials. | | If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also | need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the | Credentials you are using. +--> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> <!-- | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials. It supports the CAS 2.0 approach of | authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a | SimpleService identified by that callback URL. | | If you are representing services by something more or other than an HTTPS URL whereat they are able to | receive a proxy callback, you will need to change this bean declaration (or add additional declarations). +--> <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> </list> </property> <!-- | Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate, | AuthenticationHandlers actually authenticate credentials. Here we declare the AuthenticationHandlers that | authenticate the Principals that the CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn | until it finds one that both supports the Credentials presented and succeeds in authenticating. +--> <property name="authenticationHandlers"> <list> <!-- | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating | a server side SSL certificate. +--> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" /> <bean class="cn.com.tiansky.cas.authenticationHandlers.DsHandlers" /> </list> </property> </bean> </beans>
E:编写DsHandlers
package cn.com.tiansky.cas.authenticationHandlers; import java.sql.Connection; import java.sql.ResultSet; import java.sql.Statement; import javax.naming.Context; import javax.naming.InitialContext; import javax.sql.DataSource; import org.apache.log4j.Logger; import org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler; import org.jasig.cas.authentication.principal.UsernamePasswordCredentials; import cn.com.tiansky.tool.MD5; /** * 支援CAS3,。实现自己的Handler(未自定义credentials,如因业务需要而修改,则需要同时 * 修改LoginFormAction和定义自己的credentialsToPrincipalResolvers)\ * ,你的需求也许包括了需要通过检索数据库来比配credential中的username和password, * 也可能不是数据库,而是LDAP什么的,总之你得开始制作自己的handler了! * credential的种类是很多的,有的基于用户名和密码,有的基于http请求, * 如果你有你自己的credential的话,就得为它制作有一个handler, * 来告诉CAS如何处理这种特有的credential。 * @author tiansky * @version 1.0 * */ public final class DsHandlers extends AbstractUsernamePasswordAuthenticationHandler{ /** * Logger log:log4j日志 */ private Logger log=Logger.getLogger(AbstractUsernamePasswordAuthenticationHandler.class); /** * 相关的数据库配置DS对应的jndi */ private String _jndi="jdbc/EmployeeDB"; /* (non-Javadoc) * @see org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler#authenticateUsernamePasswordInternal(org.jasig.cas.authentication.principal.UsernamePasswordCredentials) */ public boolean authenticateUsernamePasswordInternal( final UsernamePasswordCredentials credentials) { String username = credentials.getUsername(); String password = credentials.getPassword(); log.info("username:"+username); log.info("password:"+password); try { password = MD5.encrypt(password); log.debug("md5password" + password); } catch (Exception e) { log.warn("MD5加密出错", e); //throw new Exception("MD5加密出错"); return false; } /* if (StringUtils.hasText(username) && StringUtils.hasText(password) && username.equals(getPasswordEncoder().encode(password))) { getLog().debug( "User [" + username + "] was successfully authenticated."); return true; } */ try { if(checkuser(username,password)==1) { getLog().info("认证成功!"); return true; } } catch(Exception e) { getLog().error("User [" + username + "] failed authentication",e); } return false; } private int checkuser(String user, String pwd) throws Exception { int rei = 0; // Obtain our environment naming context log.debug("Obtain our environment naming context"); Context initCtx = new InitialContext(); Context envCtx = (Context) initCtx.lookup("java:comp/env"); // Look up our data source DataSource ds = (DataSource) envCtx.lookup(this._jndi); log.debug("获取ds成功!"); // Allocate and use a connection from the pool Connection conn = ds.getConnection(); log.debug("获取conn成功!"); // ... use this connection to access the database ... String sql = "select OPERATORID from operator where OPERATORLOGINNAME='" + user + "' and OPERATORPASSWORD='" + pwd + "' "; log.info("sql!= "+sql); Statement st = conn.createStatement(); ResultSet rs = st.executeQuery(sql); if (rs.next()) { //String oid = rs.getString("OPERATORID"); /* _op = new Operator(oid); _op.setName("操作员"); _op.setLoginname(user); _op.setPwd(pwd); */ rei = 1; } else { System.out.println("帐号不存在或密码错误!"); } conn.close(); return rei; } /* (non-Javadoc) * @see org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler#afterPropertiesSetInternal() */ protected void afterPropertiesSetInternal() throws Exception { super.afterPropertiesSetInternal(); getLog() .warn( this.getClass().getName() + " is only to be used in a production environment."); } }
F:ant 发布
G:运行调试
附录:ANT脚本
<?xml version="1.0" encoding="gb2312"?> <project name="casself" default="release" basedir="." > <property name="deployment.dir" value="C:/Program Files/Apache Software Foundation/Tomcat 5.5/webapps/cas/WEB-INF"/> <!--<property name="deployment.dir" value="C:/casself"/--> <target name="clean"> <echo message="开始清除历史版本"/> <delete> <fileset dir="."> <include name="casself.jar"/> </fileset> <fileset dir="${deployment.dir}"> <include name="web.xml"/> <include name="mydeployerConfigContext.xml"/> <include name="log4j.properties"/> </fileset> </delete> </target> <target name="compile"> <echo message="开始编译"/> <javac srcdir="." /> </target> <target name="jar" depends="compile"> <echo message="开始打包"/> <jar destfile="casself.jar" basedir="." includes="**/*.class" /> </target> <target name="copy"> <echo message="部署配置文件"/> <copy todir="${deployment.dir}"> <fileset dir="./xml"> <!--exclude name="**/doc/**"/--> </fileset> <fileset dir="."> <include name="log4j.properties"/> </fileset> </copy> <echo message="部署jar文件"/> <copy todir="${deployment.dir}/lib"> <fileset dir="."> <include name="casself.jar"/> </fileset> </copy> </target> <target name="release" depends="jar,copy"> <echo message="release success!~"/> </target> <target name="run" depends="jar"> <java classname="hello" classpath="hello.jar" fork="true" /> </target> </project>
发表评论
-
让CAS退出后返回指定的页面
2011-09-27 09:37 2250CAS退出默认是转向CAS内置的退出页面,在实际应用中需要跳转 ... -
让CAS支持HTTP协议认证
2011-09-27 09:29 2310CAS默认使用HTTPS认证,在登录时使用HTTP方式也可以, ... -
CAS支持客户端自定义登陆页面——客户端篇
2011-09-25 00:49 1671让CAS支持客户端自定 ... -
让CAS支持客户端自定义登陆页面——实战(转)
2011-09-25 00:24 1374上篇《让CAS支持客户 ... -
让CAS支持客户端自定义登陆页面——原理篇
2011-09-25 00:10 1985最近忙死了,很久都 ... -
cas单点登录介绍
2011-09-24 20:49 15211. 单点登录概述 所谓单点登录(SSO),只 ...
相关推荐
- CAS3.0是开源项目,开发者可以查看源代码,理解其内部工作原理,进行定制化开发。 - 源码可以帮助我们了解CAS的认证流程、票据管理、服务验证等核心模块。 6. **集成工具**: - CAS3.0提供了多种客户端库,...
CAS(Central Authentication Service)是一种基于Web的单一登录(Single Sign-On, SSO)协议,用于在网络上验证用户身份。"cas-server-client-java-3.0.0.zip" 是一个包含CAS服务器端和客户端Java实现的压缩包,...
CAS支持多种协议版本,如CAS 1.0、CAS 2.0、CAS 3.0以及SAML等。 5. **可扩展性**:CAS服务器支持自定义认证和授权策略,可以集成各种身份验证源,如LDAP、Active Directory、数据库等,满足不同环境的需求。 6. *...
- 协议实现:CAS使用HTTP和HTTPS进行通信,主要依赖于TCP/TLS协议,包括CAS协议的三种主要版本:CAS 1.0、CAS 2.0和CAS 3.0。 4. **安全性与优势**: 使用CAS的好处在于,用户只需登录一次即可访问所有已集成的...
4. **协议支持**:CAS支持多种协议,如CAS 1.0、CAS 2.0、CAS 3.0以及SAML等,这些协议允许与不同类型的客户端和服务进行交互。 5. **可扩展性**:CAS服务器的设计允许开发者添加自定义认证模块,以适应不同的身份...
3. CAS协议:CAS支持多种协议版本,如CAS 1.0、CAS 2.0、CAS 3.0、CAS 4.0以及最新的CAS 5.0。这些版本在安全性、功能性和可扩展性方面有所提升,例如,CAS 2.0引入了票证验证协议,增强了安全性。 4. 整合应用:...
例如,`定制CAS登录验证.pdf`文档可能详细介绍了如何调整CAS的配置,以支持本地数据库认证、LDAP、Active Directory或者其他外部认证源。此外,还可以自定义登录页面,以适应企业品牌和UI标准。 **CAS协议** CAS...
4. **协议(Protocol)**:CAS使用了多种协议与客户端和服务端进行通信,如CAS 1.0、CAS 2.0、CAS 3.0、CAS v4以及CAS v5等。这些协议定义了如何进行身份验证、Ticket验证以及票证的生成和销毁等。 5. **配置...
`cas-client-core-3.4.1-sources.jar` 包含了CAS客户端的源代码,这对于开发者理解CAS的工作机制、调试问题或进行定制化开发非常有帮助。源码中包含了如`org.jasig.cas.client.util.AssertionThreadLocal`、`org....
6. **自定义与扩展**:CAS的灵活性在于其高度可定制化,允许开发人员根据需求调整认证策略、添加新的认证模块或实现自定义服务验证逻辑。 **部署与配置CAS服务端应用:** 1. **准备环境**:首先,你需要一个Java...
通过这个过程,开发者可以构建一个高度可定制的CAS服务器,实现高效的身份验证和授权管理。在实际操作中,可能还会遇到如调整日志配置、设置数据库连接、自定义服务验证逻辑等任务,这些都是进一步完善CAS Server...
6. **协议支持**:CAS支持多种协议,如CAS 1.0/2.0/3.0,SAML 1.1,OAuth,OpenID Connect等,方便与其他系统集成。 7. **国际化与本地化**:支持多语言环境,可以根据需要配置不同地区的显示文本。 8. **扩展性**:...
在这个"cas-server-4.0.0-release"压缩包中,包含了CAS服务器的源码和war包,这使得开发者可以深入理解其内部工作原理,并根据需求进行定制化开发。 1. CAS基础概念: - **单点登录**:用户只需登录一次,就能访问...
总的来说,这个压缩包对于研究CAS服务端实现、进行定制化开发或者部署CAS服务器来说是非常有价值的资源。通过学习和使用这些源代码,你可以掌握SSO解决方案的关键技术,并了解如何将它们应用到实际的项目中。
通过源码,我们可以了解到CAS如何处理请求,验证过程是如何进行的,以及如何扩展和定制其行为。 工具方面,安装和调试CAS可能需要使用到的工具有Maven或Gradle构建系统、IDE(如IntelliJ IDEA或Eclipse)进行代码...
通过深入研究"cas-client-core-3_asleepb5x_CAS_源码.zip"中的源代码,开发者可以学习到CAS客户端的内部工作原理,改进其功能,或者根据具体需求定制自己的CAS客户端实现。同时,对于理解SSO系统的工作方式,提升...
CAS支持多种协议,如CAS 1.0、2.0、3.0、4.0以及最新的CAS 5.x。这个系统的核心思想是,用户只需要在CAS服务器上验证一次身份,之后就可以在所有与CAS服务器集成的应用中自由地进行无密码登录。 **工作原理** 1. **...
6. **事件处理**:`CasEventListener`接口及其实现类允许监听CAS客户端的特定事件,如票证验证成功或失败,这有助于定制化日志记录和异常处理。 7. **票证缓存**:为了提高性能,`TicketCache`接口定义了缓存机制,...