portal of the SSO to develop documentation
Posted on 2009-03-23 filed under: Development (RSS) 187 views
Portal portal in order to meet with the various subsystems of the demand for a unified sign, thus the use of CAS for SSO Single Sign-profile development.
Development Resources
The development of the resources used in the version of the following description, by use of different versions of configuration methods and the development of these different, please note the corresponding version number.
Liferay portal 4.3.0 | |
liferay-portal-cas-web-4.3.0.war | |
cas-server-3.0.5.zip | http://www.ja-sig.org/products/cas/ |
cas-client-java-2.1.1.zip | http://www.ja-sig.org/products/cas/ |
Environmental requirements
JDK 1.4.2 |
Websphere6.0.2.15 |
Development using Liferay portal 4.3.0 portal platform framework, a test environment using Liferay bundled tomacat5.X + JDK1.4, from
Single point of landing Services client to use integrated Liferay liferay-portal-cas-web-4.3.0.war configure CAS to use the integrated version of cas-server-3.0.5.jar, client-side use of CAS Client2.11 ; relevant information can view the document Related documentation.
CAS-SERVER
CAS are Yale University, ITS developed a JAVA open-source implementation of the SSO service. The service is based on a java web app (eg: cas.war) to the Service, use when necessary will be issued to a cas.war compatible servlet2.3 server and the server needs to support SSL, the need to use the service other server (client), configuration corresponding to fitle achieve SSO.
In the liferay portal projects, using their own integrated liferay-portal-cas-web-4.3.0.war, also available at the official site cas download the corresponding source cas-server-3.0.5.zip modify!
CAS WEB application
Projects at lifreay download liferay-portal-cas-web-4.3.0.war, which integrates the SSO Single Sign-development method.
Will project into the development of secondary eclipse.
Liferay portal for the use of CAS Server configuration, its configuration Ways at Liferay official document has detailed instructions:
1, download Liferay-portal-cas-4.3.x.war; download Address
2, and the war changed its name to download cas.war, posted to tomcat under the relevant settings. Specific dissemination methods need to be digitally signed and tomcat configuration work environment.
Page modified
Ø CAS sinicized transformation:
Src at the properties to use eclipse plugin Translation messages.properties, such as:
screen.welcome.welcome = welcome you to enter the platform PORTAL
Ø CAS modified pages:
Log in log out of the basic layout of the page and transformed to fit the needs of the information platform, specifically the transformation of the main page include:
"cas" WEB-INF "view" jsp "default" ui "casLoginView.jsp - Sign In Page
"cas" WEB-INF "view" jsp "default" ui "casLogoutView.jsp - Logout page
"cas" WEB-INF "view" jsp "default" ui "casLogoutView.jsp - Logout page
"cas" WEB-INF "view" jsp "default" ui "casGenericSuccess.jsp - recorded in the success of the page
"cas" WEB-INF "view" jsp "default" ui "includes" top.jsp - contains the header files
"cas" WEB-INF "view" jsp "default" ui "includes" bottom.jsp - a document that contains the first foot
Authorized the transformation of
CAS with common Web authentication and authorization system integration, an additional authorization java file, the file inheritance AbstractUsernamePasswordAuthenticationHandler, and verify it.
1, in the src increase DBHandlers.java
DBHandlers
package com.yitong.cas.auth.provider;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.sql.DataSource;
import org.apache.log4j.Logger;
import org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
/**
* @author soju
* @version 1.0
*
*/
public final class DBHandlers extends
AbstractUsernamePasswordAuthenticationHandler {
private Logger log = Logger.getLogger(DBHandlers.class);
/**
* 相关的数据库配置DS对应的jndi
*/
private String _jndi = "lportal";
public boolean authenticateUsernamePasswordInternal(
final UsernamePasswordCredentials credentials) {
String username = credentials.getUsername();
String password = credentials.getPassword();
log.info("username:" + username);
log.info("password:" + password);
try {
password = Security.encryptMD5(password);
log.debug("md5password" + password);
} catch (Exception e) {
log.warn("MD5加密出错", e);
throw new Exception("MD5加密出错");
return false;
}
try {
if (checkuser(username, password) == 1) {
getLog().info("认证成功!");
return true;
}
} catch (Exception e) {
log.warn("failed authentication", e);
}
return false;
}
private int checkuser(String user, String pwd) throws Exception {
int ok= 0;
Context initCtx = new InitialContext();
DataSource ds = (DataSource) initCtx.lookup(_jndi);
Connection conn = ds.getConnection();
String sql = "select * from user_ where screenname='"+ user + "' and password_='" + pwd + "' ";
log.info("sql= " + sql);
Statement st = conn.createStatement();
ResultSet rs = st.executeQuery(sql);
log.info("登录成功!");
if (rs.next()) {
Ok=1;
} else {
log.info("帐号不存在或密码错误!");
}
conn.close();
return rei;
}
protected void afterPropertiesSetInternal() throws Exception {
super.afterPropertiesSetInternal();
}
}
CAS-CLIENT
Configuration requirements
CAS client can have a very wide range, because the result of authentication is based on XML format of the return, and would thus be in accordance with
Required its own implementation of a client.
The development of the necessary configuration package, pay attention to the version problem, because the client version of the development of different
Package names | Description |
spring-mock.jar | |
jwebunit-1.3.zip | |
httpunit-1.6.2.zip | |
junit-4.4.zip |
Code to configure one, modify the code SecureURL.java, because the digital signature can only use the domain name only, and should not, such as IP are in lieu of, the code amended to read as follows
edu.yale.its.tp.cas.util
/ / URLConnection uc = u.openConnection (); / ** * @ Sojust * Hostname because the domain name only, and should not, such as IP are masked on the hostname of the checksum * Http://forum.java.sun.com/thread.jspa?threadID=521779 * Begin * / HostnameVerifier hv = new HostnameVerifier () ( public boolean verify (String urlHostName, SSLSession session) ( System.out.println ( "Warning: URL Host:" + urlHostName + "vs." + Session.getPeerHost ()); return true; ) ); HttpsURLConnection.setDefaultHostnameVerifier (hv); HttpsURLConnection uc = (javax.net.ssl.HttpsURLConnection) u.openConnection (); / / end |
2, modify Build.xml, the code package releases
<target name="deploy"> <mkdir dir="build"/> <mkdir dir="build/META-INF"/> <javac srcdir = "src" destdir = "build" deprecation = "false" classpathref = "project.classpath" /> <copy todir="build/META-INF"> <fileset dir="conf"> <include name="*"/> </ fileset> </ copy> <jar jarfile="lib/casclient.jar" basedir="build"/> </ target> <path> <path refid="lib.classpath" /> </ path> <path> <fileset dir="lib" includes="*.jar" /> </ path> |
PORTAL platform access
Resources introduction
Sso a Liferay portal as a client, use the Liferay-portal-cas-4.3.x.war relatively brief introduction to configure, especially the 4.0 version of the configuration, its officials have detailed instructions online introduction:
Code configuration
Modify portal-ext.properties, if the system does not then create a portal-ext.properties; open the portal-ext.properties and add the following code:
cas.auth.enabled = true cas.login.url = https: / / server IP: port / cas / login cas.logout.url = https: / / server IP: port / cas / logout cas.service.url = http:// client IP: port / portal / c / portal / login cas.validate.url = https: / / server IP: port / cas / proxyValidate |
Configuration is completed, the test client's portal, log in http:// client IP: port / portal / c / portal / login
(My projects to increase / portal project name), the system will automatically jump to sign SSO interface, log in Jump Back to client after the portal. Login successful!
Other systems access
Subsystem configuration
Other customer access terminal system is required to be provided by casclient.jar package baked into the application "WEB-INF" lib under, and associated configuration.
web.xml configuration
Wab added at CASFilter, set the filter Jump!
<! - CAS Filters -> <filter> <filter-name> CASFilter </ filter-name> <filter-class> edu.yale.its.tp.cas.client.filter.CASFilter </ filter-class> <init-param> <param-name> edu.yale.its.tp.cas.client.filter.loginUrl </ param-name> <param-value> https: / / server IP: port / cas / login </ param-value> </ init-param> <! - Here are the server-side Service IP -> <init-param> <param-name> edu.yale.its.tp.cas.client.filter.validateUrl </ param-name> <param-value> https: / / server IP: port / cas / proxyValidate </
CommentsComment gzcj
Search this blogRecent visitorsdlboy chenguangwei naoshen2002 zhangyh1985 >> More Visitors Blog Categories
My Guestbook>> More Guest Book
Other classification
Recently joined the circle of
Archive
Latest Comments
Comments list
Statement: JavaEye article copyright belong to the author, are protected by law. Without the written permission of the author may not be reproduced. If the consent of the author are reproduced, it is necessary to identify the article hyperlink form original source and authors. © 2003-2009 JavaEye.com. All rights reserved. Shanghai jiong resistant computer software有限公司[沪ICP备05023328号] |