CAS撤除https认证的方式
CAS取消https认证的方式
最近,在做CAS单点登陆的一个模块,由于公司的产品太多,各个系统都要部署,在开发中Https的证书的部署比较麻烦,所以,打算把CAS的Https去掉。具体的修改如下
1.修改cas-servlet.xml
把上面连个bean中的p:cookieSecure="true "修改为p:cookieSecure="false"
2.修改deployerConfigContext.xml
添加p:requireSecurep="httpClient"
3.修改casclient的客户端
修改客户端的https验证
(1).edu.yale.its.tp.cas.client.filter.edu.yale.its.tp.cas.client.filter
把这两段内容注释掉
(2).修改edu.yale.its.tp.cas.util.SecureURL
把这段内容注释掉
最近,在做CAS单点登陆的一个模块,由于公司的产品太多,各个系统都要部署,在开发中Https的证书的部署比较麻烦,所以,打算把CAS的Https去掉。具体的修改如下
1.修改cas-servlet.xml
<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" p:cookieSecure="true" p:cookieMaxAge="-1" p:cookieName="CASPRIVACY" p:cookiePath="/cas" /> <bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" p:cookieSecure="true " p:cookieMaxAge="-1" p:cookieName="CASTGC" p:cookiePath="/cas" />
把上面连个bean中的p:cookieSecure="true "修改为p:cookieSecure="false"
2.修改deployerConfigContext.xml
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" />
添加p:requireSecurep="httpClient"
3.修改casclient的客户端
修改客户端的https验证
(1).edu.yale.its.tp.cas.client.filter.edu.yale.its.tp.cas.client.filter
if (! casValidate.startsWith("https://")){ throw new ServletException("validateUrl must start with https://, its current value is [" + casValidate + "]"); } if (casServiceUrl != null){ if (! (casServiceUrl.startsWith("https://")|| (casServiceUrl.startsWith("http://") ))){ throw new ServletException("service URL must start with http:// or https://; its current value is [" + casServiceUrl + "]"); } }
把这两段内容注释掉
(2).修改edu.yale.its.tp.cas.util.SecureURL
if (!u.getProtocol().equals("https")){ // IOException may not be the best exception we could throw here // since the problem is with the URL argument we were passed, not // IO. -awp9 log.error("retrieve(" + url + ") on an illegal URL since protocol was not https."); throw new IOException("only 'https' URLs are valid for this method"); }
把这段内容注释掉
1 楼
lynxpengpeng
2008-10-07
我想请教一个问题。用cas配置成功之后,系统的授权工作怎么做啊?没有cas之前,原系统登录后会在session 里存用户信息之类的,然后通过session 的内容判断权限,是不是有了cas之后,原系统的登录机制没用了,原系统的权限认证和管理就不用了。谢谢,疑惑中。。
2 楼
macun
2008-10-09
用过cas的proxy模式吗?这个模式在客户端和服务器端应该怎么配置?我用的是cas-client-3.1和cas-server-3.2版本的。
3 楼
lean1252
2009-08-05
改过以后,抛出
javax.servlet.ServletException: Authentication was technically successful but rejected as a matter of policy. [[edu.yale.its.tp.cas.client.CASReceipt userName=[asflex] casValidateUrl=[http://asflex:8080/cas/serviceValidate] proxyCallbackUrl=[null] pgtIou=[null] casValidateUrl=[http://asflex:8080/cas/serviceValidate] proxyList=[[]]]]异常,是不是还要改哪个地方?
4 楼
lean1252
2009-08-05
改过以后,抛出
javax.servlet.ServletException: Authentication was technically successful but rejected as a matter of policy. [[edu.yale.its.tp.cas.client.CASReceipt userName=[asflex] casValidateUrl=[http://asflex:8080/cas/serviceValidate] proxyCallbackUrl=[null] pgtIou=[null] casValidateUrl=[http://asflex:8080/cas/serviceValidate] proxyList=[[]]]]
异常,是不是还要改哪个地方?
javax.servlet.ServletException: Authentication was technically successful but rejected as a matter of policy. [[edu.yale.its.tp.cas.client.CASReceipt userName=[asflex] casValidateUrl=[http://asflex:8080/cas/serviceValidate] proxyCallbackUrl=[null] pgtIou=[null] casValidateUrl=[http://asflex:8080/cas/serviceValidate] proxyList=[[]]]]
异常,是不是还要改哪个地方?
5 楼
frederick_hai
2010-09-19
请问各位是否了解 在cas3版本如何将https换成http