环境:
Oracle 11g
Centos 6.5
CAS 4.0
Tomcat 7
JDK 1.7
CAS3.3.0在logout后不能自动根据service跳转,所以装了个CAS4.0.0,记录一下
1. Cas Server下载:http://developer.jasig.org/cas/
Cas Client下载:http://developer.jasig.org/cas-clients/
2. 下载完毕4.0.zip文件后,解压后再module里面会有一个4.0的war包cas-server-webapp-4.0.0.war。
3. 把这个war包拷到tomcat7中,重命名为cas.war。
4. 把tomcat7启动起来,然后再cas目录下找到WEB-INF中的lib中,
5. 加入这几个jar包:
cas-server-support-jdbc-4.0.0.jar
oracle-jdbc-11.2.jar
ojdbc6.jar
commons-dbcp-1.3.jar
自己写的PasswordEncoder-0.6.1.jar
commons-pool-1.5.6.jar
6. 然后修改cas\WEB-INF\spring-configuration\ticketGrantingTicketCookieGenerator.xml
的p:cookieSecure="false",如下
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<description>
Defines the cookie that stores the TicketGrantingTicket. You most likely should never modify these (especially the "secure" property).
You can change the name if you want to make it harder for people to guess.
</description>
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="true"
p:cookieMaxAge="-1"
p:cookieName="CASTGC"
p:cookiePath="/cas" />
</beans>7.修改cas\web-inf\ deployerConfigContext.xml文件:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
<entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver"/>
</map>
</constructor-arg>
<property name="authenticationPolicy">
<bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
</property>
</bean>
<bean id="proxyAuthenticationHandler"
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<bean id="casDataSource" class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName">
<value>oracle.jdbc.driver.OracleDriver</value>
</property>
<property name="url">
<value>jdbc:oracle:thin:@10.0.1.177:1521:shdgdb</value>
</property>
<property name="username">
<value>shdg</value>
</property>
<property name="password">
<value>shdg</value>
</property>
</bean>
<bean id="myPasswordEncoder" class="com.esteel.cas.until.PasswordEncoder"/>
<bean id="dbAuthHandler"
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
p:dataSource-ref="casDataSource"
p:sql="select trade_passwd from tb_cus_user where cus_user_id = ?"
p:passwordEncoder-ref="myPasswordEncoder"
/>
<bean id="proxyPrincipalResolver"
class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
<bean id="primaryPrincipalResolver"
class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" >
<property name="attributeRepository" ref="attributeRepository" />
</bean>
<bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"
p:backingMap-ref="attrRepoBackingMap" />
<util:map id="attrRepoBackingMap">
<entry key="uid" value="uid" />
<entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
<entry key="groupMembership" value="groupMembership" />
</util:map>
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
p:registeredServices-ref="registeredServicesList" />
<util:list id="registeredServicesList">
<bean class="org.jasig.cas.services.RegexRegisteredService"
p:id="0" p:name="HTTP and IMAP" p:description="Allows HTTP(S) and IMAP(S) protocols"
p:serviceId="^(https?|imaps?)://.*" p:evaluationOrder="10000001" />
</util:list>
<bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
<bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" />
<util:list id="monitorsList">
<bean class="org.jasig.cas.monitor.MemoryMonitor" p:freeMemoryWarnThreshold="10" />
<bean class="org.jasig.cas.monitor.SessionMonitor"
p:ticketRegistry-ref="ticketRegistry"
p:serviceTicketCountWarnThreshold="5000"
p:sessionCountWarnThreshold="100000" />
</util:list>
</beans>8.修改cas-servlet.xml为如下
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:webflow="http://www.springframework.org/schema/webflow-config"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/webflow-config http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.3.xsd">
<import resource="spring-configuration/propertyFileConfigurer.xml"/>
<!-- Theme Resolver -->
<bean id="themeResolver" class="org.jasig.cas.services.web.ServiceThemeResolver"
p:defaultThemeName="${cas.themeResolver.defaultThemeName}"
p:argumentExtractors-ref="argumentExtractors"
p:servicesManager-ref="servicesManager">
<property name="mobileBrowsers">
<util:map>
<entry key=".*iPhone.*" value="iphone"/>
<entry key=".*Android.*" value="iphone"/>
<entry key=".*Safari.*Pre.*" value="iphone"/>
<entry key=".*Nokia.*AppleWebKit.*" value="iphone"/>
</util:map>
</property>
</bean>
<!-- View Resolver -->
<bean id="viewResolver" class="org.springframework.web.servlet.view.ResourceBundleViewResolver"
p:order="0">
<property name="basenames">
<util:list>
<value>${cas.viewResolver.basename}</value>
<value>protocol_views</value>
</util:list>
</property>
</bean>
<!-- Locale Resolver -->
<bean id="localeResolver" class="org.springframework.web.servlet.i18n.CookieLocaleResolver" p:defaultLocale="zh_CN" />
<bean id="localeChangeInterceptor" class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor"/>
<bean id="urlBasedViewResolver" class="org.springframework.web.servlet.view.UrlBasedViewResolver"
p:viewClass="org.springframework.web.servlet.view.InternalResourceView"
p:prefix="/WEB-INF/view/jsp/"
p:suffix=".jsp"
p:order="1"/>
<bean id="errorHandlerResolver" class="org.jasig.cas.web.FlowExecutionExceptionResolver"/>
<bean class="org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter"/>
<bean
id="handlerMappingC"
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping"
p:alwaysUseFullPath="true">
<property name="mappings">
<util:properties>
<prop key="/serviceValidate">serviceValidateController</prop>
<prop key="/proxyValidate">proxyValidateController</prop>
<prop key="/p3/serviceValidate">v3ServiceValidateController</prop>
<prop key="/p3/proxyValidate">v3ProxyValidateController</prop>
<prop key="/validate">legacyValidateController</prop>
<prop key="/proxy">proxyController</prop>
<prop key="/authorizationFailure.html">passThroughController</prop>
<prop key="/status">healthCheckController</prop>
<prop key="/statistics">statisticsController</prop>
</util:properties>
</property>
</bean>
<bean id="passThroughController" class="org.springframework.web.servlet.mvc.UrlFilenameViewController"/>
<!-- login webflow configuration -->
<bean id="loginFlowHandlerMapping" class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping"
p:flowRegistry-ref="loginFlowRegistry" p:order="2">
<property name="interceptors">
<ref local="localeChangeInterceptor" />
</property>
</bean>
<bean id="loginHandlerAdapter" class="org.jasig.cas.web.flow.SelectiveFlowHandlerAdapter"
p:supportedFlowId="login" p:flowExecutor-ref="loginFlowExecutor" p:flowUrlHandler-ref="loginFlowUrlHandler" />
<bean id="loginFlowUrlHandler" class="org.jasig.cas.web.flow.CasDefaultFlowUrlHandler" />
<webflow:flow-executor id="loginFlowExecutor" flow-registry="loginFlowRegistry">
<webflow:flow-execution-attributes>
<webflow:always-redirect-on-pause value="false" />
<webflow:redirect-in-same-state value="false" />
</webflow:flow-execution-attributes>
<webflow:flow-execution-listeners>
<webflow:listener ref="terminateWebSessionListener" />
</webflow:flow-execution-listeners>
</webflow:flow-executor>
<webflow:flow-registry id="loginFlowRegistry" flow-builder-services="builder">
<webflow:flow-location path="/WEB-INF/login-webflow.xml" id="login" />
</webflow:flow-registry>
<!-- logout webflow configuration -->
<bean id="logoutFlowHandlerMapping" class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping"
p:flowRegistry-ref="logoutFlowRegistry" p:order="3">
<property name="interceptors">
<ref local="localeChangeInterceptor" />
</property>
</bean>
<bean id="logoutHandlerAdapter" class="org.jasig.cas.web.flow.SelectiveFlowHandlerAdapter"
p:supportedFlowId="logout" p:flowExecutor-ref="logoutFlowExecutor" p:flowUrlHandler-ref="logoutFlowUrlHandler" />
<bean id="logoutFlowUrlHandler" class="org.jasig.cas.web.flow.CasDefaultFlowUrlHandler"
p:flowExecutionKeyParameter="RelayState" />
<webflow:flow-executor id="logoutFlowExecutor" flow-registry="logoutFlowRegistry">
<webflow:flow-execution-attributes>
<webflow:always-redirect-on-pause value="false" />
<webflow:redirect-in-same-state value="false" />
</webflow:flow-execution-attributes>
<webflow:flow-execution-listeners>
<webflow:listener ref="terminateWebSessionListener" />
</webflow:flow-execution-listeners>
</webflow:flow-executor>
<webflow:flow-registry id="logoutFlowRegistry" flow-builder-services="builder">
<webflow:flow-location path="/WEB-INF/logout-webflow.xml" id="logout" />
</webflow:flow-registry>
<webflow:flow-builder-services id="builder" view-factory-creator="viewFactoryCreator" expression-parser="expressionParser" />
<bean id="logoutConversionService" class="org.jasig.cas.web.flow.LogoutConversionService" />
<bean id="terminateWebSessionListener" class="org.jasig.cas.web.flow.TerminateWebSessionListener" />
<bean id="expressionParser" class="org.springframework.webflow.expression.spel.WebFlowSpringELExpressionParser"
c:conversionService-ref="logoutConversionService">
<constructor-arg>
<bean class="org.springframework.expression.spel.standard.SpelExpressionParser" />
</constructor-arg>
</bean>
<bean id="viewFactoryCreator" class="org.springframework.webflow.mvc.builder.MvcViewFactoryCreator">
<property name="viewResolvers">
<util:list>
<ref local="viewResolver"/>
</util:list>
</property>
</bean>
<!-- CAS 2 Protocol service/proxy validation -->
<bean id="abstractValidateController" class="org.jasig.cas.web.ServiceValidateController" abstract="true"
p:centralAuthenticationService-ref="centralAuthenticationService"
p:proxyHandler-ref="proxy20Handler"
p:argumentExtractor-ref="casArgumentExtractor"/>
<bean id="proxyValidateController" parent="abstractValidateController"/>
<bean id="serviceValidateController" parent="abstractValidateController"
p:validationSpecificationClass="org.jasig.cas.validation.Cas20WithoutProxyingValidationSpecification"/>
<!-- CAS 3 Protocol service/proxy validation with attributes -->
<bean id="v3AbstractValidateController" parent="abstractValidateController" abstract="true"
p:successView="cas3ServiceSuccessView"
p:failureView="cas3ServiceFailureView" />
<bean id="v3ProxyValidateController" parent="v3AbstractValidateController" />
<bean id="v3ServiceValidateController" parent="v3AbstractValidateController"
p:validationSpecificationClass="org.jasig.cas.validation.Cas20WithoutProxyingValidationSpecification"/>
<!-- CAS 1 legacy validation -->
<bean id="legacyValidateController" parent="abstractValidateController"
p:proxyHandler-ref="proxy10Handler"
p:successView="cas1ServiceSuccessView"
p:failureView="cas1ServiceFailureView"
p:validationSpecificationClass="org.jasig.cas.validation.Cas10ProtocolValidationSpecification"/>
<bean id="proxyController" class="org.jasig.cas.web.ProxyController"
p:centralAuthenticationService-ref="centralAuthenticationService"/>
<bean id="statisticsController" class="org.jasig.cas.web.StatisticsController"
p:casTicketSuffix="${host.name}" c:ticketRegistry-ref="ticketRegistry" />
<bean id="logoutAction" class="org.jasig.cas.web.flow.LogoutAction"
p:servicesManager-ref="servicesManager"
p:followServiceRedirects="${cas.logout.followServiceRedirects:true}"/>
<bean id="frontChannelLogoutAction" class="org.jasig.cas.web.flow.FrontChannelLogoutAction"
c:logoutManager-ref="logoutManager"/>
<bean id="healthCheckController" class="org.jasig.cas.web.HealthCheckController"
p:healthCheckMonitor-ref="healthCheckMonitor"/>
<bean id="initialFlowSetupAction" class="org.jasig.cas.web.flow.InitialFlowSetupAction"
p:argumentExtractors-ref="argumentExtractors"
p:warnCookieGenerator-ref="warnCookieGenerator"
p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator"/>
<bean id="authenticationViaFormAction" class="org.jasig.cas.web.flow.AuthenticationViaFormAction"
p:centralAuthenticationService-ref="centralAuthenticationService"
p:warnCookieGenerator-ref="warnCookieGenerator"
p:ticketRegistry-ref="ticketRegistry"/>
<bean id="authenticationExceptionHandler" class="org.jasig.cas.web.flow.AuthenticationExceptionHandler" />
<bean id="generateServiceTicketAction" class="org.jasig.cas.web.flow.GenerateServiceTicketAction"
p:centralAuthenticationService-ref="centralAuthenticationService"/>
<bean id="sendTicketGrantingTicketAction" class="org.jasig.cas.web.flow.SendTicketGrantingTicketAction"
p:centralAuthenticationService-ref="centralAuthenticationService"
p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator"/>
<bean id="gatewayServicesManagementCheck" class="org.jasig.cas.web.flow.GatewayServicesManagementCheck"
c:servicesManager-ref="servicesManager" />
<bean id="serviceAuthorizationCheck" class="org.jasig.cas.web.flow.ServiceAuthorizationCheck"
c:servicesManager-ref="servicesManager" />
<bean id="generateLoginTicketAction" class="org.jasig.cas.web.flow.GenerateLoginTicketAction"
p:ticketIdGenerator-ref="loginTicketUniqueIdGenerator"/>
<bean id="messageInterpolator" class="org.jasig.cas.util.SpringAwareMessageMessageInterpolator"/>
<bean id="credentialsValidator" class="org.springframework.validation.beanvalidation.LocalValidatorFactoryBean"
p:messageInterpolator-ref="messageInterpolator"/>
<bean id="ticketGrantingTicketCheckAction" class="org.jasig.cas.web.flow.TicketGrantingTicketCheckAction"
c:registry-ref="ticketRegistry" />
<bean id="terminateSessionAction" class="org.jasig.cas.web.flow.TerminateSessionAction"
c:cas-ref="centralAuthenticationService"
c:tgtCookieGenerator-ref="ticketGrantingTicketCookieGenerator"
c:warnCookieGenerator-ref="warnCookieGenerator"/>
</beans>9.最后就是改下登陆的样式。
登陆界面在\cas\WEB-INF\view\jsp\default\ui\中的casLoginView.jsp中修改。
10,最后上传下做好的登陆界面图。