Junky's IT Notebook

          統計

          留言簿(8)

          積分與排名

          WebSphere Studio

          閱讀排行榜

          評論排行榜

          CAS中使用自己的Credentials(轉)

          Yale CAS 3.1
          下載: http://www.ja-sig.org/products/cas/index.html

          1. 修改authenticationViaFormAction以使用自己的Credentials

          默認的org.jasig.cas.authentication.principal.UsernamePasswordCredentials只記錄用戶名和密碼,在擴展一些屬性如驗證碼時使用用自己的Credentials類替換

          cas-servlet.xml:
          <bean id="authenticationViaFormAction" class="org.jasig.cas.web.flow.AuthenticationViaFormAction"
             p:centralAuthenticationService-ref="centralAuthenticationService"
             p:warnCookieGenerator-ref="warnCookieGenerator"
             p:formObjectName="credentials"
             p:formObjectClass="com.nlcd.cas.authentication.principal.EcardCredentials">
                <property name="validator">  
                    <bean class="com.nlcd.cas.validation.EcardCredentialsValidator"/>
                </property>
          </bean>

          EcardCredentialsValidator:
          import org.springframework.validation.Errors;
          import org.springframework.validation.ValidationUtils;
          import org.springframework.validation.Validator;
          import com.nlcd.cas.authentication.principal.EcardCredentials;

          public final class EcardCredentialsValidator implements Validator {

               public boolean supports(final Class clazz) {
                   return EcardCredentials.class.isAssignableFrom(clazz);
               }

               public void validate(final Object o, final Errors errors) {
                   ValidationUtils.rejectIfEmptyOrWhitespace(errors, "username",
                       "required.username", null);
                   ValidationUtils.rejectIfEmptyOrWhitespace(errors, "password",
                       "required.password", null);
               }
          }

          EcardCredentials: (加入一個idtype屬性)
          import org.jasig.cas.authentication.principal.Credentials;

          public class EcardCredentials implements Credentials {

          /** Unique ID for serialization. */
          private static final long serialVersionUID = -7863273946921255486L;

          private String idtype;

          /** The username. */
               private String username;

               /** The password. */
               private String password;

               public String getIdtype() {
             return idtype;
          }

          public void setIdtype(String idtype) {
             this.idtype = idtype;
          }

          /**
                * @return Returns the password.
                */
               public final String getPassword() {
                   return this.password;
               }

               /**
                * @param password The password to set.
                */
               public final void setPassword(final String password) {
                   this.password = password;
               }

               /**
                * @return Returns the userName.
                */
               public final String getUsername() {
                   return this.username;
               }

               /**
                * @param userName The userName to set.
                */
               public final void setUsername(final String userName) {
                   this.username = userName;
               }

               public String toString() {
                   return this.username;
               }

               public boolean equals(final Object obj) {
                   if (obj == null || !obj.getClass().equals(this.getClass())) {
                       return false;
                   }

                   final EcardCredentials c = (EcardCredentials) obj;

                   return this.idtype.equals(c.getIdtype()) && this.username.equals(c.getUsername())
                       && this.password.equals(c.getPassword());
               }

               public int hashCode() {
                   return this.idtype.hashCode() ^ this.username.hashCode() ^ this.password.hashCode();
               }
          }

          2. 部署自己的authenticationHandlers

          deployerConfigContext.xml:
          <property name="credentialsToPrincipalResolvers">
              <list>
               <bean
                class="com.nlcd.cas.authentication.principal.EcardCredentialsToPrincipalResolver" />
               <bean
                class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
              </list>
             </property>

             <property name="authenticationHandlers">
              <list>
               <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
                p:httpClient-ref="httpClient" />
               <bean
                class="com.nlcd.cas.authentication.handler.support.EcardAuthenticationHandler" />
              </list>
             </property>

          EcardCredentialsToPrincipalResolver:
          import org.apache.commons.logging.Log;
          import org.apache.commons.logging.LogFactory;
          import org.jasig.cas.authentication.principal.CredentialsToPrincipalResolver;
          import org.jasig.cas.authentication.principal.Credentials;
          import org.jasig.cas.authentication.principal.Principal;
          import org.jasig.cas.authentication.principal.SimplePrincipal;

          public final class EcardCredentialsToPrincipalResolver implements
               CredentialsToPrincipalResolver {

               /** Logging instance. */
               private final Log log = LogFactory.getLog(getClass());

               public Principal resolvePrincipal(final Credentials credentials) {
                   final EcardCredentials ecardCredentials = (EcardCredentials) credentials;

                   if (log.isDebugEnabled()) {
                       log.debug("Creating SimplePrincipal for ["
                           + ecardCredentials.getUsername() + "]");
                   }

                   return new SimplePrincipal(ecardCredentials.getUsername());
               }

               public boolean supports(final Credentials credentials) {
                   return credentials != null
                       && EcardCredentials.class.isAssignableFrom(credentials
                           .getClass());
               }
          }

          EcardAuthenticationHandler:
          import org.jasig.cas.authentication.handler.AuthenticationException;
          import org.jasig.cas.authentication.handler.AuthenticationHandler;
          import org.jasig.cas.authentication.principal.Credentials;
          import org.jasig.cas.util.annotation.NotNull;
          import com.nlcd.cas.authentication.principal.EcardCredentials;

          public final class EcardAuthenticationHandler implements AuthenticationHandler {

          private static final Class<EcardCredentials> DEFAULT_CLASS = EcardCredentials.class;

          /** Class that this instance will support. */
          @NotNull
          private Class<?> classToSupport = DEFAULT_CLASS;

          private boolean supportSubClasses = true;

          public EcardAuthenticationHandler() {
          }

          public final boolean authenticate(final Credentials credentials)
              throws AuthenticationException {
             //TODO: your code here
             return true;
          }

          public final boolean supports(final Credentials credentials) {
             return credentials != null
               && (this.classToSupport.equals(credentials.getClass()) || (this.classToSupport
                 .isAssignableFrom(credentials.getClass()))
                 && this.supportSubClasses);
          }
          }

          3. 配置Tomcat使用SSL安全認證

          生成服務器端密鑰:
          keytool -genkey -alias nlcdcas -keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore
          您的名字與姓氏是什么?
            [192.168.61.56]:  192.168.61.56
          您的組織單位名稱是什么?
            [nlce]:  nlcd
          您的組織名稱是什么?
            [Unknown]:  nlcd
          您所在的城市或區域名稱是什么?
            [Unknown]:  beijing
          您所在的州或省份名稱是什么?
            [Unknown]:  beijing
          該單位的兩字母國家代碼是什么
            [Unknown]:  cn
          CN=192.168.61.56, OU=nlcd, O=nlcd, L=beijing, ST=beijing, C=cn 正確嗎?
            [否]:  y

          生成服務器端證書:
          keytool -export -alias nlcdcas -storepass changeit -file server.cer -keystore server.keystore

          導入證書文件到cacerts 文件中:
          keytool -import -trustcacerts -alias server -file server.cer -keystore cacerts -storepass changeit

          cacerts文件,拷貝到<JAVA_HOME>\jre\lib\security目錄下;server.keystore拷貝到Tomcat安裝目錄下

          修改Tomcat的配置文件server.xml把以下補注釋的內容打開

          <Connector port="8443" maxHttpHeaderSize="8192"

                         maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

                         enableLookups="false" disableUploadTimeout="true"

                         acceptCount="100" scheme="https" secure="true"

                         clientAuth="false" sslProtocol="TLS" />

          加入紅字部份后的內容如下:

                   <Connector port="8443" maxHttpHeaderSize="8192"

          keystorePass="changeit" keystoreFile="/server.keystore"

                         maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

                         enableLookups="false" disableUploadTimeout="true"

                         acceptCount="100" scheme="https" secure="true"

                         clientAuth="false" sslProtocol="TLS" />

          posted on 2007-08-20 13:58 junky 閱讀(3570) 評論(1)  編輯  收藏 所屬分類: security

          評論

          # re: CAS中使用自己的Credentials(轉) 2008-05-04 19:56 guest

          那么在哪里獲取session里存儲的驗證碼呢?  回復  更多評論   

          主站蜘蛛池模板: 阳信县| 东宁县| 渝中区| 自贡市| 淮南市| 平利县| 武清区| 蛟河市| 平定县| 福建省| 涡阳县| 高阳县| 甘孜| 山阳县| 富蕴县| 綦江县| 即墨市| 南投县| 宁南县| 桦甸市| 梧州市| 塘沽区| 夏邑县| 加查县| 巩留县| 定陶县| 湘潭市| 大竹县| 德阳市| 吐鲁番市| 宁城县| 海门市| 淮北市| 双城市| 商都县| 大连市| 邯郸县| 石屏县| 南昌县| 农安县| 永德县|