superalsrk/config.md

## config.md

      
    Raw
  

              config.md
            
          
    CAS设置无HTTPS认证

cas-server-webapp-4.0.0.war 是要部署在认证服务器的项目，默认只支持https，经过如下步骤
可以使得cas支持普通的http请求

修改 /WEB-INF/deployerConfigContext.xml

<bean class="org.jasig.cas.authentication.handler.support
	.HttpBasedServiceCredentialsAuthenticationHandler" 
	p:httpClient-ref="httpClient"  p:requireSecure="false"/> 
增加参数 p:requireSecure="false"，是否需要安全验证，即HTTPS，false为不采用

修改 /WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml

<bean id="ticketGrantingTicketCookieGenerator" 
      class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"  
	  p:cookieSecure="false" 
	  p:cookieMaxAge="-1"  
	  p:cookieName="CASTGC"  
	  p:cookiePath="/cas" />
参数p:cookieSecure="true"，TRUE为采用HTTPS验证，与deployerConfigContext.xml的参数保持一致。
参数p:cookieMaxAge="-1"，简单说是COOKIE的最大生命周期，-1为无生命周期，即只在当前打开的IE窗口有效，IE关闭或重新打开其它窗口，仍会要求验证。可以根据需要修改为大于0的数字，比如3600等，意思是在3600秒内，打开任意IE窗口，都不需要验证。

修改 /WEB-INF/spring-configuration/warnCookieGenerator.xml

<bean id="warnCookieGenerator" 
	  class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"  
	  p:cookieSecure="true" 
	  p:cookieMaxAge="-1"   
	  p:cookieName="CASPRIVACY" 
	  p:cookiePath="/cas" />
更改 cookieSecure="true"
注意:即使更改ok后，cas的页面还是提示不安全请求不能使用，这个不用考虑，cas登录界面可以换成自定义的
测试时： 用户名密码为  admin：admin， 默认的认证策略时用户名密码相同就通过验证
下载列表： http://downloads.jasig.org/cas/ 我用的版本是 	cas-server-3.5.2.1-release.tar.gz， 4.0各种问题
文档wiki： https://wiki.jasig.org/display/CASUM/Building+and+Deploying
http://jasig.github.io/cas/4.0.0/index.html
我的测试地址： cas.selfcloud.info:8080
cas退出问题

  
## pom.xml

<?xml version="1.0"?>
<project
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"
	xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.stackbox.security.examples</groupId>
		<artifactId>project</artifactId>
		<version>0.0.1-SNAPSHOT</version>
	</parent>
	<artifactId>basic-cas</artifactId>
	<packaging>war</packaging>

	<name>basic cas web app</name>
	<url>http://maven.apache.org</url>
	<dependencies>
		<dependency>
			<groupId>junit</groupId>
			<artifactId>junit</artifactId>
			<version>4.8.1</version>
			<scope>test</scope>
		</dependency>

		<dependency>
			<groupId>org.jasig.cas</groupId>
			<artifactId>cas-client-core</artifactId>
			<version>3.1.10</version>
			<exclusions>
				<exclusion>
					<artifactId>servlet-api</artifactId>
					<groupId>javax.servlet</groupId>
				</exclusion>
			</exclusions>
		</dependency>


	</dependencies>
	<build>
		<finalName>basic-cas</finalName>
	</build>
</project>

## web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0"
       xmlns="http://java.sun.com/xml/ns/javaee"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
       http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
	<display-name>Archetype Created Web Application</display-name>

	<!-- 与CAS Single Sign Out Filter配合，注销登录信息 -->

	<listener>
		<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
	</listener>


	<!-- CAS Server 通知 CAS Client，删除session,注销登录信息 -->
	<filter>
		<filter-name>CAS Single Sign Out Filter</filter-name>
		<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>CAS Single Sign Out Filter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<!-- 登录认证，未登录用户导向CAS Server进行认证 -->
	<filter>
		<filter-name>CAS Filter</filter-name>
		<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
		<init-param>
			<param-name>casServerLoginUrl</param-name>
			<param-value>http://cas.stackbox.cn:8080/login</param-value>
		</init-param>
		<init-param>
			<param-name>serverName</param-name>
			<param-value>http://localhost:8080</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>CAS Filter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<!-- CAS Client向CAS Server进行ticket验证 -->
	<filter>
		<filter-name>CAS Validation Filter</filter-name>
		<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
		<init-param>
			<param-name>casServerUrlPrefix</param-name>
			<param-value>http://cas.stackbox.cn:8080</param-value>
		</init-param>
		<init-param>
			<param-name>serverName</param-name>
			<param-value>http://localhost:8080</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>CAS Validation Filter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<!-- 封装request, 支持getUserPrincipal等方法 -->
	<filter>
		<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
		<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<!-- 存放Assertion到ThreadLocal中 -->
	<filter>
		<filter-name>CAS Assertion Thread Local Filter</filter-name>
		<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>CAS Assertion Thread Local Filter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

</web-app>

	<?xml version="1.0"?>
	<project
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"
	xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
	<modelVersion>4.0.0</modelVersion>
	<parent>
	<groupId>org.stackbox.security.examples</groupId>
	<artifactId>project</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	</parent>
	<artifactId>basic-cas</artifactId>
	<packaging>war</packaging>

	<name>basic cas web app</name>
	<url>http://maven.apache.org</url>
	<dependencies>
	<dependency>
	<groupId>junit</groupId>
	<artifactId>junit</artifactId>
	<version>4.8.1</version>
	<scope>test</scope>
	</dependency>

	<dependency>
	<groupId>org.jasig.cas</groupId>
	<artifactId>cas-client-core</artifactId>
	<version>3.1.10</version>
	<exclusions>
	<exclusion>
	<artifactId>servlet-api</artifactId>
	<groupId>javax.servlet</groupId>
	</exclusion>
	</exclusions>
	</dependency>


	</dependencies>
	<build>
	<finalName>basic-cas</finalName>
	</build>
	</project>
	<?xml version="1.0" encoding="UTF-8"?>
	<web-app version="3.0"
	xmlns="http://java.sun.com/xml/ns/javaee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
	http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
	<display-name>Archetype Created Web Application</display-name>

	<!-- 与CAS Single Sign Out Filter配合，注销登录信息 -->

	<listener>
	<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
	</listener>





	<!-- CAS Server 通知 CAS Client，删除session,注销登录信息 -->
	<filter>
	<filter-name>CAS Single Sign Out Filter</filter-name>
	<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
	</filter>
	<filter-mapping>
	<filter-name>CAS Single Sign Out Filter</filter-name>
	<url-pattern>/*</url-pattern>
	</filter-mapping>

	<!-- 登录认证，未登录用户导向CAS Server进行认证 -->
	<filter>
	<filter-name>CAS Filter</filter-name>
	<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
	<init-param>
	<param-name>casServerLoginUrl</param-name>
	<param-value>http://cas.stackbox.cn:8080/login</param-value>
	</init-param>
	<init-param>
	<param-name>serverName</param-name>
	<param-value>http://localhost:8080</param-value>
	</init-param>
	</filter>
	<filter-mapping>
	<filter-name>CAS Filter</filter-name>
	<url-pattern>/*</url-pattern>
	</filter-mapping>

	<!-- CAS Client向CAS Server进行ticket验证 -->
	<filter>
	<filter-name>CAS Validation Filter</filter-name>
	<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
	<init-param>
	<param-name>casServerUrlPrefix</param-name>
	<param-value>http://cas.stackbox.cn:8080</param-value>
	</init-param>
	<init-param>
	<param-name>serverName</param-name>
	<param-value>http://localhost:8080</param-value>
	</init-param>
	</filter>
	<filter-mapping>
	<filter-name>CAS Validation Filter</filter-name>
	<url-pattern>/*</url-pattern>
	</filter-mapping>

	<!-- 封装request, 支持getUserPrincipal等方法 -->
	<filter>
	<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
	<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
	</filter>
	<filter-mapping>
	<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
	<url-pattern>/*</url-pattern>
	</filter-mapping>

	<!-- 存放Assertion到ThreadLocal中 -->
	<filter>
	<filter-name>CAS Assertion Thread Local Filter</filter-name>
	<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
	</filter>
	<filter-mapping>
	<filter-name>CAS Assertion Thread Local Filter</filter-name>
	<url-pattern>/*</url-pattern>
	</filter-mapping>

	</web-app>