单点登录JA-SIG研究分析

  一、数据库配置

        1.复杂数据库驱动jar文件到cas服务端网站的lib目录下

        2.修改CasServer/WEB-INF/deployerConfigContext.xml文件：

            

<!-- 注释掉如下代码-->

<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />

        替换成:

        

                <bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">

                    <property name="sql" value="select PASSWORD_ from ID_USER where NAME_=?"/>

                    <property name="passwordEncoder" ref="passwordEncoder"/>

                    <property name="dataSource" ref="dataSource"/>

                </bean>

        在文件末尾加入：

<!-- 数据源定义 -->

    <bean id="dataSource"

        class="org.springframework.jdbc.datasource.DriverManagerDataSource">

        <property name="driverClassName" value="${db.driver}" />

        <property name="url" value="${db.url}" />

        <property name="username" value="${db.username}" />

        <property name="password" value="${db.password}" />

    </bean>

    <bean id="passwordEncoder"

        class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"

        autowire="byName">

        <constructor-arg value="MD5" />

    </bean>

        在CasServer/WEB-INF/cas.properties文件中添加:

database.hibernate.dialect=org.hibernate.dialect.OracleDialect

#database.hibernate.dialect=org.hibernate.dialect.MySQLDialect

#database.hibernate.dialect=org.hibernate.dialect.HSQLDialect

db.driver=oracle.jdbc.driver.OracleDriver

db.url=jdbc/:oracle/:thin/:@localhost/:1521/:master

db.username=casusername

db.password=caspwd

     二、LDAP配置

            1.复杂cas-server-support-ldap-3.2.jar文件到cas服务端网站的lib目录下

            2.修改CasServer/WEB-INF/deployerConfigContext.xml文件：

            

<!-- 注释掉如下代码-->

<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />

 

        替换成:（注意:位置）

<bean

                    class="com.jihong.cas.adaptors.ldap.BindLdapAuthenticationHandler">

                    <property name="filter" value="uid=%u" />

                    <!-- 基节点 -->

                    <property name="searchBase"

                        value="OU=单位,O=TJJU" />

                    <property name="contextSource" ref="contextSource" />

                </bean>

在文件末尾加入：

<bean id="contextSource"

        class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">

        <property name="password" value="secret" />

        <property name="pooled" value="true" />

        <property name="urls">

            <list>

                <value>ldap://192.168.0.1:389/</value>

            </list>

        </property>

        <!-- property name="userName" value="uid=admin,O=TJJU" /-->

        <property name="baseEnvironmentProperties">

            <map>

                <entry>

                    <key>

                        <value>

                            java.naming.security.authentication

                        </value>

                    </key>

                    <value>simple</value>

                </entry>

            </map>

        </property>

    </bean>

     三、分析deployerConfigContext.xml的其他配置

         1.客户端登陆服务配置:每加入一个客户端网站都需修改这个配置。   

<bean id="serviceRegistryDao"

        class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />

        例如:

<bean id="serviceRegistryDao"

        class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">

        <!-- 注册客户端 -->

        <property name="registeredServices">

            <list>

            <!-- 一个客户端配置 -->

                <bean

                    class="org.jasig.cas.services.RegisteredServiceImpl" 

                    p:id="1"

                    p:description="Tout Nancy 2" 

                    p:serviceId="*://localhost:8080/**"

                    p:name="Tout Nancy 2" 

                    p:theme="nancy2" 

                    p:allowedToProxy="true"

                    p:enabled="true" 

                    p:ssoEnabled="true" 

                    p:anonymousAccess="false">

                    <!-- 允许的属性 -->

                    <property name="allowedAttributes" value="Name,telephoneNumber,fullName,mail,eduPersonAffiliation,groupMembership"/>

                </bean>

            </list>

        </property>

    </bean>

        2.属性注册:从数据库中读取的属性

 

<bean id="attributeRepository"

        class="org.jasig.services.persondir.support.StubPersonAttributeDao">

        <property name="backingMap">

            <map>

                <entry key="uid" value="uid" />

                <entry key="eduPersonAffiliation"

                    value="eduPersonAffiliation" />

                <entry key="groupMembership" value="groupMembership" />

            </map>

        </property>

    </bean>

    例如：从LDAP中读取属性

<bean id="attributeRepository"

        class="com.jihong.services.persondir.support.ldap.LdapPersonAttributeDao">

        <property name="baseDN" value="OU=单位,O=TJJU" />

        <property name="query" value="(uid={0})" />

        <property name="contextSource" ref="contextSource" />

        <property name="ldapAttributesToPortalAttributes">

            <map>

                <entry key="cn" value="Name" />

                <entry value="Telephone" key="telephoneNumber" />

                <entry value="Full Name" key="fullName" />

                <entry value="Email" key="mail" />

                <entry key="eduPersonAffiliation"

                    value="eduPersonAffiliation" />

                <entry key="groupMembership" value="groupMembership" />

            </map>

        </property>

    </bean>