- 浏览: 913781 次
- 性别:
- 来自: 宁波
文章分类
最新评论
-
masuweng:
不错!!!!!
自定义表单的设计与实现 -
xhackertxl:
注意将jstock cvs下来后去掉原先的J2SE 1.6li ...
开源项目推荐 — 股票分析软件JStock -
luoyexiaozhu:
最近在学表单这一块,没有思路,能发给我一份学习一下吗86239 ...
WEB项目中自定义表单的设计与实现 -
volunteer521:
楼主,以下的引用类没有对应的jar包,麻烦共享以下,谢谢!im ...
通用数据抽取系统 -
baichixiaozi:
体验下,谢谢分享
原创简化Web开发的框架 - JSPTagEx
在做SOA项目或者单点登录的时候,用户目录往往都是通过LDAP来完成的,那么CAS与LDAP整合的问题是必须要做的,这里采用OpenLDAP和CAS来记录一下自己的配置过程
- 下载CAS Server
- 下载CAS Client
- 下载OpenLDAP
都安装完成配置完成后,下面做CAS+OpenLDAP整合(至于配置过程,见我的另一篇博客文章:【推荐】单点登录的实现 ),在cas的web项目下打开:deployerConfigContext.xml,配置文件修改如下:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> <!-- | deployerConfigContext.xml centralizes into one file some of the declarative configuration that | all CAS deployers will need to modify. | | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment. | The beans declared in this file are instantiated at context initialization time by the Spring | ContextLoaderListener declared in web.xml. It finds this file because this | file is among those declared in the context parameter "contextConfigLocation". | | By far the most common change you will need to make in this file is to change the last bean | declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with | one implementing your approach for authenticating usernames and passwords. +--> <beans> <!-- | This bean declares our AuthenticationManager. The CentralAuthenticationService service bean | declared in applicationContext.xml picks up this AuthenticationManager by reference to its id, | "authenticationManager". Most deployers will be able to use the default AuthenticationManager | implementation and so do not need to change the class of this bean. We include the whole | AuthenticationManager here in the userConfigContext.xml so that you can see the things you will | need to change in context. +--> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <!-- | This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate. | The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which | supports the presented credentials. | | AuthenticationManagerImpl uses these resolvers for two purposes. First, it uses them to identify the Principal | attempting to authenticate to CAS /login . In the default configuration, it is the DefaultCredentialsToPrincipalResolver | that fills this role. If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are | using. | | Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket. | In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose. | You will need to change this list if you are identifying services by something more or other than their callback URL. +--> <property name="credentialsToPrincipalResolvers"> <list> <!-- | UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login | by default and produces SimplePrincipal instances conveying the username from the credentials. | | If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also | need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the | Credentials you are using. +--> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> <!-- | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials. It supports the CAS 2.0 approach of | authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a | SimpleService identified by that callback URL. | | If you are representing services by something more or other than an HTTPS URL whereat they are able to | receive a proxy callback, you will need to change this bean declaration (or add additional declarations). +--> <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> </list> </property> <!-- | Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate, | AuthenticationHandlers actually authenticate credentials. Here we declare the AuthenticationHandlers that | authenticate the Principals that the CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn | until it finds one that both supports the Credentials presented and succeeds in authenticating. +--> <property name="authenticationHandlers"> <list> <!-- | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating | a server side SSL certificate. +--> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" /> <!-- | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your | local authentication strategy. You might accomplish this by coding a new such handler and declaring | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules. +--> <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> <property name="filter" value="uid=%u" /> <property name="searchBase" value="o=nbpt,c=cn" /> <property name="contextSource" ref="contextSource" /> </bean> </list> </property> </bean> <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> <property name="anonymousReadOnly" value="false" /> <property name="password" value="password" /> <property name="pooled" value="true" /> <property name="urls"> <list> <value>ldap://localhost:389/</value> </list> </property> <property name="userName" value="cn=manager,o=nbpt,c=cn" /> <property name="baseEnvironmentProperties"> <map> <entry> <key><value>java.naming.security.protocol</value></key> <value>none</value> </entry> <entry> <key><value>java.naming.security.authentication</value></key> <value>simple</value> </entry> </map> </property> </bean> <!-- This bean defines the security roles for the Services Management application. Simple deployments can use the in-memory version. More robust deployments will want to use another option, such as the Jdbc version. The name of this should remain "userDetailsService" in order for Acegi to find it. To use this, you should add an entry similar to the following between the two value tags: battags=notused,ROLE_ADMIN where battags is the username you want to grant access to. You can put one entry per line. --> <bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl"> <property name="userMap"> <value> </value> </property> </bean> <!-- Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation may go against a database or LDAP server. The id should remain "attributeRepository" though. --> <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"> <property name="backingMap"> <map> <entry key="uid" value="uid" /> <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> <entry key="groupMembership" value="groupMembership" /> </map> </property> </bean> <!-- Sample, in-memory data store for the ServiceRegistry. A real implementation would probably want to replace this with the JPA-backed ServiceRegistry DAO The name of this bean should remain "serviceRegistryDao". --> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" /> </beans>
在当前Web项目lib目录下cas-server-support-ldap-3.3.jar,spring-ldap-1.2.1.jar即可
我测试机器上LDAP数据如下:
其中LDAP中有一个用户名cxlh,密码为123的记录,那么在CAS登陆口输入cxlh/123,则转向登录成功页,如下图:
到此为止,配置完成!
评论
10 楼
grandboy
2009-05-20
kiol 写道
CAS能获取用户信息吗?
比如姓名,邮箱之类的?
比如姓名,邮箱之类的?
默认只有用户名,如果想要其他的信息,就得用这个用户名去取一次,或者自己修改源码.
9 楼
yujiaao
2009-02-01
再补充一点
对应的端口为389,如果
<key><value>java.naming.security.protocol</value></key> <value>none</value>
对应的端口为389,如果
<key><value>java.naming.security.protocol</value></key> <value>ssl</value>则端口应为636
8 楼
yujiaao
2009-02-01
<bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> <property name="anonymousReadOnly" value="false" /> <property name="password" value="password" /> <property name="pooled" value="true" /> <property name="urls"> <list> <value>ldap://localhost:389/</value> </list> </property> <!--property name="userName" value="cn=manager,o=nbpt,c=cn" /--> <!-- 如果您用的较新的版本,这里应该用的是userDn,而不是userName --> <property name="userDn" value="cn=manager,o=nbpt,c=cn" /> <property name="baseEnvironmentProperties"> <map> <entry> <key><value>java.naming.security.protocol</value></key> <value>none</value> </entry> <entry> <key><value>java.naming.security.authentication</value></key> <value>simple</value> </entry> </map> </property> </bean>
7 楼
yujiaao
2009-02-01
楼主原文也有,但我一开始没有看明白
这两个JAR包分别来自 cas-server 和 spring-ldap
引用
在当前Web项目lib目录下cas-server-support-ldap-3.3.jar,spring-ldap-1.2.1.jar即可
这两个JAR包分别来自 cas-server 和 spring-ldap
6 楼
yujiaao
2009-02-01
在整合时,除了原有LIB下的JAR包外,还需要增加两个
==================== D:\tomcat6\webapps\cas\WEB-INF\lib =====================
|n 名称 | 名称 |
|.. |spring-context-2.5.6.jar |
|antlr-2.7.6.jar |spring-context-support-2.5.6.jar |
|aopalliance-1.0.jar |spring-core-2.5.6.jar |
|asm-1.5.3.jar |spring-ldap-1.3.0.RELEASE-all.jar |
|asm-attrs-1.5.3.jar |spring-orm-2.5.6.jar |
|aspectjrt-1.5.3.jar |spring-security-cas-client-2.0.3.jar |
|aspectjweaver-1.5.3.jar |spring-security-core-2.0.3.jar |
|cas-client-core-3.1.3.jar |spring-tx-2.5.6.jar |
|cas-server-core-3.3.1.jar |spring-web-2.5.6.jar |
|cas-server-support-ldap-3.3.1.jar |spring-webflow-1.0.5.jar |
|cglib-2.1_3.jar |spring-webmvc-2.5.6.jar |
|commons-codec-1.3.jar |standard-1.1.2.jar |
|commons-collections-3.2.jar |xmldsig-1.0.jar |
|commons-lang-2.2.jar |xmlsec-1.4.0.jar |
|commons-logging-1.1.jar | |
|dom4j-1.6.1.jar | |
|ehcache-1.2.3.jar | |
|ejb3-persistence-1.0.1.GA.jar | |
|hibernate-3.2.6.ga.jar | |
|hibernate-annotations-3.3.1.GA.jar | |
|hibernate-commons-annotations-3.0.0.ga} |
|inspektr-core-0.7.0.jar | |
|jdom-1.0.jar | |
|jstl-1.1.2.jar | |
|jta-1.0.1B.jar | |
|log4j-1.2.15.jar | |
|ognl-2.6.9.jar | |
|opensaml-1.1b.jar | |
|persistence-api-1.0.jar | |
|person-directory-api-1.1.2.jar | |
|person-directory-impl-1.1.2.jar | |
|quartz-1.5.2.jar | |
|spring-aop-2.5.6.jar | |
|spring-beans-2.5.6.jar | |
|spring-binding-1.0.5.jar | |
|------------------------- 275,438 bytes in 2 files --------------------------|
5 楼
wangchao_17915566
2009-01-13
能说说整合的原因嘛?以及整合后如何使用?
4 楼
chenlm2004
2008-11-23
我配置好deployerConfigContext.xml后,启动tomcat老报错
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'centralAuthenticationService' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Can't resolve reference to bean 'authenticationManager' while setting property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Can't resolve reference to bean 'contextSource' while setting property 'contextSource'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'contextSource' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Initialization of bean failed; nested exception is java.lang.NoSuchMethodError: org.apache.commons.lang.ArrayUtils.isEmpty([Ljava/lang/Object;)Z
会是什么原因,,楼主指点
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'centralAuthenticationService' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Can't resolve reference to bean 'authenticationManager' while setting property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Can't resolve reference to bean 'contextSource' while setting property 'contextSource'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'contextSource' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Initialization of bean failed; nested exception is java.lang.NoSuchMethodError: org.apache.commons.lang.ArrayUtils.isEmpty([Ljava/lang/Object;)Z
会是什么原因,,楼主指点
3 楼
DreamOne
2008-10-27
对于初学者是个不错的实例
2 楼
bease
2008-10-26
陈年烂谷,
1 楼
zhouzhao21
2008-10-23
学习了,谢谢
发表评论
-
新个税改革,看看您每月到手钱少了还是多了计算器
2018-08-29 10:04 553背景:国家重拳整治 ... -
新个税计算器,看看每月到手钱多了还是少了
2018-08-29 10:01 0背景:国家重拳整治社保,将社保缴费交给税务局监管,预期会大 ... -
计算机视觉识别汽车花草人脸颜值
2018-05-29 09:09 1352目前人工智能技术已 ... -
计算机视觉识别汽车花草人脸颜值
2018-05-29 09:03 3目前人工智能技术已 ... -
基于Vue2的在线出试卷小系统,开源已发布
2017-11-15 20:17 1685需要出一份在线面试的小系统,找了一圈,好像没有开源实现,基 ... -
小团队管理微信小程序开源啦~
2017-08-16 13:18 1625项目概述:方便打理 ... -
自定义表单的设计与实现
2017-06-13 17:46 8190制作调查表或企业内部系统的时候,经常被一系列表单弄得焦头烂 ... -
微信小程序开发我遇到的一些坑和建议
2017-04-13 20:08 109小程序最近火了,所 ... -
微信小程序开发我碰到的坑
2017-04-13 20:02 4小程序最近火了,所以 ... -
利用JSPTagEx开发单页面Web程序(附源码)
2015-09-15 15:22 2593何为SPA:Web开发单页面,利用pushState技术实现 ... -
利用JSPTagEx开发单页面Web程序(附源码)
2015-09-15 14:59 1何为SPA:Web开发单页面,利用pushState技术实 ... -
简化移动端开发(NodeJs+Thrift+SocketIO+混编)
2015-08-05 17:16 145本文搭建一套基于Nodejs+SocketIO+Thrif ... -
利用原创框架封装后台管理组件
2015-06-19 18:02 200通过前几天编写的后台管理框架jsptagex我们已经能很快 ... -
原创简化Web开发的框架 - JSPTagEx
2015-06-12 12:53 4606在博客蛰伏了一年多,该写点东西了:) JSPTag ... -
原创Web框架 - JSPTagEx
2015-06-12 12:44 1在博客蛰伏了一年多,该写点东西了:) JSPTag ... -
桌面开发服务端混搭Java
2014-09-26 16:10 0本篇博客在原有GQT桌面项目的基础上,加入了服务端代码(C ... -
关于openfire负载均衡和扩展性的思考
2014-06-04 17:15 0解决并发用户过多 如果你的应用场景无需考虑每个注册用户都必 ... -
异构语言高可用性服务端的设计与实现
2014-05-30 16:01 2977本文的客户端基于我 ... -
也谈基于Web的含工作流项目的一般开发流程
2014-03-19 17:20 5744该项目包含的通用模块代码等我有时间一并剥离贡献出来(基于W ... -
高性能高可用的服务端研究之Req-Rep模式(附源码)
2014-03-04 10:01 5509最近在思考高可用的 ...
相关推荐
CAS整合LDAP实现单点登录的原理及部署学习笔记,cas实现单点登录,ldap负责账户管理
单点登录CAS与LDAP整合的实现.doc
介绍CAS和LDAP整合实现单点登录的步骤,详情见文章http://blog.csdn.net/tch918/article/details/38050835
单点登录CAS及LDAP整合的实现.doc
CAS整合LDAP实现单点登录学习笔记 包含所有过程。
CAS整合LDAP实现单点登录,对cas和ldap的整合登陆做了详细的解释
学习单点登录的好资料,其中用到的是CAS框架。对你学习单点登录很有帮助
在做SOA项目或者单点登录SSO的时候,用户目录往往都是通过LDAP来完成的,那么CAS与LDAP整合的问题是必须要做的,这里采用OpenLDAP和CAS来记录一下自己的配置过程
这是cas+ldap的完整demo,只需要将这个下载下来的demo解压缩,就可直接导入eclipse或者myeclipse中使用,只需要修改几个参数而已,详情请看博客: http://blog.csdn.net/danruoshui315/article/details/48001547
cas5.1.x overlay一体搭建服务端,使用docker搭建centos7部署ldap服务器,压缩包为配置完成的案例
主要包括cas服务器、cas客户端、安全证书、ldap用户认证的配置等等。学习单点登录必备
公司最近再开发一款OA产品,需要将CAS整合AD域实现免登陆。根据该文档,可以搭建初步环境。 but 最后的结果,这个方案太复杂了,公司妥协了,不需要免登陆,只需要CAS校验AD域。
Liferay是一个比较成熟和应用比较广泛的开源的门户平台,提供了很多现成的portlet应用,支持多种方式对应用系统的集成,并且支持对CAS、LDAP、OpenID、OpenSSO等认证系统的集成,本文将以CAS作为认证中心,以Liferay...
集中式认证系统(CAS,jasig组织开发的)主要用于实现单点登录。该系统常常要求连到一个集中式管理用户的LDAP服务器上。 本文描述了cas如何配置才能连上OpenLDAP。假设你的OpenLDAP已正确安装。文中的dc,读者可视...
一种基于CAS、Acegi和Ldap的SSO解决方案,邹祎祎,白中英,单点登录的英文名称为Single Sign-On,简写为SSO, 是目前比较流行的企业业务整合的解决方案之一,能方便用户和管理员,并且简化了应用��
随着信息化进一步发展,企业应用系统越来越多。...现,系统采用CAS实现统一用户认证,为用户登录多应用系统提供统一的入口,实现基于LDAP的人员组织 架构管理,并通过用户映射机制实现多应用系统的整合。
单点登录是企业业务整合比较流行解决方案,像多个系统使用同一个用户数据库的,并且这些系统需要相互信任时,此时使用单点登陆(SSO)是比较合适的。 #cas简介 CAS 是Yale(耶鲁)大学的一个开源的企业级单点登录系统...
LDAP(server-ldap) 三种 Authentication 。 实现了 Java(client-java), Spring(client-spring), Spring Security(client-spring-security) 三种客户端。 使用单机完成了三个客户端的 SSO 。 使用多机完成了三个...
LDAP和MS AD固定属性Constants SpringSecurity OAuth 2客户端登录适配 移除Desktop的支持,后续可以开发FormBase的适配器定制 application.properties profiles的优化,不同环境启动更加简单 删除maxkey.properties...