【试水CAS-4.0.3】第09节_CAS服务端RememberMe

完整版见 http://jadyer.cn/2015/07/28/sso-cas-remember-me/





本文源码下载:http://download.csdn.net/detail/jadyer/8940967

/**
 * @see ------------------------------------------------------------------------------------------------------------------------
 * @see 先介绍一下CAS-4.0.3服务端的来自cas.properties中的一些其它配置项
 * @see 1.cas.securityContext.status.allowedSubnet=127.0.0.1
 * @see   可以访问的服务端统计页面:http://sso.jadyer.com:8080/cas-server-web/status
 * @see   可以访问的服务端统计页面:http://sso.jadyer.com:8080/cas-server-web/statistics
 * @see 2.host.name=S3
 * @see   uniqueIdGenerators.xml中的各种UniqueTicketIdGenerator生成TGT/ST等ticket时会用到host.name作为ticket的后缀
 * @see   host.name通常用在集群环境下,其值对于每个节点来说都必须是唯一的,这样整个集群环境生成的各种ticket也必定是唯一的
 * @see   单机环境下就没必要修改它了
 * @see 3.cas.logout.followServiceRedirects=true
 * @see   是否允许客户端Logout后重定向到service参数指定的资源
 * @see 4.tgt.maxTimeToLiveInSeconds=28800
 * @see   指定Session的最大有效时间,即从生成到指定时间后就将超时,默认28800s,即8小时
 * @see 5.tgt.timeToKillInSeconds=7200
 * @see   指定用户操作的超时时间,即用户在多久不操作后就超时,默认7200s,即2小时
 * @see   经本人亲测:在测试tgt.timeToKillInSeconds时还要注意客户端web.xml配置的超时时间
 * @see   即只有客户端配置超时时间不大于tgt.timeToKillInSeconds时才能看见服务端设置的效果
 * @see 6.st.timeToKillInSeconds=10
 * @see   指定service ticket的有效时间,默认10s
 * @see   这也是debug追踪CAS应用认证过程中经常会失败的原因,因为追踪的时候service ticket已经过了10秒有效期了
 * @see 7.slo.callbacks.disabled=false
 * @see   是否禁用单点登出
 * @see ------------------------------------------------------------------------------------------------------------------------
 * @create 2015-7-28 下午7:49:24
 * @author 玄玉
 */

下面是关于启用RememberMe功能所需做的修改描述

/**
 * @see CAS服务端RememberMe
 * @see ------------------------------------------------------------------------------------------------------------------------
 * @see 关于RememberMe,可参考官方文档,网址如下(下面两个网址描述的RememberMe实现都是一样的,只是第二个还有其它描述)
 * @see http://jasig.github.io/cas/development/installation/Configuring-LongTerm-Authentication.html
 * @see http://jasig.github.io/cas/4.0.x/installation/Configuring-Authentication-Components.html#long-term-authentication
 * @see RememberMe也就是平时所说的记住密码的功能,可以让用户登录成功后,关闭浏览器再重新打开浏览器访问应用时不需要再次登录
 * @see RememberMe与上面的Session超时配置tgt.timeToKillInSeconds是两回事,Session超时是针对一次会话而言,RememberMe则更广
 * @see 另外本文的CAS-4.0.3服务端源码修改,是在我的以下三篇博文基础上修改的,最终我会在CSDN上提供整体源码下载
 * @see http://blog.csdn.net/jadyer/article/details/46875393
 * @see http://blog.csdn.net/jadyer/article/details/46914661
 * @see http://blog.csdn.net/jadyer/article/details/46916169
 * @see 具体修改步骤如下
 * @see 1.cas.properties中新增配置项rememberMeDuration=1209600
 * @see 2.ticketExpirationPolicies.xml中新增RememberMe过期策略的配置
 * @see 3.ticketGrantingTicketCookieGenerator.xml中新增属性项p:rememberMeMaxAge="${rememberMeDuration:1209600}"
 * @see 4.deployerConfigContext.xml
 * @see 5.casLoginView.jsp表单中增加rememberMe字段
 * @see 6.login-webflow.xml增加接收表单rememberMe字段的配置
 * @see 7.UsernamePasswordCaptchaCredential.java集成RememberMeUsernamePasswordCredential使得可以接收表单的rememberMe字段
 * @see ------------------------------------------------------------------------------------------------------------------------
 * @create 2015-7-28 下午7:58:08
 * @author 玄玉
 */
下面是ticketExpirationPolicies.xml的修改



    
        Assignment of expiration policies for the different tickets generated by CAS including ticket granting ticket
        (TGT), service ticket (ST), proxy granting ticket (PGT), and proxy ticket (PT).
        These expiration policies determine how long the ticket they are assigned to can be used and even how often they
        can be used before becoming expired / invalid.
    

    
    
    

    
    
    

	
	
	
	
	
	
	
	
	
	
下面是ticketGrantingTicketCookieGenerator.xml的修改


	
		Defines the cookie that stores the TicketGrantingTicket.  You most likely should never modify these (especially the "secure" property).
		You can change the name if you want to make it harder for people to guess.
	
	
	
	
下面是deployerConfigContext.xml修改的部分

	
		
			
			
		
	

	
		
	
	
	
	
		
			
			
		
	
下面是login-webflow.xml修改的部分

       
           
           
           
           
           
           
       
       
           
       
	
           
       
下面是UsernamePasswordCaptchaCredential.java
package com.msxf.sso.model;

import org.jasig.cas.authentication.RememberMeUsernamePasswordCredential;

/**
 * 自定义的接收登录验证码的实体类
 * @create 2015-7-14 下午4:28:33
 * @author 玄玉
 */
//public class UsernamePasswordCaptchaCredential extends UsernamePasswordCredential {
public class UsernamePasswordCaptchaCredential extends RememberMeUsernamePasswordCredential {
	private static final long serialVersionUID = 8317889802836113837L;
	
	private String captcha;

	public String getCaptcha() {
		return captcha;
	}

	public void setCaptcha(String captcha) {
		this.captcha = captcha;
	}
}
下面是//WEB-INF//view//jsp//msxf//ui//casLoginView.jsp
<%@ page pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form"%>






	
	CAS单点登录系统
	
	
	
	
	






	

Non-secure Connection

You are currently accessing CAS over a non-secure connection. Single Sign On WILL NOT WORK. In order to have single sign on work, you MUST log in over HTTPS.

<%-- --%>
${sessionScope.openIdLocalId}
最后是cas.properties中增加的rememberMeDuration配置
# Long term authentication session length in seconds
#服务端RememberMe的有效期,默认为1209600s,即两周
rememberMeDuration=1209600

验证RememberMe功能是否成功的办法就是:用客户端单点登录成功后,关掉浏览器,再打开浏览器访问客户端,此时若不登录就能访问成功说明RememberMe成功!!

你可能感兴趣的:(SSO,sso,cas,rememberme,记住密码,单点登录)