openjweb平台配置cas server单点登录

迷途d书童 发布于 2012/03/09 12:18
阅读 403
收藏 0

web.xml:

 

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.4"
 xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee   http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
 <display-name>openjweb</display-name>
 <context-param>
  <param-name>contextConfigLocation</param-name>
  <param-value>
    /WEB-INF/classes/applicationContext-security-cas.xml
   /WEB-INF/classes/core-service-demo.xml
   /WEB-INF/classes/system-config.xml
   /WEB-INF/classes/CasContext.xml
  </param-value>
 </context-param>

 <context-param>
  <param-name>log4jConfigLocation</param-name>
  <param-value>/WEB-INF/classes/log4j.properties</param-value>
 </context-param>
 
   <filter>
         <filter-name>Character Encoding</filter-name>
         <filter-class>org.openjweb.core.filter.CharacterEncodingFilter</filter-class>
         <init-param>
             <param-name>encoding</param-name>
             <param-value>UTF-8</param-value>
         </init-param>
         <init-param>
             <param-name>ignore</param-name>
             <param-value>false</param-value>
             <!-- <param-value>true</param-value> -->
         </init-param>
    </filter>
 
 <filter>
  <filter-name>struts2</filter-name>
  <filter-class>
   org.apache.struts2.dispatcher.FilterDispatcher
  </filter-class>
 </filter>
 
  <!-- 
    <filter> 
        <filter-name>CAS Authentication Filter</filter-name> 
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> 
       
        <init-param> 
            <param-name>casServerLoginUrl</param-name> 
            <param-value>https://casserver.haoyisheng.com:8443/cas/login</param-value> 
        </init-param> 
        <init-param> 
            <param-name>renew</param-name> 
            <param-value>false</param-value> 
        </init-param> 
        <init-param> 
            <param-name>gateway</param-name> 
            <param-value>false</param-value> 
        </init-param> 
        
        <init-param> 
            <param-name>serverName</param-name> 
            <param-value>http://bzwang.haoyisheng.com:8088</param-value> 
        </init-param> 
    </filter> 
      
   
    <filter> 
        <filter-name>CAS Validation Filter</filter-name> 
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
        <init-param> 
            <param-name>targetBeanName</param-name> 
            <param-value>cas.validationfilter</param-value> 
        </init-param> 
    </filter> 
 
 <filter-mapping> 
        <filter-name>CAS Authentication Filter</filter-name> 
        <url-pattern>/comm/*</url-pattern> 
    </filter-mapping> 
      
    <filter-mapping> 
        <filter-name>CAS Validation Filter</filter-name> 
        <url-pattern>/comm/*</url-pattern> 
    </filter-mapping> 
 
 -->
 

      <filter-mapping>
         <filter-name>Character Encoding</filter-name>
         <url-pattern>*.jsp</url-pattern>
    </filter-mapping> 
   
   
      <filter-mapping>
         <filter-name>Character Encoding</filter-name>
         <url-pattern>*.action</url-pattern>
    </filter-mapping> 
  
  
   <filter>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
 </filter>
  
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

 
 <filter-mapping>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <url-pattern>/*</url-pattern>
 </filter-mapping>
   
    <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>
   
 
   
 
 

 <filter-mapping>
  <filter-name>struts2</filter-name>
  <url-pattern>/*</url-pattern>
 </filter-mapping>
 
 <listener>
  <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
 </listener>
 

 <listener>
  <listener-class>
   org.springframework.web.context.ContextLoaderListener
  </listener-class>
 </listener>
 
 <listener>
  <listener-class>
   org.springframework.security.ui.session.HttpSessionEventPublisher
  </listener-class>
 </listener>

 <listener>
  <listener-class>
   org.springframework.web.util.Log4jConfigListener
  </listener-class>
 </listener>
 
 <servlet>
  <servlet-name>action</servlet-name>
  <servlet-class>
   org.apache.struts.action.ActionServlet
  </servlet-class>
  <init-param>
   <param-name>config</param-name>
   <param-value>/WEB-INF/struts-config.xml</param-value>
  </init-param>
  <init-param>
   <param-name>debug</param-name>
   <param-value>3</param-value>
  </init-param>
  <init-param>
   <param-name>detail</param-name>
   <param-value>3</param-value>
  </init-param>
  <load-on-startup>0</load-on-startup>
 </servlet> <!--DWR -->     
 
 <servlet>
  <servlet-name>dwr-invoker</servlet-name>
   <servlet-class> org.directwebremoting.servlet.DwrServlet </servlet-class>
  <init-param>
   <param-name>debug</param-name>
   <param-value>true</param-value>
  </init-param>
  <init-param>     
            <param-name>crossDomainSessionSecurity</param-name>     
            <param-value>false</param-value>     
  </init-param>
         <load-on-startup>3</load-on-startup>
 </servlet>

 <!--fckeditor servlet-->
    <servlet>
        <servlet-name>Connector</servlet-name>
        <servlet-class>com.fredck.FCKeditor.connector.ConnectorServlet</servlet-class>
        <init-param>
            <param-name>baseDir</param-name>
            <param-value>/resupload/</param-value>
        </init-param>
        <init-param>
            <param-name>debug</param-name>
            <param-value>false</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
 
    <servlet>
        <servlet-name>SimpleUploader</servlet-name>
        <servlet-class>com.fredck.FCKeditor.uploader.SimpleUploaderServlet</servlet-class>
        <init-param>
            <param-name>baseDir</param-name>
            <param-value>/resupload/</param-value>
        </init-param>
        <init-param>
            <param-name>debug</param-name>
            <param-value>false</param-value>
        </init-param>
        <init-param>
            <param-name>enabled</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>AllowedExtensionsFile</param-name>
            <param-value></param-value>
        </init-param>
        <init-param>
            <param-name>DeniedExtensionsFile</param-name>
            <param-value>php|php3|php5|phtml|asp|aspx|ascx|jsp|cfm|cfc|pl|bat|exe|dll|reg|cgi</param-value>
        </init-param>
        <init-param>
            <param-name>AllowedExtensionsImage</param-name>
            <param-value>jpg|gif|jpeg|png|bmp</param-value>
        </init-param>
        <init-param>
            <param-name>DeniedExtensionsImage</param-name>
            <param-value></param-value>
        </init-param>
        <init-param>
            <param-name>AllowedExtensionsFlash</param-name>
            <param-value>swf|fla</param-value>
        </init-param>
        <init-param>
            <param-name>DeniedExtensionsFlash</param-name>
            <param-value></param-value>
        </init-param>
        <load-on-startup>2</load-on-startup>
    </servlet>

 <!--
<servlet>
    <servlet-name>easyjf</servlet-name>
    <servlet-class>com.easyjf.web.ActionServlet</servlet-class>   
</servlet>

<servlet>
   <servlet-name>test</servlet-name>
    <servlet-class>com.easyjf.action.CommAction</servlet-class>
</servlet>

  <servlet-mapping>
    <servlet-name>easyjf</servlet-name>
    <url-pattern>*.ejf</url-pattern>  
  </servlet-mapping> 
 
  <servlet-mapping>
   <servlet-name>test</servlet-name>
    <url-pattern>/testServlet</url-pattern>
  </servlet-mapping>

-->

 <!--
 <servlet>
    <servlet-name>DisplayChart </servlet-name>
        <servlet-class>
            org.jfree.chart.servlet.DisplayChart
        </servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>DisplayChart </servlet-name>
        <url-pattern>/temp </url-pattern>
    </servlet-mapping>
 -->
    <servlet-mapping>
  <servlet-name>dwr-invoker</servlet-name>
  <url-pattern>/dwr/*</url-pattern>
 </servlet-mapping>
 
  <servlet-mapping>
  <servlet-name>action</servlet-name>
  <url-pattern>*.do</url-pattern>
 </servlet-mapping>

<session-config>
  <session-timeout>30</session-timeout>
 </session-config>

 <welcome-file-list>
  <welcome-file>/secure/redirect.jsp</welcome-file>
 </welcome-file-list>
  <jsp-config>
 <taglib>
  <taglib-uri>
   http://www.springframework.org/security/tags
  </taglib-uri>
  <taglib-location>/WEB-INF/security.tld</taglib-location>
 </taglib>

 <taglib>
  <taglib-uri>/WEB-INF/struts-bean.tld</taglib-uri>
  <taglib-location>/WEB-INF/tld/struts-bean.tld</taglib-location>
 </taglib>

 <taglib>
  <taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>
  <taglib-location>/WEB-INF/tld/struts-html.tld</taglib-location>
 </taglib>

 <taglib>
  <taglib-uri>/WEB-INF/struts-logic.tld</taglib-uri>
  <taglib-location>/WEB-INF/tld/struts-logic.tld</taglib-location>
 </taglib>

 <taglib>
  <taglib-uri>/WEB-INF/struts-nested.tld</taglib-uri>
  <taglib-location>
   /WEB-INF/tld/struts-nested.tld
  </taglib-location>
 </taglib>

 <taglib>
  <taglib-uri>/WEB-INF/struts-tiles.tld</taglib-uri>
  <taglib-location>/WEB-INF/tld/struts-tiles.tld</taglib-location>
 </taglib>


  </jsp-config>
 


</web-app>

 

applicationContext-security-cas.xml:

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:sec="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
  
    <sec:http entry-point-ref="casProcessingFilterEntryPoint">
        <sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR" requires-channel="https"/>
  <sec:intercept-url pattern="/secure/**" access="ROLE_USER" />  
        <sec:logout logout-success-url="/apps/index.jsp"/>
    </sec:http>
 
    <sec:authentication-manager alias="authenticationManager"/>

    <bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">
        <sec:custom-filter after="CAS_PROCESSING_FILTER"/>
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationFailureUrl" value="/casfailed.jsp"/>
        <property name="defaultTargetUrl" value="/apps/index.jsp" />
        <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
        <property name="proxyReceptorUrl" value="/secure/receptor" />
       
    </bean>

    <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">
        <property name="loginUrl" value="https://crm.lucene.cn:8443/cas/login"/>
        <property name="serviceProperties" ref="serviceProperties"/>
    </bean>

    <bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
        <sec:custom-authentication-provider />
        <property name="userDetailsService" ref="userDetailsService"/>
        <property name="serviceProperties" ref="serviceProperties" />
        <property name="ticketValidator">
         <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
          <constructor-arg index="0" value="https://crm.lucene.cn:8443/cas" />
          <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
             <property name="proxyCallbackUrl" value="https://crm.lucene.cn:8443/crm/secure/receptor" /> 
           
            </bean>
        </property>
        <property name="key" value="an_id_for_this_auth_provider_only"/>
    </bean>
   
    <bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />

    <bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
        <property name="service" value="https://crm.lucene.cn:8443/crm/j_spring_cas_security_check"/>
        <property name="sendRenew" value="false"/>
    </bean>
 
   <bean id="daoAuthenticationProvider"
  class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
  <property name="userDetailsService" ref="userDetailsService" />
  <property name="userCache" ref="userCache" />
  <property name="passwordEncoder" ref="passwordEncoder" />
 </bean>
 <bean id="passwordEncoder"
  class="org.springframework.security.providers.encoding.Md5PasswordEncoder" />
 <bean id="userDetailsService"
  class="org.openjweb.core.springsecurity.UserDetailsServiceImpl">
  <constructor-arg>
   <ref bean="IBaseDao3" />
  </constructor-arg>
 </bean>

 <bean id="userCache"
  class="org.springframework.security.providers.dao.cache.EhCacheBasedUserCache">
  <property name="cache" ref="userCacheBacked" />
 </bean>

 <bean id="userCacheBacked"
  class="org.springframework.cache.ehcache.EhCacheFactoryBean">
  <property name="cacheManager" ref="cacheManager" />
  <property name="cacheName" value="userCache" />
 </bean>

 <bean id="cacheManager"
  class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
  <property name="configLocation"
   value="classpath:ehcache-security.xml" />
 </bean>
 <bean id="filterSecurityInterceptor"
  class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
  <sec:custom-filter before="FILTER_SECURITY_INTERCEPTOR" />
  <property name="authenticationManager"
   ref="authenticationManager" />
  <property name="accessDecisionManager"
   ref="accessDecisionManager" />
  <property name="alwaysReauthenticate" value="true" />
  <property name="objectDefinitionSource"
   ref="databaseFilterInvocationDefinitionSource" />
 </bean>
 <bean id="accessDecisionManager"
  class="org.springframework.security.vote.AffirmativeBased">
  <property name="decisionVoters">
   <list>
    <bean
     class="org.springframework.security.vote.RoleVoter">
     <property name="rolePrefix" value="" />
    </bean>
   </list>
  </property>
 </bean>
 <bean id="databaseFilterInvocationDefinitionSource"
  class="org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource">
  <constructor-arg
   type="org.springframework.security.util.UrlMatcher"
   ref="antUrlPathMatcher" />
  <constructor-arg type="java.util.LinkedHashMap" ref="requestMap" />
 </bean>

 <bean id="antUrlPathMatcher"
  class="org.springframework.security.util.AntUrlPathMatcher" />

 <bean id="requestMap"
  class="org.openjweb.core.springsecurity.RequestMapFactoryBean"
  init-method="init">
  
 </bean>

</beans>

 

 


原文链接:http://blog.csdn.net/baozhengw/article/details/4411553
加载中
返回顶部
顶部