WEB-SSO CAS Server 3.3.5,Bonita-5.4-Tomcat-6.0.29
(接到上一篇)
整合 Bonita到cas里面,Bonita的版本是5.4
1.先将以前生成的密钥导入到Bonita所再的机器上的jvm里面
例如:
keytool -import -keystore /usr/lib/jvm/java-6-sun/jre/lib/security/cacerts -file /root/wsria.crt -alias key
2.将cas client jar包导入 到{BONITA_HOME}/lib
3.新建一个filter
public class WebAuthenticationFilter extends org.jasig.cas.client.util.AbstractCasFilter {
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)servletRequest;
HttpSession session = request.getSession();
CredentialsEncryptionAPIImpl credEncAPI = CredentialsEncryptionAPIImpl.getInstance();
String username = request.getRemoteUser();
String encryptedCredentials;
try {
encryptedCredentials = credEncAPI.encryptCredential(username);
session.setAttribute(LoginServlet.USER_CREDENTIALS_SESSION_PARAM_KEY, encryptedCredentials);
} catch (GeneralSecurityException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
chain.doFilter(servletRequest, servletResponse);
}
}
编译后曾class文件,再导入到cas-client.jar包中。
4.修改{BONITA_HOME}/webapps/WEB-INF/web.xml
主要是增加相关的过滤器
<!-- ******* -->
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://server177:9443/cas/login</param-value>
</init-param>
<init-param>
<param-name>service</param-name>
<param-value>http://172.25.165.4:8080/bonita/</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://172.25.165.4:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://server177:9443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://172.25.165.4:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Web Authentication Filter</filter-name>
<!-- NOTE: Class below is a custom written filter - see attached code -->
<filter-class>org.jasig.cas.client.tomcat.authentication.WebAuthenticationFilter</filter-class>
<init-param>
<param-name>service</param-name>
<param-value>http://172.25.165.4:8080/bonita/</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://172.25.165.4:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Web Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
5.测试OK....
补充一点: 就再启动和查看流程的时候 需要再次登录问题。。
You have to disable BOS internal SSO (cendential transmission) in bonita/client/web/common/conf/security-config.properties.
Set forms.application.credentials.transmission to false