cas与ldap整合的实现 - 企业应用 - java - javaeye论坛(http-www-javaeye-com-topic-257036).mht
来自「在做SOA项目或者单点登录SSO的时候」· MHT 代码 · 共 1,517 行 · 第 1/5 页
MHT
1,517 行
<!--
| This is the List of CredentialToPrincipalResolvers that identify =
what Principal is trying to authenticate.
| The AuthenticationManagerImpl considers them in order, finding a =
CredentialToPrincipalResolver which=20
| supports the presented credentials.
|
| AuthenticationManagerImpl uses these resolvers for two purposes. =
First, it uses them to identify the Principal
| attempting to authenticate to CAS /login . In the default =
configuration, it is the DefaultCredentialsToPrincipalResolver
| that fills this role. If you are using some other kind of =
credentials than UsernamePasswordCredentials, you will need to replace
| DefaultCredentialsToPrincipalResolver with a =
CredentialsToPrincipalResolver that supports the credentials you are
| using.
|
| Second, AuthenticationManagerImpl uses these resolvers to identify =
a service requesting a proxy granting ticket.=20
| In the default configuration, it is the =
HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose. =
| You will need to change this list if you are identifying services =
by something more or other than their callback URL.
+-->
<property name=3D"credentialsToPrincipalResolvers">
<list>
<!--
| UsernamePasswordCredentialsToPrincipalResolver supports the =
UsernamePasswordCredentials that we use for /login=20
| by default and produces SimplePrincipal instances conveying the =
username from the credentials.
|=20
| If you've changed your LoginFormAction to use credentials other =
than UsernamePasswordCredentials then you will also
| need to change this bean declaration (or add additional =
declarations) to declare a CredentialsToPrincipalResolver that supports =
the
| Credentials you are using.
+-->
<bean
=
class=3D"org.jasig.cas.authentication.principal.UsernamePasswordCredentia=
lsToPrincipalResolver" />
<!--
| HttpBasedServiceCredentialsToPrincipalResolver supports =
HttpBasedCredentials. It supports the CAS 2.0 approach of
| authenticating services by SSL callback, extracting the callback =
URL from the Credentials and representing it as a
| SimpleService identified by that callback URL.
|
| If you are representing services by something more or other than =
an HTTPS URL whereat they are able to
| receive a proxy callback, you will need to change this bean =
declaration (or add additional declarations).
+-->
<bean
=
class=3D"org.jasig.cas.authentication.principal.HttpBasedServiceCredentia=
lsToPrincipalResolver" />
</list>
</property>
<!--
| Whereas CredentialsToPrincipalResolvers identify who it is some =
Credentials might authenticate,=20
| AuthenticationHandlers actually authenticate credentials. Here we =
declare the AuthenticationHandlers that
| authenticate the Principals that the =
CredentialsToPrincipalResolvers identified. CAS will try these handlers =
in turn
| until it finds one that both supports the Credentials presented and =
succeeds in authenticating.
+-->
<property name=3D"authenticationHandlers">
<list>
<!--
| This is the authentication handler that authenticates services by =
means of callback via SSL, thereby validating
| a server side SSL certificate.
+-->
<bean
=
class=3D"org.jasig.cas.authentication.handler.support.HttpBasedServiceCre=
dentialsAuthenticationHandler" />
<!--
| This is the authentication handler declaration that every CAS =
deployer will need to change before deploying CAS=20
| into production. The default =
SimpleTestUsernamePasswordAuthenticationHandler authenticates =
UsernamePasswordCredentials
| where the username equals the password. You will need to replace =
this with an AuthenticationHandler that implements your
| local authentication strategy. You might accomplish this by =
coding a new such handler and declaring
| edu.someschool.its.cas.MySpecialHandler here, or you might use =
one of the handlers provided in the adaptors modules.
+-->
<bean
=
class=3D"org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name=3D"filter" value=3D"uid=3D%u" />
<property name=3D"searchBase" value=3D"o=3Dnbpt,c=3Dcn" />=20
<property
name=3D"contextSource"
ref=3D"contextSource" />
</bean>
</list>
</property>
</bean>
=09
<bean id=3D"contextSource" =
class=3D"org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"=
>
<property name=3D"anonymousReadOnly" value=3D"false" />
<property name=3D"password" value=3D"password" />
<property name=3D"pooled" value=3D"true" />
<property name=3D"urls">
<list>
<value>ldap://localhost:389/</value>
</list>
</property>
<property name=3D"userName" value=3D"cn=3Dmanager,o=3Dnbpt,c=3Dcn" =
/>
<property name=3D"baseEnvironmentProperties">
<map>
<entry>
=
<key><value>java.naming.security.protocol</value></k=
ey>
<value>none</value>
</entry>
<entry>
=
<key><value>java.naming.security.authentication</value>=
</key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
<!--
This bean defines the security roles for the Services Management =
application. Simple deployments can use the in-memory version.
More robust deployments will want to use another option, such as the =
Jdbc version.
=09
The name of this should remain "userDetailsService" in order for Acegi =
to find it.=20
=09
To use this, you should add an entry similar to the following between =
the two value tags:
battags=3Dnotused,ROLE_ADMIN
=09
where battags is the username you want to grant access to. You can put =
one entry per line.
-->=09
<bean id=3D"userDetailsService" =
class=3D"org.springframework.security.userdetails.memory.InMemoryDaoImpl"=
>
<property name=3D"userMap">
<value>
=09
</value>
</property>
</bean>=20
=09
<!--=20
Bean that defines the attributes that a service may return. This =
example uses the Stub/Mock version. A real implementation
may go against a database or LDAP server. The id should remain =
"attributeRepository" though.
-->
<bean id=3D"attributeRepository"
=
class=3D"org.jasig.services.persondir.support.StubPersonAttributeDao">=
<property name=3D"backingMap">
<map>
<entry key=3D"uid" value=3D"uid" />
<entry key=3D"eduPersonAffiliation" =
value=3D"eduPersonAffiliation" />=20
<entry key=3D"groupMembership" value=3D"groupMembership" />
</map>
</property>
</bean>
=09
<!--=20
Sample, in-memory data store for the ServiceRegistry. A real =
implementation
would probably want to replace this with the JPA-backed ServiceRegistry =
DAO
The name of this bean should remain "serviceRegistryDao".
-->
<bean
id=3D"serviceRegistryDao"
class=3D"org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />=09
</beans>
</PRE>
=
<P> =E5=9C=A8=E5=BD=93=E5=89=8DWeb=E9=A1=B9=E7=9B=AElib=E7=9B=AE=E5=BD=
=95=E4=B8=8Bcas-server-support-ldap-3.3.jar=EF=BC=8Cspring-ldap-1.2.1.jar=
=E5=8D=B3=E5=8F=AF</P>
=
<P>=E6=88=91=E6=B5=8B=E8=AF=95=E6=9C=BA=E5=99=A8=E4=B8=8ALDAP=E6=95=B0=E6=
=8D=AE=E5=A6=82=E4=B8=8B=EF=BC=9A</P>
<P><IMG alt=3D""=20
=
src=3D"http://www.javaeye.com/upload/picture/pic/23745/f68709a4-53fe-3b88=
-b849-cece5cacd8cc.jpg">=20
</P>
=
<P>=E5=85=B6=E4=B8=ADLDAP=E4=B8=AD=E6=9C=89=E4=B8=80=E4=B8=AA=E7=94=A8=E6=
=88=B7=E5=90=8Dcxlh=EF=BC=8C=E5=AF=86=E7=A0=81=E4=B8=BA123=E7=9A=84=E8=AE=
=B0=E5=BD=95=EF=BC=8C=E9=82=A3=E4=B9=88=E5=9C=A8CAS=E7=99=BB=E9=99=86=E5=8F=
=A3=E8=BE=93=E5=85=A5cxlh/123=EF=BC=8C=E5=88=99=E8=BD=AC=E5=90=91=E7=99=BB=
=E5=BD=95=E6=88=90=E5=8A=9F=E9=A1=B5=EF=BC=8C=E5=A6=82=E4=B8=8B=E5=9B=BE=EF=
=BC=9A</P>
<P><IMG alt=3D""=20
=
src=3D"http://www.javaeye.com/upload/picture/pic/23747/85910c3f-2f01-340d=
-96e8-228f5fd1e84d.jpg">=20
</P>
=
<P>=E5=88=B0=E6=AD=A4=E4=B8=BA=E6=AD=A2=EF=BC=8C=E9=85=8D=E7=BD=AE=E5=AE=8C=
=E6=88=90=EF=BC=81</P></DIV>
<DIV id=3Dforum_advert_b5>
<SCRIPT type=3Dtext/javascript>
google_ad_client =3D "pub-9971846879634397";
google_ad_slot =3D "6749798418";
google_ad_width =3D 728;
google_ad_height =3D 90;
</SCRIPT>
<SCRIPT =
src=3D"http://pagead2.googlesyndication.com/pagead/show_ads.js"=20
type=3Dtext/javascript>
</SCRIPT>
</DIV>
<DIV =
id=3Dtopic_copyright>=E5=A3=B0=E6=98=8E=EF=BC=9AJavaEye=E6=96=87=E7=AB=A0=
=E7=89=88=E6=9D=83=E5=B1=9E=E4=BA=8E=E4=BD=9C=E8=80=85=EF=BC=8C=E5=8F=97=E6=
=B3=95=E5=BE=8B=E4=BF=9D=E6=8A=A4=E3=80=82=E6=B2=A1=E6=9C=89=E4=BD=9C=E8=80=
=85=E4=B9=A6=E9=9D=A2=E8=AE=B8=E5=8F=AF=E4=B8=8D=E5=BE=97=E8=BD=AC=E8=BD=BD=
=E3=80=82 </DIV>
<DIV =
id=3Dforum_advert_b3><SPAN>=E6=8E=A8=E8=8D=90=E9=93=BE=E6=8E=A5</SPAN>=20
<UL class=3Dadverts>
<LI><A href=3D"http://www.javaeye.com/adverts/126" =
target=3D_blank><SPAN=20
style=3D"FONT-WEIGHT: bold; COLOR: =
red">=E5=9C=A8=E7=B9=81=E7=90=90=E4=B8=AD=E6=8C=A3=E6=89=8E=E8=BF=98=E6=98=
=AF=E7=AE=80=E5=8C=96=E8=87=AA=E4=B8=BB=E7=AE=A1=E7=90=86=EF=BC=9F</SPAN>=
</A>
<LI><A href=3D"http://www.javaeye.com/adverts/111" =
target=3D_blank><SPAN=20
style=3D"FONT-WEIGHT: bold; COLOR: =
red">=E4=B8=8B=E8=BD=BD=E5=85=8D=E8=B4=B9=E7=9A=84 IBM DB2 Express-C=20
=E6=95=B0=E6=8D=AE=E5=BA=93</SPAN></A>
<LI><A href=3D"http://www.javaeye.com/adverts/170" =
target=3D_blank><SPAN=20
style=3D"FONT-WEIGHT: bold; COLOR: =
blue">5=E6=9C=88=E4=BB=BDStruts=20
=
2.0=E6=9C=80=E6=96=B0=E6=8A=80=E6=9C=AF=E4=B8=93=E9=A2=98=E7=B3=BB=E5=88=97=
=E8=AE=B2=E5=BA=A7</SPAN></A></LI></UL></DIV></TD></TR>
<TR>
<TD class=3Dpostauthor><A=20
=
href=3D"http://www.javaeye.com/topic/257036#">=E8=BF=94=E5=9B=9E=E9=A1=B6=
=E6=A5=BC</A></TD>
<TD class=3Dpostcontent>
<DIV class=3Dicons><A class=3Dicon_www =
title=3D=E6=B5=8F=E8=A7=88=E4=BD=9C=E8=80=85=E7=9A=84=E5=8D=9A=E5=AE=A2=20
href=3D"http://cxlh.javaeye.com/"> </A> <A =
class=3Dicon_profile=20
title=3D=E6=B5=8F=E8=A7=88=E4=BD=9C=E8=80=85=E8=B5=84=E6=96=99 =
href=3D"http://cxlh.javaeye.com/blog/profile"> </A> <A=20
class=3Dicon_pm =
title=3D=E5=8F=91=E9=80=81=E7=AB=99=E5=86=85=E7=9F=AD=E4=BF=A1=20
=
href=3D"http://app.javaeye.com/messages/new?message%5Breceiver_name%5D=3D=
kongshanxuelin"> </A>=20
<A class=3Dicon_guestbook =
title=3D=E7=BB=99=E4=BD=9C=E8=80=85=E7=95=99=E8=A8=80=20
href=3D"http://cxlh.javaeye.com/blog/guest_book"> </A> =
</DIV></TD></TR>
<TR class=3Dsep2>
<TD colSpan=3D2></TD></TR>
<TR id=3Dp_711073>
<TD class=3Dpostauthor>
<UL>
<LI class=3Dname>bease=20
<LI>=E7=AD=89=E7=BA=A7: =E5=88=9D=E7=BA=A7=E4=BC=9A=E5=91=98=20
<LI><A href=3D"http://bease.javaeye.com/" target=3D_blank><IMG =
class=3Dlogo=20
title=3D"bease=E7=9A=84=E5=8D=9A=E5=AE=A2: " =
alt=3D=E7=94=A8=E6=88=B7=E5=A4=B4=E5=83=8F=20
=
src=3D"http://www.javaeye.com/images/user-logo.gif?1194185304"></A>=20
<LI>=E6=96=87=E7=AB=A0: 1=20
<LI>=E7=A7=AF=E5=88=86: 30=20
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?