Jboss AS7 + CAS - 在所有应用程序中
Jboss AS7 + CAS - in all applications
我已经 Jboss AS7 和 CAS 部署并工作。
我还部署了一个测试应用程序 "Hello World",我需要将其与 CAS 集成。我的意思是我想通过 CAS 请求登录以访问此应用程序。
因此,在此之后我需要将其配置为如下工作:我将拥有更多应用程序并且我希望能够通过 CAS 登录我的应用程序之一,然后即使我更改应用程序,它会记得我的。
谁能告诉我该怎么做?
这是我的 web.xml:
<web-app id="simple" version="2.4">
<welcome-file-list>
<welcome-file>hello.html</welcome-file>
</welcome-file-list>
</web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>All resources</web-resource-name>
<description>Protects all resources</description>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>
org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://127.0.0.1:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://127.0.0.1</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://127.0.0.1:8443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://127.0.0.1:8443/cas</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>tolerance</param-name>
<param-value>1000</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
更新:按照您的说明进行操作后,我在尝试部署时遇到此错误:
12:17:21,765 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC00001: Failed to start service jboss.deployment.unit."test.war".INSTALL: org.jboss.msc.service.StartException in service jboss.deployment.unit."test.war".INSTALL: Failed to process phase INSTALL of deployment "test.war"
at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:119) [jboss-as-server-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_65]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_65]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_65]
Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: JBAS018096: Error instantiating container component: authenticator.CasAuthenticator
at org.jboss.as.web.deployment.WarDeploymentProcessor.getInstance(WarDeploymentProcessor.java:386)
at org.jboss.as.web.deployment.WarDeploymentProcessor.processDeployment(WarDeploymentProcessor.java:210)
at org.jboss.as.web.deployment.WarDeploymentProcessor.deploy(WarDeploymentProcessor.java:114)
at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:113) [jboss-as-server-7.1.1.Final.jar:7.1.1.Final]
... 5 more
Caused by: java.lang.ClassNotFoundException: authenticator.CasAuthenticator from [Module "deployment.test.war:main" from Service Module Loader]
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190) [jboss-modules.jar:1.1.1.GA]
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:468) [jboss-modules.jar:1.1.1.GA]
at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:456) [jboss-modules.jar:1.1.1.GA]
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398) [jboss-modules.jar:1.1.1.GA]
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:120) [jboss-modules.jar:1.1.1.GA]
at org.jboss.as.web.deployment.WarDeploymentProcessor.getInstance(WarDeploymentProcessor.java:378)
... 8 more
12:17:21,770 INFO [org.jboss.as.server] (HttpManagementService-threads - 16) JBAS015870: Deploy of deployment "test.war" was rolled back with failure message {"JBAS014671: Failed services" => {"jboss.deployment.unit.\"test.war\".INSTALL" => "org.jboss.msc.service.StartException in service jboss.deployment.unit.\"test.war\".INSTALL: Failed to process phase INSTALL of deployment \"test.war\""}}
12:17:21,771 INFO [org.jboss.as.controller] (HttpManagementService-threads - 16) JBAS014774: Service status report
JBAS014777: Services which failed to start: service jboss.deployment.unit."test.war".INSTALL: org.jboss.msc.service.StartException in service jboss.deployment.unit."test.war".INSTALL: Failed to process phase INSTALL of deployment "test.war"
12:17:21,775 INFO [org.jboss.as.server.deployment] (MSC service thread 1-9) JBAS015877: Stopped deployment test.war in 3ms
在 standalone.xml 中定义您的登录模块:
<subsystem xmlns="urn:jboss:domain:security:1.2">
<security-domain name="cas" cache-type="default">
<authentication>
<login-module code="authenticator.CasLoginModule" flag="required" module="jasig">
<module-option name="ticketValidatorClass" value="org.jasig.cas.client.validation.Saml11TicketValidator"/>
<module-option name="casServerUrlPrefix" value="https://localhost:8443/cas"/>
<module-option name="roleGroupName" value="Roles"/>
<module-option name="defaultRoles" value="FOOBAR"/>
<module-option name="roleAttributeNames" value="Roles"/>
</login-module>
</authentication>
</security-domain>
您已经在 web.xml 中定义了 CAS 安全过滤器,这就足够了并且应该可以工作。
您在应用程序和服务器或 CAS 之间使用 CAS 协议吗?您的 Jasig 是否配置为使用 SAML 1.1。默认情况下,jasig 将使用 CAS。
如果您的配置已经有效,您应该可以进行 SSO。您是否创建了第二个 helloworld 来测试它?
为了在其他应用程序中重新进行身份验证,您将重定向到您的 CAS 服务器,该服务器已经知道用户已通过身份验证。所以最后,他会再次将他重定向到应用程序并提供 CAS 票证。
尝试这个 https://github.com/serac/java-cas-client-test 并检查差异是否仅适用于 hello world 建议...
我已经 Jboss AS7 和 CAS 部署并工作。
我还部署了一个测试应用程序 "Hello World",我需要将其与 CAS 集成。我的意思是我想通过 CAS 请求登录以访问此应用程序。
因此,在此之后我需要将其配置为如下工作:我将拥有更多应用程序并且我希望能够通过 CAS 登录我的应用程序之一,然后即使我更改应用程序,它会记得我的。
谁能告诉我该怎么做?
这是我的 web.xml:
<web-app id="simple" version="2.4">
<welcome-file-list>
<welcome-file>hello.html</welcome-file>
</welcome-file-list>
</web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>All resources</web-resource-name>
<description>Protects all resources</description>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>
org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://127.0.0.1:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://127.0.0.1</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://127.0.0.1:8443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://127.0.0.1:8443/cas</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>tolerance</param-name>
<param-value>1000</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
更新:按照您的说明进行操作后,我在尝试部署时遇到此错误:
12:17:21,765 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC00001: Failed to start service jboss.deployment.unit."test.war".INSTALL: org.jboss.msc.service.StartException in service jboss.deployment.unit."test.war".INSTALL: Failed to process phase INSTALL of deployment "test.war"
at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:119) [jboss-as-server-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_65]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_65]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_65]
Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: JBAS018096: Error instantiating container component: authenticator.CasAuthenticator
at org.jboss.as.web.deployment.WarDeploymentProcessor.getInstance(WarDeploymentProcessor.java:386)
at org.jboss.as.web.deployment.WarDeploymentProcessor.processDeployment(WarDeploymentProcessor.java:210)
at org.jboss.as.web.deployment.WarDeploymentProcessor.deploy(WarDeploymentProcessor.java:114)
at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:113) [jboss-as-server-7.1.1.Final.jar:7.1.1.Final]
... 5 more
Caused by: java.lang.ClassNotFoundException: authenticator.CasAuthenticator from [Module "deployment.test.war:main" from Service Module Loader]
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190) [jboss-modules.jar:1.1.1.GA]
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:468) [jboss-modules.jar:1.1.1.GA]
at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:456) [jboss-modules.jar:1.1.1.GA]
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398) [jboss-modules.jar:1.1.1.GA]
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:120) [jboss-modules.jar:1.1.1.GA]
at org.jboss.as.web.deployment.WarDeploymentProcessor.getInstance(WarDeploymentProcessor.java:378)
... 8 more
12:17:21,770 INFO [org.jboss.as.server] (HttpManagementService-threads - 16) JBAS015870: Deploy of deployment "test.war" was rolled back with failure message {"JBAS014671: Failed services" => {"jboss.deployment.unit.\"test.war\".INSTALL" => "org.jboss.msc.service.StartException in service jboss.deployment.unit.\"test.war\".INSTALL: Failed to process phase INSTALL of deployment \"test.war\""}}
12:17:21,771 INFO [org.jboss.as.controller] (HttpManagementService-threads - 16) JBAS014774: Service status report
JBAS014777: Services which failed to start: service jboss.deployment.unit."test.war".INSTALL: org.jboss.msc.service.StartException in service jboss.deployment.unit."test.war".INSTALL: Failed to process phase INSTALL of deployment "test.war"
12:17:21,775 INFO [org.jboss.as.server.deployment] (MSC service thread 1-9) JBAS015877: Stopped deployment test.war in 3ms
在 standalone.xml 中定义您的登录模块:
<subsystem xmlns="urn:jboss:domain:security:1.2">
<security-domain name="cas" cache-type="default">
<authentication>
<login-module code="authenticator.CasLoginModule" flag="required" module="jasig">
<module-option name="ticketValidatorClass" value="org.jasig.cas.client.validation.Saml11TicketValidator"/>
<module-option name="casServerUrlPrefix" value="https://localhost:8443/cas"/>
<module-option name="roleGroupName" value="Roles"/>
<module-option name="defaultRoles" value="FOOBAR"/>
<module-option name="roleAttributeNames" value="Roles"/>
</login-module>
</authentication>
</security-domain>
您已经在 web.xml 中定义了 CAS 安全过滤器,这就足够了并且应该可以工作。
您在应用程序和服务器或 CAS 之间使用 CAS 协议吗?您的 Jasig 是否配置为使用 SAML 1.1。默认情况下,jasig 将使用 CAS。
如果您的配置已经有效,您应该可以进行 SSO。您是否创建了第二个 helloworld 来测试它?
为了在其他应用程序中重新进行身份验证,您将重定向到您的 CAS 服务器,该服务器已经知道用户已通过身份验证。所以最后,他会再次将他重定向到应用程序并提供 CAS 票证。
尝试这个 https://github.com/serac/java-cas-client-test 并检查差异是否仅适用于 hello world 建议...