将CAS https认证的方式改为http

阅读更多

最近,在做CAS单点登陆的一个模块,由于公司的产品太多,各个系统都要部署,在开发中Https的证书的部署比较麻烦,所以,打算把CAS的Https去掉。具体的修改如下

1.修改cas-servlet.xml

Java代码
        p:cookieSecure="true"  
        p:cookieMaxAge="-1"  
        p:cookieName="CASPRIVACY"  
        p:cookiePath="/cas" />   
       
            p:cookieSecure="true "  
        p:cookieMaxAge="-1"  
        p:cookieName="CASTGC"  
        p:cookiePath="/cas" /> 
  p:cookieSecure="true"
  p:cookieMaxAge="-1"
  p:cookieName="CASPRIVACY"
  p:cookiePath="/cas" />
 
   p:cookieSecure="true "
  p:cookieMaxAge="-1"
  p:cookieName="CASTGC"
  p:cookiePath="/cas" />


把上面连个bean中的p:cookieSecure="true "修改为p:cookieSecure="false"
2.修改deployerConfigContext.xml

Java代码
                    p:httpClient-ref="httpClient" /> 
     p:httpClient-ref="httpClient" />


添加p:requireSecure="false"

3.修改casclient的客户端

修改客户端的https验证
(1).edu.yale.its.tp.cas.client.filter.edu.yale.its.tp.cas.client.filter


Java代码
if (! casValidate.startsWith("https://")){   
            throw new ServletException("validateUrl must start with https://, its current value is [" + casValidate + "]");   
        }   
if (casServiceUrl != null){   
            if (! (casServiceUrl.startsWith("https://")|| (casServiceUrl.startsWith("http://") ))){   
                throw new ServletException("service URL must start with http:// or https://; its current value is [" + casServiceUrl + "]");   
            }   
        } 
if (! casValidate.startsWith("https://")){
            throw new ServletException("validateUrl must start with https://, its current value is [" + casValidate + "]");
        }
if (casServiceUrl != null){
            if (! (casServiceUrl.startsWith("https://")|| (casServiceUrl.startsWith("http://") ))){
                throw new ServletException("service URL must start with http:// or https://; its current value is [" + casServiceUrl + "]");
            }
        }


把这两段内容注释掉

(2).修改edu.yale.its.tp.cas.util.SecureURL


Java代码
if (!u.getProtocol().equals("https")){   
                // IOException may not be the best exception we could throw here   
                // since the problem is with the URL argument we were passed, not   
                // IO. -awp9   
                log.error("retrieve(" + url + ") on an illegal URL since protocol was not https.");   
                            throw new IOException("only 'https' URLs are valid for this method");   
            } 
if (!u.getProtocol().equals("https")){
             // IOException may not be the best exception we could throw here
             // since the problem is with the URL argument we were passed, not
             // IO. -awp9
             log.error("retrieve(" + url + ") on an illegal URL since protocol was not https.");
       throw new IOException("only 'https' URLs are valid for this method");
            }

 

把这段内容注释掉


本文来自CSDN博客,转载请标明出处:http://blog.csdn.net/DesignLife/archive/2008/09/21/2956814.aspx

你可能感兴趣的:(Bean,Web,XML,Servlet,.net)