查看文章 |
jforum与cas集成
2008/10/08 下午 01:56
1.安装CAS下载cas server ,设置好服务器端,这个过程不复杂,主要是生成服务器端证书和客户端证书,因为CAS SSO使用SSL加密协议进行通信处理。登陆页面 : https://<完整域名>:8443/cas/login 2.安装JForum-2.1.8到http://www.jforum.net/download.jsp下载。开发的话建议下载src版本,这样可以导入到Eclipse下进行源码调整。测试页面:http://localhost:8080/jforum 3.整合处理,主要为如下三步骤1)filter处理打开${TOMCAT_HOME}/webapps/jforum/WEB-INF/web.xml,加入如下filter代码: ..... <filter> <filter-name>CAS Filter</filter-name> <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class> <init-param> <param-name> edu.yale.its.tp.cas.client.filter.loginUrl </param-name> <param-value> https://<完整域名>:8443/cas/login </param-value> </init-param> <init-param> <param-name> edu.yale.its.tp.cas.client.filter.validateUrl </param-name> <param-value> https://<完整域名>:8443/cas/proxyValidate </param-value> </init-param> <init-param> <param-name> edu.yale.its.tp.cas.client.filter.serverName </param-name> <param-value>localhost:8080</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>.....此Filter建立放在最上面,让请求资源首先定向到https://<完整域名>:8443/cas/login,CAS服务端进行认证处理,再继续客户应用处理(filters) 2.根据RemoteUserSSO,可以另外创建一个文件如CasUserSSO,其实现原始SSO类:新建一个java文件CasUserSSO.java ,代码如下: package net.jforum.sso;import net.jforum.context.RequestContext;import net.jforum.entities.UserSession;import net.jforum.util.preferences.ConfigKeys;import net.jforum.util.preferences.SystemGlobals;import org.apache.log4j.Logger;import edu.yale.its.tp.cas.client.ServiceTicketValidator; public class CasUserSSO implements SSO { static final Logger logger = Logger.getLogger(CasUserSSO.class.getName()); public String authenticateUser(RequestContext request) { String username = (String) request.getSessionContext().getAttribute( "edu.yale.its.tp.cas.client.filter.user"); logger.info("Login User:" + username); return username; } public boolean isSessionValid(UserSession userSession, RequestContext request) { ServiceTicketValidator sv = new ServiceTicketValidator(); String remoteUser = sv.getUser(); // user has since logged out if (remoteUser == null && userSession.getUserId() != SystemGlobals .getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) { return false; } // user has since logged in else if (remoteUser != null && userSession.getUserId() == SystemGlobals .getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) { return false; } // user has changed user else if (remoteUser != null && !remoteUser.equals(userSession.getUsername())) { return false; } return true; } }这部分主要是处理SSO认证,获取认证中心传来的username等等。 3.修改SystemGlobals.properties文件打开${TOMCAT_HOME}/webapps/jforum/WEB-INF/config/SystemGlobals.properties,如下设定:authentication.type = sso sso.implementation = net.jforum.sso.CasUserSSO sso.redirect = https://<完整域名>:8443/cas/login 4.整合测试:a.键入:http://localhost:8080/jforumb.确认证书处理 c. 键入SSO用户名/密码,CAS SSO缺省的是使用SimpleTestUsernamePasswordAuthenticationHandler,即要求用户名与密码一致才能通过 验证,可以调整CAS SSO Server端使用Database进行用户校验处理,如下调整 deployerConfigContext.xml.<!-- <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> --> <bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"> <property name="sql" value="select password from app_user where username=?" /> <property name="dataSource" ref="dataSource" /> <property name="passwordEncoder"> <bean class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"> <constructor-arg value="SHA"/> </bean> </property></bean> 摘自:http://blog.csdn.net/lifei88/archive/2007/12/21/1957814.aspx |
最近读者:
