单点登录JA-SIG研究分析~用户库配置篇
一、数据库配置
1.复杂数据库驱动jar文件到cas服务端网站的lib目录下
2.修改CasServer\WEB-INF\deployerConfigContext.xml文件:
<!--
注释掉如下代码
-->
< bean class ="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
< bean class ="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
替换成:
<
bean
class
="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
>
< property name ="sql" value ="select PASSWORD_ from ID_USER where NAME_=?" />
< property name ="passwordEncoder" ref ="passwordEncoder" />
< property name ="dataSource" ref ="dataSource" />
</ bean >
< property name ="sql" value ="select PASSWORD_ from ID_USER where NAME_=?" />
< property name ="passwordEncoder" ref ="passwordEncoder" />
< property name ="dataSource" ref ="dataSource" />
</ bean >
在文件末尾加入:
<!--
数据源定义
-->
< bean id ="dataSource"
class ="org.springframework.jdbc.datasource.DriverManagerDataSource" >
< property name ="driverClassName" value ="${db.driver}" />
< property name ="url" value ="${db.url}" />
< property name ="username" value ="${db.username}" />
< property name ="password" value ="${db.password}" />
</ bean >
< bean id ="passwordEncoder"
class ="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
autowire ="byName" >
< constructor-arg value ="MD5" />
</ bean >
< bean id ="dataSource"
class ="org.springframework.jdbc.datasource.DriverManagerDataSource" >
< property name ="driverClassName" value ="${db.driver}" />
< property name ="url" value ="${db.url}" />
< property name ="username" value ="${db.username}" />
< property name ="password" value ="${db.password}" />
</ bean >
< bean id ="passwordEncoder"
class ="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
autowire ="byName" >
< constructor-arg value ="MD5" />
</ bean >
在CasServer\WEB-INF\cas.properties文件中添加:
database.hibernate.dialect
=
org.hibernate.dialect.OracleDialect
#database.hibernate.dialect = org.hibernate.dialect.MySQLDialect
#database.hibernate.dialect = org.hibernate.dialect.HSQLDialect
db.driver = oracle.jdbc.driver.OracleDriver
db.url = jdbc\:oracle\:thin\:@localhost \: 1521 \:master
db.username =casusername
db.password =caspwd
#database.hibernate.dialect = org.hibernate.dialect.MySQLDialect
#database.hibernate.dialect = org.hibernate.dialect.HSQLDialect
db.driver = oracle.jdbc.driver.OracleDriver
db.url = jdbc\:oracle\:thin\:@localhost \: 1521 \:master
db.username =casusername
db.password =caspwd
二、LDAP配置
1.复杂cas-server-support-ldap-3.2.jar文件到cas服务端网站的lib目录下
2.修改CasServer\WEB-INF\deployerConfigContext.xml文件:
<!--
注释掉如下代码
-->
< bean class ="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
< bean class ="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
替换成:(注意:位置)
<
bean
class ="com.jihong.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
< property name ="filter" value ="uid=%u" />
<!-- 基节点 -->
< property name ="searchBase"
value ="OU=单位,O=TJJU" />
< property name ="contextSource" ref ="contextSource" />
</ bean >
class ="com.jihong.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
< property name ="filter" value ="uid=%u" />
<!-- 基节点 -->
< property name ="searchBase"
value ="OU=单位,O=TJJU" />
< property name ="contextSource" ref ="contextSource" />
</ bean >
在文件末尾加入:
<
bean
id
="contextSource"
class ="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource" >
< property name ="password" value ="secret" />
< property name ="pooled" value ="true" />
< property name ="urls" >
< list >
< value > ldap://192.168.0.1:389/ </ value >
</ list >
</ property >
<!-- property name="userName" value="uid=admin,O=TJJU" / -->
< property name ="baseEnvironmentProperties" >
< map >
< entry >
< key >
< value >
java.naming.security.authentication
</ value >
</ key >
< value > simple </ value >
</ entry >
</ map >
</ property >
</ bean >
class ="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource" >
< property name ="password" value ="secret" />
< property name ="pooled" value ="true" />
< property name ="urls" >
< list >
< value > ldap://192.168.0.1:389/ </ value >
</ list >
</ property >
<!-- property name="userName" value="uid=admin,O=TJJU" / -->
< property name ="baseEnvironmentProperties" >
< map >
< entry >
< key >
< value >
java.naming.security.authentication
</ value >
</ key >
< value > simple </ value >
</ entry >
</ map >
</ property >
</ bean >
三、分析deployerConfigContext.xml的其他配置
1.客户端登陆服务配置:每加入一个客户端网站都需修改这个配置。
<
bean
id
="serviceRegistryDao"
class ="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />
class ="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />
例如:
<
bean
id
="serviceRegistryDao"
class ="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" >
<!-- 注册客户端 -->
< property name ="registeredServices" >
< list >
<!-- 一个客户端配置 -->
< bean
class ="org.jasig.cas.services.RegisteredServiceImpl"
p:id ="1"
p:description ="Tout Nancy 2"
p:serviceId ="*://localhost:8080/**"
p:name ="Tout Nancy 2"
p:theme ="nancy2"
p:allowedToProxy ="true"
p:enabled ="true"
p:ssoEnabled ="true"
p:anonymousAccess ="false" >
<!-- 允许的属性 -->
< property name ="allowedAttributes" value ="Name,telephoneNumber,fullName,mail,eduPersonAffiliation,groupMembership" />
</ bean >
</ list >
</ property >
</ bean >
class ="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" >
<!-- 注册客户端 -->
< property name ="registeredServices" >
< list >
<!-- 一个客户端配置 -->
< bean
class ="org.jasig.cas.services.RegisteredServiceImpl"
p:id ="1"
p:description ="Tout Nancy 2"
p:serviceId ="*://localhost:8080/**"
p:name ="Tout Nancy 2"
p:theme ="nancy2"
p:allowedToProxy ="true"
p:enabled ="true"
p:ssoEnabled ="true"
p:anonymousAccess ="false" >
<!-- 允许的属性 -->
< property name ="allowedAttributes" value ="Name,telephoneNumber,fullName,mail,eduPersonAffiliation,groupMembership" />
</ bean >
</ list >
</ property >
</ bean >
2.属性注册:从数据库中读取的属性
<
bean
id
="attributeRepository"
class ="org.jasig.services.persondir.support.StubPersonAttributeDao" >
< property name ="backingMap" >
< map >
< entry key ="uid" value ="uid" />
< entry key ="eduPersonAffiliation"
value ="eduPersonAffiliation" />
< entry key ="groupMembership" value ="groupMembership" />
</ map >
</ property >
</ bean >
class ="org.jasig.services.persondir.support.StubPersonAttributeDao" >
< property name ="backingMap" >
< map >
< entry key ="uid" value ="uid" />
< entry key ="eduPersonAffiliation"
value ="eduPersonAffiliation" />
< entry key ="groupMembership" value ="groupMembership" />
</ map >
</ property >
</ bean >
例如:从LDAP中读取属性
<
bean
id
="attributeRepository"
class ="com.jihong.services.persondir.support.ldap.LdapPersonAttributeDao" >
< property name ="baseDN" value ="OU=单位,O=TJJU" />
< property name ="query" value ="(uid={0})" />
< property name ="contextSource" ref ="contextSource" />
< property name ="ldapAttributesToPortalAttributes" >
< map >
< entry key ="cn" value ="Name" />
< entry value ="Telephone" key ="telephoneNumber" />
< entry value ="Full Name" key ="fullName" />
< entry value ="Email" key ="mail" />
< entry key ="eduPersonAffiliation"
value ="eduPersonAffiliation" />
< entry key ="groupMembership" value ="groupMembership" />
</ map >
</ property >
</ bean >
class ="com.jihong.services.persondir.support.ldap.LdapPersonAttributeDao" >
< property name ="baseDN" value ="OU=单位,O=TJJU" />
< property name ="query" value ="(uid={0})" />
< property name ="contextSource" ref ="contextSource" />
< property name ="ldapAttributesToPortalAttributes" >
< map >
< entry key ="cn" value ="Name" />
< entry value ="Telephone" key ="telephoneNumber" />
< entry value ="Full Name" key ="fullName" />
< entry value ="Email" key ="mail" />
< entry key ="eduPersonAffiliation"
value ="eduPersonAffiliation" />
< entry key ="groupMembership" value ="groupMembership" />
</ map >
</ property >
</ bean >