`
cjc
  • 浏览: 683298 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

openjweb平台配置cas server单点登录

阅读更多

web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.4"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>openjweb</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/classes/applicationContext-security-cas.xml
/WEB-INF/classes/core-service-demo.xml
/WEB-INF/classes/system-config.xml
/WEB-INF/classes/CasContext.xml
</param-value>
</context-param>

<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/classes/log4j.properties</param-value>
</context-param>

<filter>
<filter-name>Character Encoding</filter-name>
<filter-class>org.openjweb.core.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>ignore</param-name>
<param-value>false</param-value>
<!-- <param-value>true</param-value> -->
</init-param>
</filter>

<filter>
<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.FilterDispatcher
</filter-class>
</filter>

<!--
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>

<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://casserver.haoyisheng.com:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>renew</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>gateway</param-name>
<param-value>false</param-value>
</init-param>

<init-param>
<param-name>serverName</param-name>
<param-value>http://bzwang.haoyisheng.com:8088</param-value>
</init-param>
</filter>


<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>cas.validationfilter</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/comm/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/comm/*</url-pattern>
</filter-mapping>

-->

<filter-mapping>
<filter-name>Character Encoding</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>


<filter-mapping>
<filter-name>Character Encoding</filter-name>
<url-pattern>*.action</url-pattern>
</filter-mapping>


<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>


<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>




<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>

<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>

<listener>
<listener-class>
org.springframework.security.ui.session.HttpSessionEventPublisher
</listener-class>
</listener>

<listener>
<listener-class>
org.springframework.web.util.Log4jConfigListener
</listener-class>
</listener>

<servlet>
<servlet-name>action</servlet-name>
<servlet-class>
org.apache.struts.action.ActionServlet
</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>3</param-value>
</init-param>
<init-param>
<param-name>detail</param-name>
<param-value>3</param-value>
</init-param>
<load-on-startup>0</load-on-startup>
</servlet> <!--DWR -->

<servlet>
<servlet-name>dwr-invoker</servlet-name>
<servlet-class> org.directwebremoting.servlet.DwrServlet </servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>3</load-on-startup>
</servlet>

<!--fckeditor servlet-->
<servlet>
<servlet-name>Connector</servlet-name>
<servlet-class>com.fredck.FCKeditor.connector.ConnectorServlet</servlet-class>
<init-param>
<param-name>baseDir</param-name>
<param-value>/resupload/</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet>
<servlet-name>SimpleUploader</servlet-name>
<servlet-class>com.fredck.FCKeditor.uploader.SimpleUploaderServlet</servlet-class>
<init-param>
<param-name>baseDir</param-name>
<param-value>/resupload/</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>enabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>AllowedExtensionsFile</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>DeniedExtensionsFile</param-name>
<param-value>php|php3|php5|phtml|asp|aspx|ascx|jsp|cfm|cfc|pl|bat|exe|dll|reg|cgi</param-value>
</init-param>
<init-param>
<param-name>AllowedExtensionsImage</param-name>
<param-value>jpg|gif|jpeg|png|bmp</param-value>
</init-param>
<init-param>
<param-name>DeniedExtensionsImage</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>AllowedExtensionsFlash</param-name>
<param-value>swf|fla</param-value>
</init-param>
<init-param>
<param-name>DeniedExtensionsFlash</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>

<!--
<servlet>
<servlet-name>easyjf</servlet-name>
<servlet-class>com.easyjf.web.ActionServlet</servlet-class>
</servlet>

<servlet>
<servlet-name>test</servlet-name>
<servlet-class>com.easyjf.action.CommAction</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>easyjf</servlet-name>
<url-pattern>*.ejf</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>test</servlet-name>
<url-pattern>/testServlet</url-pattern>
</servlet-mapping>

-->

<!--
<servlet>
<servlet-name>DisplayChart </servlet-name>
<servlet-class>
org.jfree.chart.servlet.DisplayChart
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>DisplayChart </servlet-name>
<url-pattern>/temp </url-pattern>
</servlet-mapping>
-->
<servlet-mapping>
<servlet-name>dwr-invoker</servlet-name>
<url-pattern>/dwr/*</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>

<session-config>
<session-timeout>30</session-timeout>
</session-config>

<welcome-file-list>
<welcome-file>/secure/redirect.jsp</welcome-file>
</welcome-file-list>
<jsp-config>
<taglib>
<taglib-uri>
http://www.springframework.org/security/tags
</taglib-uri>
<taglib-location>/WEB-INF/security.tld</taglib-location>
</taglib>

<taglib>
<taglib-uri>/WEB-INF/struts-bean.tld</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-bean.tld</taglib-location>
</taglib>

<taglib>
<taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-html.tld</taglib-location>
</taglib>

<taglib>
<taglib-uri>/WEB-INF/struts-logic.tld</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-logic.tld</taglib-location>
</taglib>

<taglib>
<taglib-uri>/WEB-INF/struts-nested.tld</taglib-uri>
<taglib-location>
/WEB-INF/tld/struts-nested.tld
</taglib-location>
</taglib>

<taglib>
<taglib-uri>/WEB-INF/struts-tiles.tld</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-tiles.tld</taglib-location>
</taglib>


</jsp-config>


</web-app>

applicationContext-security-cas.xml:

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">

<sec:http entry-point-ref="casProcessingFilterEntryPoint">
<sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR" requires-channel="https"/>
<sec:intercept-url pattern="/secure/**" access="ROLE_USER" />
<sec:logout logout-success-url="/apps/index.jsp"/>
</sec:http>

<sec:authentication-manager alias="authenticationManager"/>

<bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">
<sec:custom-filter after="CAS_PROCESSING_FILTER"/>
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureUrl" value="/casfailed.jsp"/>
<property name="defaultTargetUrl" value="/apps/index.jsp" />
<property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
<property name="proxyReceptorUrl" value="/secure/receptor" />

</bean>

<bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">
<property name="loginUrl" value="https://crm.lucene.cn:8443/cas/login"/>
<property name="serviceProperties" ref="serviceProperties"/>
</bean>

<bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
<sec:custom-authentication-provider />
<property name="userDetailsService" ref="userDetailsService"/>
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="https://crm.lucene.cn:8443/cas" />
<property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
<property name="proxyCallbackUrl" value="https://crm.lucene.cn:8443/crm/secure/receptor" />

</bean>
</property>
<property name="key" value="an_id_for_this_auth_provider_only"/>
</bean>

<bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />

<bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
<property name="service" value="https://crm.lucene.cn:8443/crm/j_spring_cas_security_check"/>
<property name="sendRenew" value="false"/>
</bean>

<bean id="daoAuthenticationProvider"
class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService" />
<property name="userCache" ref="userCache" />
<property name="passwordEncoder" ref="passwordEncoder" />
</bean>
<bean id="passwordEncoder"
class="org.springframework.security.providers.encoding.Md5PasswordEncoder" />
<bean id="userDetailsService"
class="org.openjweb.core.springsecurity.UserDetailsServiceImpl">
<constructor-arg>
<ref bean="IBaseDao3" />
</constructor-arg>
</bean>

<bean id="userCache"
class="org.springframework.security.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache" ref="userCacheBacked" />
</bean>

<bean id="userCacheBacked"
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager" ref="cacheManager" />
<property name="cacheName" value="userCache" />
</bean>

<bean id="cacheManager"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
<property name="configLocation"
value="classpath:ehcache-security.xml" />
</bean>
<bean id="filterSecurityInterceptor"
class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<sec:custom-filter before="FILTER_SECURITY_INTERCEPTOR" />
<property name="authenticationManager"
ref="authenticationManager" />
<property name="accessDecisionManager"
ref="accessDecisionManager" />
<property name="alwaysReauthenticate" value="true" />
<property name="objectDefinitionSource"
ref="databaseFilterInvocationDefinitionSource" />
</bean>
<bean id="accessDecisionManager"
class="org.springframework.security.vote.AffirmativeBased">
<property name="decisionVoters">
<list>
<bean
class="org.springframework.security.vote.RoleVoter">
<property name="rolePrefix" value="" />
</bean>
</list>
</property>
</bean>
<bean id="databaseFilterInvocationDefinitionSource"
class="org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource">
<constructor-arg
type="org.springframework.security.util.UrlMatcher"
ref="antUrlPathMatcher" />
<constructor-arg type="java.util.LinkedHashMap" ref="requestMap" />
</bean>

<bean id="antUrlPathMatcher"
class="org.springframework.security.util.AntUrlPathMatcher" />

<bean id="requestMap"
class="org.openjweb.core.springsecurity.RequestMapFactoryBean"
init-method="init">

</bean>

</beans>

分享到:
评论

相关推荐

    单点登录服务端项目cas-server

    单点登录服务端项目cas-server单点登录服务端项目cas-server 单点登录服务端项目cas-server 单点登录服务端项目cas-server 单点登录服务端项目cas-server 单点登录服务端项目cas-server 单点登录服务端项目cas-...

    耶鲁CasServer单点登录教程

    【耶鲁CasServer单点登录教程】 一、Yale CAS简介 Yale Central Authentication Service (CAS) 是一个开源的身份验证框架,由耶鲁大学开发,主要用于实现单点登录(Single Sign-On, SSO)。SSO允许用户在一个系统上...

    CAS多数据库配置单点登录

    三、CAS单点登录配置 为了实现单点登录,需要在CAS服务器端进行相应的配置。下面将详细介绍CAS服务器端配置的步骤: 1. 配置CAS服务器端 在CAS服务器端,需要配置单点登录的服务端口、服务器名称和认证方式等。 ...

    基于Cas的单点登录实现

    **基于Cas的单点登录实现** 单点登录(Single Sign-On,简称SSO)是一种在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统的技术。它为用户提供了一种方便、高效的访问多系统的方式,同时减少...

    CAS5.3+windows AD域实现单点登录免身份认证.docx

    CAS 5.3 及 Windows AD 域实现单点登录免身份认证 CAS(Central Authentication Service)是一种流行的开源身份验证系统,旨在提供单点登录(SSO)解决方案。Windows AD(Active Directory)则是微软公司推出的目录...

    cas 单点登录 解决方案.

    cas 单点登录解决方案可以在不同的层面上进行集成,例如在数据存储层面上的“数据大集中”,在传输层面上的“通用数据交换平台”,在应用层面上的“业务流程整合”,和用户界面上的“通用企业门户”等等。cas 单点...

    cas单点登录

    单点登录(Single Sign-On,简称SSO)是一种网络身份验证机制,允许用户在一个系统上登录后,无需再次输入...通过理解和实践CAS Server的配置以及客户端的集成,开发者可以有效地在自己的应用环境中实现单点登录功能。

    集成cas实现单点登录认证.zip

    在IT行业中,单点登录...总的来说,"集成cas实现单点登录认证.zip"提供的资源将指导你完成整个SSO集成过程,从安装CAS服务器到配置若依应用,再到解决可能遇到的问题,帮助你构建一个安全、便捷的单点登录环境。

    CAS单点登录配置

    配置CAS单点登录主要涉及以下几个步骤: 1. **安装CAS服务器**:首先,你需要下载并安装CAS服务器,通常选择最新稳定版本。这包括设置Java环境,获取CAS服务器的WAR文件,并将其部署到Servlet容器(如Tomcat)中。 ...

    cas实现单点登录 功能

    CAS(Central Authentication Service)是 Yale 大学开源的一个基于 Java 的单点登录系统,它提供了一种安全、便捷的身份验证机制。本文档将深入探讨如何使用 CAS 实现 Java 应用中的单点登录功能。 一、CAS 概述 ...

    cas单点登录server端代码

    CAS(Central Authentication Service)是基于Java的开源身份验证框架,主要功能是实现单点登录(Single Sign-On,简称SSO)。SSO允许用户通过一次登录,就能访问多个应用系统,无需再次输入凭证,大大提升了用户...

    CAS单点登录demo

    在本“CAS单点登录demo”中,我们将深入探讨CAS的工作原理、配置步骤以及如何实现客户端与服务器端的交互。 1. CAS工作原理: CAS的核心思想是集中式的身份验证,用户只需在一个地方进行登录,之后访问其他已经...

    用cas实现mantis单点登录和登出

    2. **配置 CAS 客户端**:Mantis 需要集成 CAS 客户端库来实现单点登录。本文档采用的是 PHP 版本的 CAS 客户端。 ##### 第二步:Mantis 程序修改 1. **添加 CAS 客户端文件夹**: - 在 Mantis 根目录下新建一个...

    开源ITSM工具itop接入单点登录框架cas实现步骤.docx

    "itop接入CAS单点登录框架实现步骤" 本文将详细介绍开源ITSM工具iTop接入开源单点登录框架CAS的实现方法。该方法经过实践验证,已经在作者的单位中应用。 CAS框架简介 CAS(Central Authentication Service)是一...

    CAS单点登录配置大全

    **CAS单点登录配置大全** CAS(Central Authentication Service,中央认证服务)是一种广泛使用的开源单点登录(Single Sign-On,SSO)协议。它允许用户通过一个统一的认证系统访问多个应用系统,而无需在每个系统...

    禅道开源版集成CAS单点登录

    本文在已有的禅道集成CAS单点登录的客户端插件基础上进行的修改,因原有插件在我们的系统上调试无法成功,做了一些定制,环境如下: 1. CAS server 版本:4.0.0 2. 禅道开源版本: 9.6.3 3. 禅道CAS client 插件版本...

    cas3.5.2单点登录文档详细配置

    通过以上详细步骤,你可以成功配置并实现基于CAS的SSO单点登录系统。在配置过程中,可能会遇到各种问题,如网络连接、证书验证、配置错误等,解决这些问题后,即可享受到SSO带来的便捷性。如果有任何疑问,可以查阅...

    简单配置基于CAS的单点登录

    标题中的“简单配置基于CAS的单点登录”指的是在IT领域中实现的一种身份验证方法,称为Central Authentication Service(中央认证服务)的单点登录(Single Sign-On, SSO)。CAS是一种开源项目,它允许用户通过单一...

Global site tag (gtag.js) - Google Analytics