修改让cas支持客户端自定义登陆页面----服务器篇-

paypal登陆  时间:2021-01-09  阅读:()

 让CAS支持客户端自定义登陆页面——服务器篇- [De velopment]

2009-03-23

声明 时请以超形式标明文章原始出处和作者信息及本声明fallenlord.blogbus./logs/36907044.html

上篇《让CAS支持客户端自定义登陆页面——原理篇》讲述了一些修改的理论基础这篇讲解如何对C AS服务器端进行修改。

修改需要基于几个基本原则

1 . 不影响原有统一登陆界面功能

2. 客户端应尽量保持简单

3. 尽量保证原有功能的完整性和安全性

对于第三点 必须事先说明将登陆页面放到客户端本身就是降低了 CAS安全性这意味着作为服务向外发布的CAS服务器中的用户密码有可能由于客户端的不安全性而导致泄露整个CAS系统成为了一个“水桶形态”整个CAS体系的安全性将取决于所有客户端中安全性最低的一个。这也是CAS官方一直不推荐的方式。

接下来我们讲解服务器端修改的详细过程

首先修改/WEB-IN F/web.xml  为cas增加一个/remoteLogin的映射

<servl et-mappi ng>

<servlet-n ame>c as</s ervlet-n ame>

<url-pattern>/remoteLogin</url-pattern>

</servl et-mapping>

然后修改cas-servlet.xml文件 增加我们对/remoteLogin映射的处理 需要增加一个新流程<bean id="handlerMappingB" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMappi ng ">

<property name="mappings">

<props>

<prop key="/login">loginControl ler</prop>

<prop key="/remoteLogin">remoteControl ler</prop>

</props>

</property>

<property name="interceptors">

<l ist>

<ref bean="localeChangeInterceptor" />

</list>

</property>

</b ea n>

然后在cas-servlet.xml文件中添加我们上面所配置的remoteController的bean

<!--增加远程控制者 允许以/remote请求启动remote控制流程-->

<bean id="remoteLoginControl ler"class="org.springframework.webflow.executor.mvc.FlowController"p:flowExecutor-ref="remoteLoginFlowExecutor"p:defaultFlowId="remoteLogin-webflow">

<property name="argumentHandl er">

<bean class="org.springframework.webflow.executor.support.RequestParameterFlowExecutorArgumentHandler"p:flowExecutionKeyArgu mentName="lt"

p:defaultFlowId="remoteLogin-webflow" />

</property>

</b ea n>

<flow:executor id="remoteLoginFlowExecutor" registry-ref="remoteLoginFlowRegistry">

<flow:execution-attributes>

<flow:alwaysRedirectOnPause value="false"/>

</flow:execution-attributes>

</flow:executor>

<flow:registry id="remoteLoginFlowRegistry">

<flow:location path="/WEB-INF/remoteLogin-webflow.xml"/>

</flow:registry>

可以看到上面将请求指向了webflow配置文件/WEB-IN F/remoteLogin-webflow.xml文件 我们需要创建此文件并配置其成为我们所需的流程 以下是remoteLogin-webflow.xml全文

<?xml version="1 .0" encoding="UTF-8"?>

<flow xmlns=".springframework.org/schema/webflow"xmlns:xsi=".w3.org/2001/XMLSchema-instance"xsi :schemaLocation="

.springframework.org/schema/webflow

.springframework.org/schema/webflow/spring-webflow-1 .0.xsd">

<start-state idref="remoteLogin"/>

<!--远程登陆主要Action -->

<action-state id="remoteLogin">

<action bean="remoteLoginAction" />

<transition on="error" to="remoteCal lbackView" />

<transition on="submit" to="bindAndValidate" />

<transition on="checkTicketGrantingTicket" to="ticketGrantingTicketExistsCheck" />

</action-state>

<!--远程回调页面 主要以JavaScript的方式回传一些参数用 -->

<end-state id="remoteCal lbackView" view="remoteCallbackView" />

<decision-state id="ticketGrantingTicketExistsCheck">

<if test="${flowScope.ticketGrantingTicketId != nul l}" then="hasServiceCheck"else="gat ewayRequ estCh eck" />

</decision-state>

<decision-state id="gatewayRequestCheck">

<if test="${external Context.requestParameterMap['gateway'] != ''&amp;&amp; externalContext.re questParameterMap['gateway'] != null&amp;&amp; flowScope.service != nul l}" then="redirect" else="re moteCal lbackView" />

</decision-state>

<decision-state id="hasServiceCheck">

<if test="${flowScope.service != nul l}" then="generateServiceTicket" else="remoteCal lbackView"/>

</decision-state>

<!--

The "warn" action makes the determination of whether to redirect directly to the requested service or display the "confirmation" page to go back to the server.

-->

<decision-state id="warn">

<if test="${flowScope.warnCookieValue}" then="showWarningView" else="redirect" /></decision-state>

<action-state id="bindAndVal idate">

<action bean="authenticationViaFormAction" />

<transition on="success" to="submit" />

<transition on="error" to="remoteCal lbackView" />

</action-state>

<action-state id="submit">

<action bean="authenticationViaFormAction"method="submit" />

<transition on="warn" to="warn" />

<transition on="success" to="sendTicketGrantingTicket" />

<transition on="error" to="remoteCal lbackView" />

</action-state>

<action-state id="sendTicketGrantingTicket">

<action bean="sendTicketGrantingTicketAction" />

<transition on="success" to="serviceCheck" />

</action-state>

<decision-state id="serviceCheck">

<if test="${flowScope.service != nul l}" then="generateServiceTicket"else="remoteCal lbackView" />

</decision-state>

<action-state id="generateServiceTicket">

<action bean="generateServiceTicketAction" />

<transition on="success" to ="warn" />

<transition on="error" to="remoteCal lbackView" />

<transition on="gateway" to="redirect" />

</action-state>

<!--

The "showWarningView" end state is the end state for when the user has requested privacy settings (to be "warned") to be turned on. It delegates to a view defines in default_views.properties that display the "Please cl ick here to go to the service."message.

-->

<end-state id="showWarningView" view="casLoginConfirmView" />

<!--

The "redirect" end state al lows CAS to properly end the workflow whi le sti l l redirecting the user back to the service required.

-->

<end-state id="redirect" view="bean:dynamicRedirectViewSelector" />

<end-state id="viewServiceErrorView" view="viewServiceErrorView" />

<end-state id="viewServiceSsoErrorView" view="viewServiceSsoErrorView" />

<global-transitions>

<transition to="viewServiceErrorView" on-exception="org.springframework.webflow.execution.repository.NoSuchFlowExecuti onException" />

<transition to="viewServiceSsoErrorView" on-

exception="org.jasig.cas.services.UnauthorizedSsoServiceException" />

<transition to="viewServiceErrorView" on-exception="org.jasig.cas.services.UnauthorizedServiceException" />

</global-transitions>

</flow>

以上文件根据原login-webflow.xml文件修改黄色背景为修改部分。可以看到我们在流程中增加了 r emoteLogin Action节点和remoteCallback View节点 下面我们配置remoteLogin节点

在/WEB-IN F/cas-servlet.xml文件中增加remoteLoginAction配置

<bean id="remoteLoginAction"class=".baidu.cas.web.flow.RemoteLoginAction"p:argu mentExtractors-ref="argumentExtractors"p:warnCookieGenerator-ref="warnCookieGenerator"p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator" />

同时创建com.baidu.cas.web.flow.RemoteLoginAction类

*

*远程登陆票据提供Action.

*根据InitialFlowSetupAction修改.

* 由于InitialFlowSetupAction为final类 因此只能将代码复制过来再进行修改.

*

* author GuoLin

*/publ ic class RemoteLoginAction extends AbstractAction {

/** CookieGenerator for the Warnings. */

NotNul l

private CookieRetrievingCookieGenerator warnCookieGenerator;

/** CookieGenerator for the TicketGrantingTickets. */

NotNul l private CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator;/** Extractors for finding the service. */

NotEmpty private List<ArgumentExtractor> argumentExtractors;

/** Boolean to note whether we've set the values on the generators or not. */private boolean pathPopulated = false;protected Event doExecute(final RequestContext context) throws Exception {final HttpServletRequest request =WebUti ls.getHttpServletRequest(context);if (!this.pathPo pul ated) {final String contextPath = context.getExternal Context().getContextPath() ;final String cookiePath = StringUti ls.hasText(contextPath) ? contextPath : "/";logger.info("Setting path for cookies to: " +cookiePath);this.warnCookieGenerator.setCookiePath(cookiePath) ;this.ticketGrantingTicketCookieGenerator.setCookiePath(cookiePath);this.pathPopulated = true;

}context.getFlowScope().put("ticketGrantingTicketId",this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request)) ;context.getFlowScope().put("warnCookieValue",

Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(request))) ;final Service service =WebUti ls.getService(this.argumentExtractors, context);if (service != nul l &&logger.isDebugEnabled()) {logger.debug("Placing service in FlowScope: " + service.getId());

}context.getFlowScope().put("service", service) ;

//客户端必须传递loginUrl参数过来否则无法确定登陆目标页面if (StringUti ls.hasText(request.getParameter("loginUrl"))) {context.getFlowScope().put("remoteLoginUrl", request.getParameter("loginUrl"));

} else {request.setAttribute("remoteLoginMessage", "loginUrl parameter must be supported.") ;return error();

}

//若参数包含submit则进行提交否则进行验证if (StringUti ls.hasText(request.getParameter("submit"))) {return result("submit");

} else {return result("checkTicketGrantingTicket");

}

}publ ic void setTicketGrantingTicketCookieGenerator(final CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator) {this.ticketGrantingTicketCookieGenerator = ticketGrantingTicketCookieGenerator;

}publ ic void setWarnCookieGenerator(final CookieRetrievingCookieGenerator warnCookieGenerator) {this.warnCookieGenerator =warnCookieGenerator;

}publ ic void setArgumentExtractors(

HostSailor:罗马尼亚机房,内容宽松;罗马尼亚VPS七折优惠,罗马尼亚服务器95折

hostsailor怎么样?hostsailor成立多年,是一家罗马尼亚主机商家,机房就设在罗马尼亚,具说商家对内容管理的还是比较宽松的,商家提供虚拟主机、VPS及独立服务器,今天收到商家推送的八月优惠,针对所有的产品都有相应的优惠,商家的VPS产品分为KVM和OpenVZ两种架构,OVZ的比较便宜,有这方面需要的朋友可以看看。点击进入:hostsailor商家官方网站HostSailor优惠活动...

星梦云60元夏日促销,四川100G高防4H4G10M,西南高防月付特价

星梦云怎么样?星梦云好不好,资质齐全,IDC/ISP均有,从星梦云这边租的服务器均可以备案,属于一手资源,高防机柜、大带宽、高防IP业务,一手整C IP段,四川电信,星梦云专注四川高防服务器,成都服务器,雅安服务器 。官方网站:点击访问星梦云官网活动方案:1、成都电信年中活动机(封锁UDP,不可解封):机房CPU内存硬盘带宽IP防护流量原价活动价开通方式成都电信优化线路4vCPU4G40G+50...

Virmach$7.2/年,新款月抛vps上线,$3.23/半年,/1核640M内存/10 GB存储/ 1Gbps/1T流量

Virmach自上次推出了短租30天的VPS后,也就是月抛型vps,到期不能续费,直接终止服务。此次又推出为期6个月的月抛VPS,可选圣何塞和水牛城机房,适合短期有需求的用户,有兴趣的可以关注一下。VirMach是一家创办于2014年的美国商家,支持支付宝、PayPal等方式,是一家主营廉价便宜VPS服务器的品牌,隶属于Virtual Machine Solutions LLC旗下!在廉价便宜美国...

paypal登陆为你推荐
空间主机空间 , VPS 服务器, 云主机有什么区别?vpsvps是什么?com域名空间域名解析,我是一个新手站长,我买了一个空间跟一个COM域名,空间自带一个2级域名,我想把这个COM域名绑定到空间上,咋么办?急急急!求大神帮我,我创建一个游戏论坛,也查不到资料,可以给20元,我的手机13685455534,谢谢网站服务器租用哪些网站适合独立服务器租用?价格方面怎么样?国内ip代理全国各省代理IP台湾vps做一个论坛,请问需要什么样的vps配置php虚拟空间php虚拟主机空间如何连接mysql虚拟主机管理系统急!高分!比较好用的虚拟主机管理系统有哪些?虚拟主机管理系统我也想和你学虚拟主机管理系统的操作虚拟主机系统虚拟主机采用什么操作系统?
北京虚拟主机租用 香港vps主机 winhost 2014年感恩节 512av 华为云主机 网通服务器ip 太原联通测速平台 柚子舍官网 福建铁通 gtt 申请网页 香港亚马逊 深圳域名 免费蓝钻 注册阿里云邮箱 xuni 架设代理服务器 ping值 winserver2008下载 更多