ofbiz cas单点登录

Scenes Supported

 OFBiz-CAS-LDAP component supports the following scenes: OFBiz-CAS-OpenLDAP, OFBiz-CAS-ActiveDirectory, OFBiz-OpenLDAP and OFBiz-ActiveDirectory.

 OFBiz-CAS-LDAP Login Procedure

 The new OFBiz login procedure as following: 

OFBiz-CAS Logout Procedure

 The new OFBiz logout procedure as following:


 

Deploy OFBiz-CAS-LDAP Component in OFBiz 4.0

Here are the steps on deploying OFBiz-CAS-LDAP Component in OFBiz 4.0:

  1. Use Eclipse SVN plugin download OFBiz-LDAP component from http://www.langhua.cn/langhua/ofbiz-components/OFBiz-LDAP/branch/ofbiz4.0-cas3.2.1.1-openldap2.4.8/ as a new Java project(SVN username: anon, password: anon).
  2. Edit build.xml of the new project,  change ofbiz.home property to the path where your OFBiz is.
  3. Run ofbiz.copy of build.xml, OFBiz-LDAP component will be deployed to $(ofbiz.home)/specialpurpose/ldap/.
  4. Edit $(ofbiz.home)/specialpurpose/build.xml, add ldap/build.xml:
    specialpurpose/build.xml
    <filelist id= "application-builds"  dir= "."  files= "pos/build.xml, hhfacility/build.xml, assetmaint/build.xml, ldap/build.xml" />
  5. Edit $(ofbiz.home)/specialpurpose/component-load.xml, add:
    specialpurpose/build.xml
    <load-component  component-location= "${ofbiz.home}/specialpurpose/ldap" />
  6. If nessecery, change getPartyId and getSecurityGroup in /cn/langhua/ofbiz/ldap/commons/A_OFBizAuthenticationHandler.java.
  7. Run build of $(ofbiz.home)/build.xml.
  8. If CAS is deployed in tomcat in the same computer with OFBiz, change tomcat's ssl port to another value such as 8444 and restart tomcat.
  9. Edit the configurations in $(ofbiz.home)/specialpurpose/ldap/config/ldap.xml, see Configuration for details.
  10. Change checkLogin, login and logout in every WEB-INF/controller.xml:
specialpurpose/build.xml
<!--     Security Mappings -->
<request-map uri= "checkLogin"  edit= "false" >
<description>Verify a user is logged in.</description>
<security https= "true"  auth= "false" />
<event type= "java"  path= "cn.langhua.ofbiz.ldap.LdapLoginWorker"  invoke= "checkLogin"  />
<response name= "success"  type= "view"  value= "main"  />
<response name= "error"  type= "view"  value= "login"  />
</request-map>
<request-map uri= "login" >
<security https= "true"  auth= "false" />
<event type= "java"  path= "cn.langhua.ofbiz.ldap.LdapLoginWorker"  invoke= "login" />
<response name= "success"  type= "view"  value= "main" />
<response name= "error"  type= "view"  value= "login" />
</request-map>
<request-map uri= "logout" >
<security https= "true"  auth= "true" />
<event type= "java"  path= "cn.langhua.ofbiz.ldap.LdapLoginWorker"  invoke= "logout" />
<response name= "success"  type= "request"  value= "checkLogin" />
<response name= "error"  type= "view"  value= "main" />
</request-map>
<!-- End of Security Mappings -->
  1. Run OFBiz. Try to login OFBiz, you'll be redirect to CAS login page. Input a correct username and password, you'll be able to login OFBiz.
  2. Click Logout in OFBiz, you'll be redirect to CAS logout page.

Configuration

The component can be configed by  $(ofbiz.home)/specialpurpose/ldap/config/ldap.xml. Here is a sample of its content:

specialpurpose/build.xml
<?xml version= "1.0"  encoding= "UTF-8" ?>
 
<ldap>
     <!-- common configuration -->
     <Attribute>uid=%u</Attribute>
     <AuthenType>simple</AuthenType>
     <AuthenticationHandler>cn.langhua.ofbiz.ldap.cas.OFBizCasAuthenticationHandler</AuthenticationHandler>
     <AutoPartyId>admin</AutoPartyId>
     <AutoSecurityGroupId>FULLADMIN</AutoSecurityGroupId>
     <BaseDN>o=chinare,o=org,c=cn</BaseDN>
     <Filter>(objectclass=*)</Filter>
     <Scope>sub</Scope>
     <URL>ldap: //localhost:389</URL>
     <UseOFBizLoginWhenLDAPFail> true </UseOFBizLoginWhenLDAPFail>
 
     <!--  for  CAS-LDAP -->
     <CasLoginUri>/login</CasLoginUri>
     <CasLogoutUri>/logout</CasLogoutUri>
     <CasUrl>https: //cms.chinare.org.cn:8444/cas</CasUrl>
     <CasValidateUri>/validate</CasValidateUri>
     <CasLdapHandler>cn.langhua.ofbiz.ldap.openldap.OFBizLdapAuthenticationHandler</CasLdapHandler>
 
     <!--  for  MS Active Directory -->
     <SearchType/>
     <UserDNForSearch/>
     <PasswordForSearch/>
</ldap>

 Currently, there are 3 AuthenticationHandlers:

  • cn.langhua.ofbiz.ldap.cas.OFBizCasAuthenticationHandler: CAS authentication handler.
  • cn.langhua.ofbiz.ldap.openldap.OFBizLdapAuthenticationHandler: OpenLDAP authentication handler.
  • cn.langhua.ofbiz.ldap.activedirectory.OFBizActiveDirectoryAuthenticationHandler: Active Directory authentication handler.

Enjoy it.
原文:https://wiki.jasig.org/display/CASC/CASifying+Apache+OFBiz


你可能感兴趣的:(ofbiz cas单点登录)