Академический Документы
Профессиональный Документы
Культура Документы
CAS
1 CAS Yale Web
CAS 2004
12 JA-SIG CAS
2
3 CAS Server Web
4 CAS Client (
Web ) Java, .Net, PHP, Perl, Apac
he, uPortal, Ruby
CAS
https
1 server key
cmd E:\
keytool -genkey -alias casserver -keyalg RSA -keypass changeit -stor
epass changeit -keystore server.keystore -validity 3600
-validity ( ) 9
0
, cas server
SSL TGC
CAS
RSA
Changeit
2 JDK
keytool -export -trustcacerts -alias casserver -file server.cer -keystore serv
er.keystore -storepass changeit
keytool -import -trustcacerts -alias casserver -file server.cer -keystore D:\Ja
va\jre1.6.0_02\lib\security\cacerts -storepass changeit
JDK jdk/jre
cas-server
1 tomcate
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
clientAuth="false" sslProtocol="TLS"
keystoreFile=../servercas1.keystore"
keystorePass="changeit"/>
keystoreFile
keystorePass
2 CAS Server
3 cas-server
1) cas/WEB-INF/deployerConfigContext.xml
DataSource <bean id="dataSource"class="org.springframework.jdbc.datasource.DriverMan
agerDataSource">
<property name="driverClassName"><value></value></property>
<property name=url><value></value></property>
<property name="username"><value></value></property>
<property name="password"><value></value></property>
</bean>
2) AuthenticationHandler
<!-- <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAut
henticationHandler" /> -->
<!-- -->
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="sql" value="select password from users where username=?" />
<property name="dataSource" ref="dataSource" />
<property name=passwordEncoder ref=mypasswordEncoder/>
</bean>
mypasswordEncoder bean)
<bean id="mypasswordEncoder"
class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
<constructor-arg value="MD5"/>
</bean>
MD5 SHA1
PasswordEncoder
4 cas https
4.1 cas server \WEB-INF\deployerConfigContext.xml
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredenti
alsAuthenticationHandler" p:httpClient-ref="httpClient" p:requireSecure="false"/>
p:requireSecure="false" HTTPS false
4.2 cas server
WEB-INF\springconfiguration\ticketGrantingTicketCookieGenerator.xml
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.Co
okieRetrievingCookieGenerator"
p:cookieSecure="false"
p:cookieMaxAge="-1"
p:cookieName="CASTGC"
p:cookiePath="/cas" />
</beans>
5
1 bean
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.StubPersonAttributeDao">
<property name="backingMap">
<map>
<entry key="uid" value="uid" />
<entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
<entry key="groupMembership" value="groupMembership" />
</map>
</property>
</bean>
attributeRepository
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
VIEW-INF/jsp/protocal/2.0/casServiceValidationSuccess.jsp
<c:if test="${fn:length(assertion.chainedAuthentications[fn:length(assertion.cha
inedAuthentications)-1].principal.attributes) > 0}">
<cas:attributes>
<cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)} </cas:${f
n:escapeXml(attr.key)}>
</c:forEach>
</cas:attributes>
</c:if>
server xml ca
sServiceValidationSuccess.jsp
cas-client
1
cas server.cer JDK
keytool -import -trustcacerts -alias casserver -file server.cer -keysto
re D:\Java\jre1.6.0_02\lib\security\cacerts -storepass changeit
jre JDK jre
2 spring security cas jar
3 filter
casEntryPoint
<beans:bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<beans:property name="loginUrl" value="https://190.100.100.56:8443/cas/login"/>
<beans:property name="serviceProperties" ref="serviceProperties"/>
</beans:bean>
cas IP
http
*entry-point-ref="casEntryPoint"
AuthenticationEntryPoin
t ExceptionTranslationFilter
CAS_FILTER
<beans:bean id="serviceProperties"
class="org.springframework.security.cas.ServiceProperties">
<beans:property name="service"
value="http://IT-56.bodacredit.local:8002/boda/j_spring_cas_security_check"/>
<beans:property name="sendRenew" value="false"/>
serviceProperties .
IP ( )
sendRenew boolean true
casFilter
<!-- cas -->
<beans:bean id="casFilter" class="org.springframework.security.cas.web.CasAuthent
icationFilter">
<beans:property name="authenticationManager"
r
ef="casAuthenticationManager"/>
<beans:property name="authenticationSuccessHandler"
ref="authenticationSuc
cessHandler" />
</beans:bean>
cas server Ticket client ticket server
Handler Handler
Cas
Filter requestSingleLogoutFilter singleLogoutFilter
<!-- -->
<beans:bean id="singleLogoutFilter"
class="org.jasig.cas.client.session.SingleSignOutFilter" />
<!-- -->
<beans:bean id="requestSingleLogoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilt
er" >
<beans:constructor-arg
value="https://190.100.100.56:8443/cas/lo
gout?service=http://190.100.100.56:8002/boda/signin.jsp" />
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.web.authenti
cation.logout.SecurityContextLogoutHandler" />
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/boda_security_logout"
/>
</beans:bean>
filterProcessesUrl filter
,
cas-servlet.xml logoutController
bean followServiceRedirects true
service ,
URL
https://190.100.100.56:8443/cas/logout?service=http://190.100.100
.56:8002/boda/signin.jsp