- 浏览: 188908 次
- 性别:
- 来自: 北京
文章分类
- 全部博客 (153)
- 小技巧 (14)
- spring (3)
- struts2 (20)
- hibernate (0)
- java api (2)
- java se (8)
- jsp/servlet (4)
- oracle (0)
- mysql (1)
- ms sqlserver (1)
- js (30)
- jquery (8)
- ajax (2)
- .net (1)
- 软件 (1)
- j2ee (25)
- 网址收藏 (3)
- web综合 (9)
- web打印控件 (3)
- fckeditor (2)
- Groovy (1)
- PHP (5)
- 项目管理 (1)
- SEO (1)
- PostgreSQL (5)
- CKeditor (1)
- Fusion chart (1)
- 网页播放器 (1)
- 曾遇bug (3)
- java日志 (1)
- linux/Unix/CentOs (5)
- VBA (1)
- C# (0)
- 日期控件 (1)
- tomcat (2)
- cookies (1)
- java7 (1)
- JAVA文件操作 (2)
- hibernate;ehcache (2)
- 缓存 (1)
- dd (0)
- DB (1)
- android (2)
最新评论
-
flyingbin:
沙发,不过从头到尾没怎么看懂~
Windows密码本地破解通用方法 -
jfeimao:
credentialsToPrincipalResolvers ...
CAS(单点登陆)---总结一 -
haige18:
这两张图片引用的是网易的地址,现在资源有可能被删除了,所以就显 ...
Struts2中的Value Stack/Stack Context -
fengzhisha0914:
我的图片也不显示了..为何...
Struts2中的Value Stack/Stack Context -
greatwqs:
java.lang.IllegalStateException ...
java.lang.IllegalStateException:Cannot forward after response has been committed
单点登录(sso)是指基于用户/会话认证的一个过程,用户只需一次性提供凭证(仅一次登录),就可以访问多个应用。
一, 最近一段时间公司进行系统整合,公司决定采用yale cas 单点登录进行整合,在这里对在项目整合中遇到的问题进行总结:
1,到官方上下载CAS2.x服务器改名为ssoAuth
2,以ssoAuth/login为所有系统的登录页,对每个系统进行配置,配置如下:
可查看这篇文章:http://129-cat-163-com.iteye.com/blog/477506
3,在登录之后,遇到一个问题,就是重新刷新又回到登录页(在登录之后会产生一个CASTGC的cookie)
解决:
更改ssoAuth/WebContent/spring-configuration/ticketGrantingTicketCookieGenerator.xml中的 p:cookiePath="/ssoAuth" 和warnCookieGenerator.xml中的p:cookiePath="/ssoAuth" 因为更改了登录名之后,cookie path设置的值没有相应的改变..在验证时获取不到castgc的cookie
4,不跳转到ssoAuth/login下每一个系统都自定义登录页,
可查看这这里面的三篇文章:http://hi.baidu.com/fallenlord/blog/item/ecaa5f263e52cf0b908f9d21.html
5,代理问题
代理可解决的问题:
当一个系统1要去取另一个系统2的数据时,两台不在同一台电脑上,而这两个又被同时都加到单点登录中,这时当你1系统已经登录要去取2系统的数据时,而2系统还没有登录,这时取不到数据??
这时候代理就派上用场.代理票据的产生
http://www.blogjava.net/security/archive/2006/04/26/SSO_CASProxy.html
解决:
可先查看这篇文章http://fallenlord.blogbus.com/logs/57175888.html
再以下详解:
在ssoProxyClient(代理端) ssoProxyBackClient(被代理端) ssoAuth上都要进行配置,
ssoAuth:在整合时发现一个问题,查找源代码,客户端配置正确而不返回代理票据
deployerConfigContext.xml下配置
- 下面的httpClient要添加上去
- <bean
- class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
- p:httpClient-ref="httpClient" p:requireSecure="false" />
下面的httpClient要添加上去 <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" p:requireSecure="false" />
代理端与被代理端都要进行配置(配置较长,不一一介绍)有需要留下联系地址,我发过去...
7,代理性能问题解决:
如以上问题所述,系统2变成了被代理的系统,代理系统1每次要到被代理服务器去取一次票据之后,传到系统2去,这时系统2也要到服务器去取下验证的代理票据,进行比对,,
这样一来,每次都要与服务器通信两次,,,性能耗费很大,在不考虑安全性的前提下,可以对双方进行保存一个票据,这样一来,不管访问多少次,只在服务器通信了两次.
我对以上的代理与被代理系统进行了扩展,,一样)有需要留下联系地址,我发过去...
8,客户端可以返回更多的用户数据,这个有两处要进行配置
以下提供一个较完整的deployerConfigContext.xml的配置,一般有用到都在这里面
<?xml version="1.0" encoding="UTF-8"?>
- <!--
- | deployerConfigContext.xml centralizes into one file some of the
- declarative configuration that | all CAS deployers will need to
- modify. | | This file declares some of the Spring-managed JavaBeans
- that make up a CAS deployment. | The beans declared in this file are
- instantiated at context initialization time by the Spring |
- ContextLoaderListener declared in web.xml. It finds this file because
- this | file is among those declared in the context parameter
- "contextConfigLocation". | | By far the most common change you will
- need to make in this file is to change the last bean | declaration to
- replace the default SimpleTestUsernamePasswordAuthenticationHandler
- with | one implementing your approach for authenticating usernames and
- passwords. +
- -->
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
- <!--
- cas数据源。
- -->
- <bean id="casDataSource" class="org.apache.commons.dbcp.BasicDataSource">
- <property name="driverClassName">
- <value>net.sourceforge.jtds.jdbc.Driver</value>
- </property>
- <property name="url">
- <value>jdbc:jtds:sqlserver://192.168.4.22:3433/db</value>
- </property>
- <property name="username">
- <value>****</value>
- </property>
- <property name="password">
- <value>****</value>
- </property>
- </bean>
- <bean id="passwordEncoder"
- class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
- autowire="byName">
- <constructor-arg value="MD5" />
- </bean>
- <bean id="passwordEncoder2"
- class="org.jasig.cas.authentication.handler.PlainTextPasswordEncoder">
- </bean>
- <!--
- | This bean declares our AuthenticationManager. The
- CentralAuthenticationService service bean | declared in
- applicationContext.xml picks up this AuthenticationManager by
- reference to its id, | "authenticationManager". Most deployers will be
- able to use the default AuthenticationManager | implementation and so
- do not need to change the class of this bean. We include the whole |
- AuthenticationManager here in the userConfigContext.xml so that you
- can see the things you will | need to change in context. +
- -->
- <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl">
- <!--
- | This is the List of CredentialToPrincipalResolvers that identify
- what Principal is trying to authenticate. | The
- AuthenticationManagerImpl considers them in order, finding a
- CredentialToPrincipalResolver which | supports the presented
- credentials. | | AuthenticationManagerImpl uses these resolvers for
- two purposes. First, it uses them to identify the Principal |
- attempting to authenticate to CAS /login . In the default
- configuration, it is the DefaultCredentialsToPrincipalResolver | that
- fills this role. If you are using some other kind of credentials than
- UsernamePasswordCredentials, you will need to replace |
- DefaultCredentialsToPrincipalResolver with a
- CredentialsToPrincipalResolver that supports the credentials you are
- | using. | | Second, AuthenticationManagerImpl uses these resolvers
- to identify a service requesting a proxy granting ticket. | In the
- default configuration, it is the
- HttpBasedServiceCredentialsToPrincipalResolver that serves this
- purpose. | You will need to change this list if you are identifying
- services by something more or other than their callback URL. +
- -->
- <property name="credentialsToPrincipalResolvers">
- <list>
- <!--
- | UsernamePasswordCredentialsToPrincipalResolver supports the
- UsernamePasswordCredentials that we use for /login | by default and
- produces SimplePrincipal instances conveying the username from the
- credentials. | | If you've changed your LoginFormAction to use
- credentials other than UsernamePasswordCredentials then you will
- also | need to change this bean declaration (or add additional
- declarations) to declare a CredentialsToPrincipalResolver that
- supports the | Credentials you are using. +
- -->
- <bean
- class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver">
- <property name="attributeRepository">
- <ref local="attributeRepository" />
- </property>
- </bean>
- <!--
- | HttpBasedServiceCredentialsToPrincipalResolver supports
- HttpBasedCredentials. It supports the CAS 2.0 approach of |
- authenticating services by SSL callback, extracting the callback
- URL from the Credentials and representing it as a | SimpleService
- identified by that callback URL. | | If you are representing
- services by something more or other than an HTTPS URL whereat they
- are able to | receive a proxy callback, you will need to change
- this bean declaration (or add additional declarations). +
- -->
- <bean
- class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
- </list>
- </property>
- <!--
- | Whereas CredentialsToPrincipalResolvers identify who it is some
- Credentials might authenticate, | AuthenticationHandlers actually
- authenticate credentials. Here we declare the AuthenticationHandlers
- that | authenticate the Principals that the
- CredentialsToPrincipalResolvers identified. CAS will try these
- handlers in turn | until it finds one that both supports the
- Credentials presented and succeeds in authenticating. +
- -->
- <property name="authenticationHandlers">
- <list>
- <!--这里面的用户表验证,可以配置多个,由上向下的表验证,只要有一个成功就退出-->
- <!-- support EAP database -->
- <bean
- class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
- <property name="dataSource" ref="casDataSource" />
- <property name="sql"
- value="SELECT Password FROM table1 WHERE Id = ?" />
- <property name="passwordEncoder" ref="passwordEncoder" />
- </bean>
- <!-- support another user table,对以上的类进行扩展,不采用那样的验证机制 -->
- <bean
- class="com.wqy.sso.auth.QueryDatabaseAuthenticationHandler2">
- <property name="dataSource" ref="casDataSource" />
- <property name="sql"
- value="SELECT FGUID FROM table2 WHERE FUserID = ? and cast(ID as varchar(50))=?" />
- <!--改变加密机制-->
- <property name="passwordEncoder" ref="passwordEncoder2" />
- </bean>
- <!--
- | This is the authentication handler that authenticates services by
- means of callback via SSL, thereby validating | a server side SSL
- certificate. +
- -->
- <bean
- class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
- p:httpClient-ref="httpClient" p:requireSecure="false" />
- <!--
- | This is the authentication handler declaration that every CAS
- deployer will need to change before deploying CAS | into
- production. The default
- SimpleTestUsernamePasswordAuthenticationHandler authenticates
- UsernamePasswordCredentials | where the username equals the
- password. You will need to replace this with an
- AuthenticationHandler that implements your | local authentication
- strategy. You might accomplish this by coding a new such handler
- and declaring | edu.someschool.its.cas.MySpecialHandler here, or
- you might use one of the handlers provided in the adaptors modules.
- +
- <bean
- class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
- -->
- </list>
- </property>
- </bean>
- <!--
- This bean defines the security roles for the Services Management
- application. Simple deployments can use the in-memory version. More
- robust deployments will want to use another option, such as the Jdbc
- version. The name of this should remain "userDetailsService" in order
- for Acegi to find it. To use this, you should add an entry similar to
- the following between the two value tags: battags=notused,ROLE_ADMIN
- where battags is the username you want to grant access to. You can put
- one entry per line.
- -->
- <bean id="userDetailsService"
- class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
- <property name="userMap">
- <value>
- </value>
- </property>
- </bean>
- <!--
- Bean that defines the attributes that a service may return. This
- example uses the Stub/Mock version. A real implementation may go
- against a database or LDAP server. The id should remain
- "attributeRepository" though.
- 返回更多的用户信息,在这里进行配置
- -->
- <bean id="attributeRepository"
- class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
- <constructor-arg index="0" ref="casDataSource" />
- <constructor-arg index="1"
- value="SELECT FBy5 AS type,deptId,id,position FROM table WHERE Fid=?" />
- <property name="queryAttributeMapping">
- <map>
- <!--
- username:为登录的用户名 uid:系统内部会赋给以上的fid
- -->
- <entry key="username" value="uid" />
- </map>
- </property>
- <property name="resultAttributeMapping">
- <map>
- <entry key="id" value="id1" />
- <entry key="deptId" value="dept1" />
- <entry key="Position" value="position1"/>
- <entry key="type" value="type1" />
- </map>
- </property>
- </bean>
- <!--
- Sample, in-memory data store for the ServiceRegistry. A real
- implementation would probably want to replace this with the JPA-backed
- ServiceRegistry DAO The name of this bean should remain
- "serviceRegistryDao".
- -->
- <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />
- </beans>
<!-- | deployerConfigContext.xml centralizes into one file some of the declarative configuration that | all CAS deployers will need to modify. | | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment. | The beans declared in this file are instantiated at context initialization time by the Spring | ContextLoaderListener declared in web.xml. It finds this file because this | file is among those declared in the context parameter "contextConfigLocation". | | By far the most common change you will need to make in this file is to change the last bean | declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with | one implementing your approach for authenticating usernames and passwords. + --> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"> <!-- cas数据源。 --> <bean id="casDataSource" class="org.apache.commons.dbcp.BasicDataSource"> <property name="driverClassName"> <value>net.sourceforge.jtds.jdbc.Driver</value> </property> <property name="url"> <value>jdbc:jtds:sqlserver://192.168.4.22:3433/db</value> </property> <property name="username"> <value>****</value> </property> <property name="password"> <value>****</value> </property> </bean> <bean id="passwordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" autowire="byName"> <constructor-arg value="MD5" /> </bean> <bean id="passwordEncoder2" class="org.jasig.cas.authentication.handler.PlainTextPasswordEncoder"> </bean> <!-- | This bean declares our AuthenticationManager. The CentralAuthenticationService service bean | declared in applicationContext.xml picks up this AuthenticationManager by reference to its id, | "authenticationManager". Most deployers will be able to use the default AuthenticationManager | implementation and so do not need to change the class of this bean. We include the whole | AuthenticationManager here in the userConfigContext.xml so that you can see the things you will | need to change in context. + --> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <!-- | This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate. | The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which | supports the presented credentials. | | AuthenticationManagerImpl uses these resolvers for two purposes. First, it uses them to identify the Principal | attempting to authenticate to CAS /login . In the default configuration, it is the DefaultCredentialsToPrincipalResolver | that fills this role. If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are | using. | | Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket. | In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose. | You will need to change this list if you are identifying services by something more or other than their callback URL. + --> <property name="credentialsToPrincipalResolvers"> <list> <!-- | UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login | by default and produces SimplePrincipal instances conveying the username from the credentials. | | If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also | need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the | Credentials you are using. + --> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"> <property name="attributeRepository"> <ref local="attributeRepository" /> </property> </bean> <!-- | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials. It supports the CAS 2.0 approach of | authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a | SimpleService identified by that callback URL. | | If you are representing services by something more or other than an HTTPS URL whereat they are able to | receive a proxy callback, you will need to change this bean declaration (or add additional declarations). + --> <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> </list> </property> <!-- | Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate, | AuthenticationHandlers actually authenticate credentials. Here we declare the AuthenticationHandlers that | authenticate the Principals that the CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn | until it finds one that both supports the Credentials presented and succeeds in authenticating. + --> <property name="authenticationHandlers"> <list> <!--这里面的用户表验证,可以配置多个,由上向下的表验证,只要有一个成功就退出--> <!-- support EAP database --> <bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"> <property name="dataSource" ref="casDataSource" /> <property name="sql" value="SELECT Password FROM table1 WHERE Id = ?" /> <property name="passwordEncoder" ref="passwordEncoder" /> </bean> <!-- support another user table,对以上的类进行扩展,不采用那样的验证机制 --> <bean class="com.wqy.sso.auth.QueryDatabaseAuthenticationHandler2"> <property name="dataSource" ref="casDataSource" /> <property name="sql" value="SELECT FGUID FROM table2 WHERE FUserID = ? and cast(ID as varchar(50))=?" /> <!--改变加密机制--> <property name="passwordEncoder" ref="passwordEncoder2" /> </bean> <!-- | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating | a server side SSL certificate. + --> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" p:requireSecure="false" /> <!-- | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your | local authentication strategy. You might accomplish this by coding a new such handler and declaring | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules. + <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> --> </list> </property> </bean> <!-- This bean defines the security roles for the Services Management application. Simple deployments can use the in-memory version. More robust deployments will want to use another option, such as the Jdbc version. The name of this should remain "userDetailsService" in order for Acegi to find it. To use this, you should add an entry similar to the following between the two value tags: battags=notused,ROLE_ADMIN where battags is the username you want to grant access to. You can put one entry per line. --> <bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl"> <property name="userMap"> <value> </value> </property> </bean> <!-- Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation may go against a database or LDAP server. The id should remain "attributeRepository" though. 返回更多的用户信息,在这里进行配置 --> <bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao"> <constructor-arg index="0" ref="casDataSource" /> <constructor-arg index="1" value="SELECT FBy5 AS type,deptId,id,position FROM table WHERE Fid=?" /> <property name="queryAttributeMapping"> <map> <!-- username:为登录的用户名 uid:系统内部会赋给以上的fid --> <entry key="username" value="uid" /> </map> </property> <property name="resultAttributeMapping"> <map> <entry key="id" value="id1" /> <entry key="deptId" value="dept1" /> <entry key="Position" value="position1"/> <entry key="type" value="type1" /> </map> </property> </bean> <!-- Sample, in-memory data store for the ServiceRegistry. A real implementation would probably want to replace this with the JPA-backed ServiceRegistry DAO The name of this bean should remain "serviceRegistryDao". --> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" /> </beans>
--->看下一章节
来自:http://www.iteye.com/topic/625961
评论
如果我要配置多个用户库怎么配置?
org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver
发表评论
-
Java 连接access 使用access文件 不用配置
2012-05-23 09:43 901String url = "jdbc:od ... -
在Java 7里如何对文件进行操作
2012-04-25 16:53 739下面的代码片段是由经过验证的程序修改而来。观察这些代码片段你会 ... -
Java将中文转换成拼音,用于字母的模糊查询
2012-04-23 15:05 1869/** * 将汉字转换为拼音 * ... -
JSON+Jquery实现页面动态加载
2011-12-09 18:10 805看附件 -
轻松实现Apache,Tomcat集群和负载均衡
2011-04-29 09:42 728作者:罗代均 ldj_work#126.com,转载请保 ... -
Java或web中解决所有路径问题
2011-04-28 21:48 703Java中使用的路径, ... -
基于jquery的上传插件Uploadify
2010-11-26 17:24 976无论是做Web产品还是Web项目,文件上传是经常要用到的功 ... -
JSP中的两种包含页面的方法
2010-11-09 11:47 756写道 第一种:include指令:当JSP转换成Servle ... -
pager-taglib 使用说明
2010-11-03 22:10 930http://www.iteye.com/topic/6265 ... -
jFreeChart 在jsp页上实现简单的折线图、柱状图
2010-10-31 13:57 1990可参考资料与网址 官方网站 http://www ... -
SSH + Lucene + 分页 + 排序 + 高亮 模拟简单新闻网站搜索引擎
2010-10-31 11:22 901SSH + Lucene + 分页 + 排序 + 高亮 ... -
【原创】CAS调研总结
2010-10-31 11:13 951本篇文章是对JA-SIG CAS(v3.3)的初步调研总结。 ... -
CAS客户端证书认证登录
2010-10-31 11:09 1907前端时间需要实现公司内网证书自动登录CAS. 由于对CAS的 ... -
单点登录CAS Server 介绍
2010-10-31 11:04 941下面的讲解基于CAS Server ... -
CAS(单点登陆)---总结二
2010-10-31 11:01 832返回更多用户信息继... 配置ssoAuth/WEB-INF ... -
java 防sql注入
2010-10-27 21:29 837package com.cssweb.webcall.util ... -
防止未登录进行操作 解决登录页面内嵌问题
2010-10-27 21:28 1404防止未登录进行操作 解决登录页面内嵌问题 1.进入登录的 ... -
fckeditor的使用
2010-10-27 21:17 753先根据上一篇博文下载FckEditor的工具 1.简单的例子 ... -
网页在线编辑器 fckeditor
2010-10-27 21:16 1034几种常见的网页在线编 ... -
解决地址栏传输中文问题
2010-10-27 21:10 808一、传统的方法,修改tomcat/conf/server.xm ...
相关推荐
Struts2和CAS单点登录(SSO)的集成是一个常见的Web应用安全实践,它允许用户在一个系统登录后,无须再次输入凭证就能访问其他相互信任的系统。在这个例子中,我们将深入探讨如何在MyEclipse环境下使用Struts2框架与...
### Tomcat与CAS单点登录实现详解 #### 一、背景介绍 在现代企业级应用环境中,多个系统之间往往需要进行集成,以便于提供统一的用户体验和服务。其中一个关键的需求是实现单点登录(SSO, Single Sign-On)功能,即...
总结,这个压缩包提供了集成CAS单点登录到Maven项目所需的全部资源,包括服务端war包和客户端DEMO,是学习和实践SSO技术的好材料。通过深入理解和操作这些内容,你可以更好地掌握CAS的工作原理以及如何在实际项目中...
CAS(Central Authentication Service)是Java开发的一个开源的单点登录(Single Sign-On,简称SSO)系统,广泛应用于各类Web应用程序的身份验证。SSO允许用户通过一次登录,就能访问多个相互信任的应用系统,无需多...
总结起来,这个"cas单点登陆带attribute客户端示例程序"是学习和实现CAS SSO的一个宝贵资源。通过研究和调整这个示例,开发者可以快速地将CAS集成到自己的Java应用中,同时处理中文属性,提高应用的安全性和用户体验...
CAS(Central Authentication Service)是一种流行的单点登录解决方案,主要用于提供统一身份验证和授权管理。CAS 3.5.2 是 CAS 的一个稳定版本,提供了许多实用的功能和配置项。在本文中,我们将详细介绍如何使用 ...
Kisso是一个基于Java的单点登录框架,其核心机制是利用加密的会话cookie进行用户认证。其具备无状态和分散验证的特点,意味着用户登录信息存储在客户端,减轻了服务器的负担,并能实现跨域认证。 #### Session与...
CAS是一种开源的身份验证框架,它提供单点登录(SSO)功能,通常用于集中管理多个应用系统的用户认证。以下是对文章内容的详细解析: **一、目标与原则** 1. **不影响原有统一登录界面功能**:修改的目标是在保留...
CAS(Central Authentication Service)是一种开源的身份验证协议,提供了单点登录和单点退出功能。CAS Server 是一个独立的服务器,负责处理身份验证请求。 Spring Boot 集成 Shiro+Cas 要在 Spring Boot 应用...
CAS(Central Authentication Service)是一种广泛使用的开放源代码单点登录(Single Sign-On,SSO)框架,它允许用户通过一个中央认证服务访问多个应用系统,而无需为每个系统单独进行登录。在实际的企业环境中,...
【单点登录(SSO)】单点登录(Single Sign-On,简称SSO)是一种让用户在访问多个相互信任的应用系统时只需登录一次的技术。它提高了用户体验,减少了因反复登录带来的不便,同时也强化了系统的安全性。SSO的核心...
在Web应用程序中,单点登录(Single Sign-On,SSO)是一种便捷的身份验证机制,允许用户在一次登录后,就能访问多个相互关联的应用系统,而无需再次输入凭证。在Java Web开发中,JSP常常用于构建用户界面,与Servlet...
单点登录(Single Sign-On,简称SSO)是一种用户身份验证机制,允许用户在一个安全领域内访问多个应用系统,而无需多次输入身份验证信息。在税务行业信息化发展中,应用整合成为关键,SSO作为其核心组成部分,对于...
本篇文章将深入探讨这一主题,并基于给定的标签"SSO"、"Java"和"单点登陆"进行详细解析。 1. SSO原理: SSO的核心思想是用户只需在一个地方验证身份,然后这个验证结果可以被其他所有系统接受。这通常通过一个中心...
总结来说,"前后端未分离的单点登录"涉及到Java编程、SSO认证流程、CAS服务器的配置和使用,以及在非前后端分离架构下的安全性考虑。理解并实践这些知识点对于构建和维护大型企业级应用至关重要。
统一身份认证 4.1 接入文档 ...统一身份认证 4.1 接入文档提供了一个完整的单点登录解决方案,使用 Spring Boot、CAS 和 Security 实现了单点登录。该解决方案可以应用于各种应用系统,提高用户的使用体验和安全性。
描述中提到的"单点登陆(Single Sign-On,简称SSO)"是一种身份验证机制,允许用户在一次登录后访问多个相互信任的应用系统,无需为每个系统分别输入凭证。CAS(Central Authentication Service)是一个广泛使用的...
- **运行配置了CAS的子系统**:部署并运行配置了CAS的子系统,确保单点登录功能正常工作。 - **为CAS配置SSL** - **生成密钥**:生成用于HTTPS连接的密钥。 - **为jetty配置SSL**:配置jetty服务器以支持HTTPS。 ...