cas 服务端配置
发布时间:2020-12-12 14:59:48 所属栏目:MsSql教程 来源:网络整理
导读:deployerConfigContext.xml?xml version="1.0" encoding="UTF-8"?!-- | deployerConfigContext.xml centralizes into one file some of the declarative configuration that | all CAS deployers will need to modify. | | This file declares some of the S
deployerConfigContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- | deployerConfigContext.xml centralizes into one file some of the declarative
configuration that | all CAS deployers will need to modify. | | This file
declares some of the Spring-managed JavaBeans that make up a CAS deployment.
| The beans declared in this file are instantiated at context initialization
time by the Spring | ContextLoaderListener declared in web.xml. It finds
this file because this | file is among those declared in the context parameter
"contextConfigLocation". | | By far the most common change you will need
to make in this file is to change the last bean | declaration to replace
the default SimpleTestUsernamePasswordAuthenticationHandler with | one implementing
your approach for authenticating usernames and passwords. + -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<!-- | This bean declares our AuthenticationManager. The CentralAuthenticationService
service bean | declared in applicationContext.xml picks up this AuthenticationManager
by reference to its id,| "authenticationManager". Most deployers will be
able to use the default AuthenticationManager | implementation and so do
not need to change the class of this bean. We include the whole | AuthenticationManager
here in the userConfigContext.xml so that you can see the things you will
| need to change in context. + -->
<bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<!-- | This is the List of CredentialToPrincipalResolvers that identify
what Principal is trying to authenticate. | The AuthenticationManagerImpl
considers them in order,finding a CredentialToPrincipalResolver which |
supports the presented credentials. | | AuthenticationManagerImpl uses these
resolvers for two purposes. First,it uses them to identify the Principal
| attempting to authenticate to CAS /login . In the default configuration,it is the DefaultCredentialsToPrincipalResolver | that fills this role. If
you are using some other kind of credentials than UsernamePasswordCredentials,you will need to replace | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver
that supports the credentials you are | using. | | Second,AuthenticationManagerImpl
uses these resolvers to identify a service requesting a proxy granting ticket.
| In the default configuration,it is the HttpBasedServiceCredentialsToPrincipalResolver
that serves this purpose. | You will need to change this list if you are
identifying services by something more or other than their callback URL.
+ -->
<property name="credentialsToPrincipalResolvers">
<list>
<!-- | UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials
that we use for /login | by default and produces SimplePrincipal instances
conveying the username from the credentials. | | If you've changed your LoginFormAction
to use credentials other than UsernamePasswordCredentials then you will also
| need to change this bean declaration (or add additional declarations) to
declare a CredentialsToPrincipalResolver that supports the | Credentials
you are using. + -->
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
<!-- | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials.
It supports the CAS 2.0 approach of | authenticating services by SSL callback,extracting the callback URL from the Credentials and representing it as a
| SimpleService identified by that callback URL. | | If you are representing
services by something more or other than an HTTPS URL whereat they are able
to | receive a proxy callback,you will need to change this bean declaration
(or add additional declarations). + -->
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
</list>
</property>
<!-- | Whereas CredentialsToPrincipalResolvers identify who it is some
Credentials might authenticate,| AuthenticationHandlers actually authenticate
credentials. Here we declare the AuthenticationHandlers that | authenticate
the Principals that the CredentialsToPrincipalResolvers identified. CAS will
try these handlers in turn | until it finds one that both supports the Credentials
presented and succeeds in authenticating. + -->
<property name="authenticationHandlers">
<list>
<!-- | This is the authentication handler that authenticates services
by means of callback via SSL,thereby validating | a server side SSL certificate.
+ -->
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<!-- | This is the authentication handler declaration that every CAS
deployer will need to change before deploying CAS | into production. The
default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
| where the username equals the password. You will need to replace this with
an AuthenticationHandler that implements your | local authentication strategy.
You might accomplish this by coding a new such handler and declaring | edu.someschool.its.cas.MySpecialHandler
here,or you might use one of the handlers provided in the adaptors modules.
+ <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler"
/> -->
<bean
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="casDataSource" />
<property name="sql"
value="select PasswordHash from db_20101014_Wangy.dbo.t_User where FName = ? " />
<property name="passwordEncoder" ref="myPasswordEncoder"/>
</bean>
</list>
</property>
</bean>
<!-- This bean defines the security roles for the Services Management application.
Simple deployments can use the in-memory version. More robust deployments
will want to use another option,such as the Jdbc version. The name of this
should remain "userDetailsService" in order for Spring Security to find it. -->
<!-- <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN"
/> -->
<sec:user-service id="userDetailsService">
<sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused"
authorities="ROLE_ADMIN" />
</sec:user-service>
<!-- Bean that defines the attributes that a service may return. This example
uses the Stub/Mock version. A real implementation may go against a database
or LDAP server. The id should remain "attributeRepository" though. -->
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.StubPersonAttributeDao">
<property name="backingMap">
<map>
<entry key="uid" value="uid" />
<entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
<entry key="groupMembership" value="groupMembership" />
</map>
</property>
</bean>
<!-- Sample,in-memory data store for the ServiceRegistry. A real implementation
would probably want to replace this with the JPA-backed ServiceRegistry DAO
The name of this bean should remain "serviceRegistryDao". -->
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="0" />
<property name="name" value="HTTP" />
<property name="description" value="Only Allows HTTP Urls" />
<property name="serviceId" value="http://**" />
</bean>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="1" />
<property name="name" value="HTTPS" />
<property name="description" value="Only Allows HTTPS Urls" />
<property name="serviceId" value="https://**" />
</bean>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="2" />
<property name="name" value="IMAPS" />
<property name="description" value="Only Allows HTTPS Urls" />
<property name="serviceId" value="imaps://**" />
</bean>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="3" />
<property name="name" value="IMAP" />
<property name="description" value="Only Allows IMAP Urls" />
<property name="serviceId" value="imap://**" />
</bean>
</list>
</property>
</bean>
<bean id="auditTrailManager"
class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
<bean id="casDataSource" class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName">
<value>com.microsoft.sqlserver.jdbc.SQLServerDriver</value>
</property>
<property name="url">
<value>jdbc:sqlserver://192.168.10.251:1433;databaseName=db_NLMRPII</value>
</property>
<property name="username">
<value>sa</value>
</property>
<property name="password">
<value>!Newlife123DSS789Lx</value>
</property>
</bean>
<bean id="myPasswordEncoder" class="com.newlifegroup.cas.util.MD5Encoder">
</bean>
</beans>
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |