关于启用RememberMe功能所需做的修改描述
- /**
- * @see CAS服务端RememberMe
- * @see ------------------------------------------------------------------------------------------------------------------------
- * @see 关于RememberMe,可参考官方文档,网址如下(下面两个网址描述的RememberMe实现都是一样的,只是第二个还有其它描述)
- * @see http://jasig.github.io/cas/development/installation/Configuring-LongTerm-Authentication.html
- * @see http://jasig.github.io/cas/4.0.x/installation/Configuring-Authentication-Components.html#long-term-authentication
- * @see RememberMe也就是平时所说的记住密码的功能,可以让用户登录成功后,关闭浏览器再重新打开浏览器访问应用时不需要再次登录
- * @see RememberMe与上面的Session超时配置tgt.timeToKillInSeconds是两回事,Session超时是针对一次会话而言,RememberMe则更广
- * @see 另外本文的CAS-4.0.3服务端源码修改,是在我的以下三篇博文基础上修改的,最终我会在CSDN上提供整体源码下载
- * @see http://blog.csdn.net/jadyer/article/details/46875393
- * @see http://blog.csdn.net/jadyer/article/details/46914661
- * @see http://blog.csdn.net/jadyer/article/details/46916169
- * @see 具体修改步骤如下
- * @see 1.cas.properties中新增配置项rememberMeDuration=1209600
- * @see 2.ticketExpirationPolicies.xml中新增RememberMe过期策略的配置
- * @see 3.ticketGrantingTicketCookieGenerator.xml中新增属性项p:rememberMeMaxAge="${rememberMeDuration:1209600}"
- * @see 4.deployerConfigContext.xml
- * @see 5.casLoginView.jsp表单中增加rememberMe字段
- * @see 6.login-webflow.xml增加接收表单rememberMe字段的配置
- * @see 7.UsernamePasswordCaptchaCredential.java集成RememberMeUsernamePasswordCredential使得可以接收表单的rememberMe字段
- * @see ------------------------------------------------------------------------------------------------------------------------
- * @create @create 2016-6-6 下午08:34:18
- * @author 玄玉<http://blog.csdn.net/jadyer>
- */
1.ticketExpirationPolicies.xml的修改
- <?xml version="1.0" encoding="UTF-8"?>
- <!--
- Licensed to Jasig under one or more contributor license
- agreements. See the NOTICE file distributed with this work
- for additional information regarding copyright ownership.
- Jasig licenses this file to you under the Apache License,
- Version 2.0 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a
- copy of the License at the following location:
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
- -->
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c" xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util.xsd">
- <description>
- Assignment of expiration policies for the different tickets generated by CAS including ticket granting ticket
- (TGT), service ticket (ST), proxy granting ticket (PGT), and proxy ticket (PT).
- These expiration policies determine how long the ticket they are assigned to can be used and even how often they
- can be used before becoming expired / invalid.
- </description>
- <!-- Expiration policies -->
- <util:constant id="SECONDS" static-field="java.util.concurrent.TimeUnit.SECONDS"/>
- <bean id="serviceTicketExpirationPolicy" class="org.jasig.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy"
- c:numberOfUses="1" c:timeToKill="${st.timeToKillInSeconds:10}" c:timeUnit-ref="SECONDS"/>
- <!-- TicketGrantingTicketExpirationPolicy: Default as of 3.5 -->
- <!-- Provides both idle and hard timeouts, for instance 2 hour sliding window with an 8 hour max lifetime -->
- <!--
- <bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.TicketGrantingTicketExpirationPolicy"
- p:maxTimeToLiveInSeconds="${tgt.maxTimeToLiveInSeconds:28800}"
- p:timeToKillInSeconds="${tgt.timeToKillInSeconds:7200}"/>
- -->
- <!-- 以下为RememberMe所需配置 -->
- <!-- 这里要先把原有的<bean id="grantingTicketExpirationPolicy">注释掉,如上所示 -->
- <!-- 之所以注释是因为applicationContext.xml的第117行要用到<bean id="grantingTicketExpirationPolicy"> -->
- <!-- 而我们实现RememberMe需要用到的是RememberMeDelegatingExpirationPolicy,而非默认的TicketGrantingTicketExpirationPolicy -->
- <!-- 看看下面的配置就一目了然了 -->
- <!--
- | The following policy applies to standard CAS SSO sessions.
- | Default 2h (7200s) sliding expiration with default 8h (28800s) maximum lifetime.
- -->
- <bean id="standardSessionTGTExpirationPolicy" class="org.jasig.cas.ticket.support.TicketGrantingTicketExpirationPolicy"
- p:maxTimeToLiveInSeconds="${tgt.maxTimeToLiveInSeconds:28800}"
- p:timeToKillInSeconds="${tgt.timeToKillInSeconds:7200}"/>
- <!--
- | The following policy applies to long term CAS SSO sessions.
- | Default duration is two weeks (1209600s).
- -->
- <bean id="longTermSessionTGTExpirationPolicy" class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy"
- c:timeToKillInMilliSeconds="#{ ${rememberMeDuration:1209600} * 1000 }"/>
- <bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.RememberMeDelegatingExpirationPolicy"
- p:sessionExpirationPolicy-ref="standardSessionTGTExpirationPolicy"
- p:rememberMeExpirationPolicy-ref="longTermSessionTGTExpirationPolicy"/>
- </beans>
2.ticketGrantingTicketCookieGenerator.xml的修改
- <?xml version="1.0" encoding="UTF-8"?>
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:p="http://www.springframework.org/schema/p"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
- <description>
- Defines the cookie that stores the TicketGrantingTicket. You most likely should never modify these (especially the "secure" property).
- You can change the name if you want to make it harder for people to guess.
- </description>
- <!-- 针对RememberMe需增加p:rememberMeMaxAge属性配置 -->
- <bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
- p:cookieSecure="false"
- p:cookieMaxAge="-1"
- p:rememberMeMaxAge="${rememberMeDuration:1209600}"
- p:cookieName="CASTGC"
- p:cookiePath="/cas" />
- </beans>
3.deployerConfigContext.xml修改的部分
- <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
- <constructor-arg>
- <map>
- <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
- <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />
- </map>
- </constructor-arg>
- <property name="authenticationPolicy">
- <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
- </property>
- <!-- 针对RememberMe需增加的属性配置 -->
- <property name="authenticationMetaDataPopulators">
- <list>
- <bean class="org.jasig.cas.authentication.SuccessfulHandlerMetaDataPopulator"/>
- <bean class="org.jasig.cas.authentication.principal.RememberMeAuthenticationMetaDataPopulator"/>
- </list>
- </property>
- </bean>
4.login-webflow.xml修改的部分
- <view-state id="viewLoginForm" view="casLoginView" model="credential">
- <binder>
- <binding property="username"/>
- <binding property="password"/>
- <!-- 前台表单添加验证码字段captcha -->
- <binding property="captcha"/>
- <!-- 前台表单添加RememberMe字段 -->
- <binding property="rememberMe"/>
- </binder>
- <on-entry>
- <set name="viewScope.commandName" value="'credential'" />
- </on-entry>
- <transition on="submit" bind="true" validate="true" to="validateCaptcha">
- <evaluate expression="authenticationViaCaptchaFormAction.doBind(flowRequestContext, flowScope.credential)" />
- </transition>
- </view-state>
5.//WEB-INF//view//jsp//star//ui//casLoginView.jsp
- <tr>
- <td>
- <input type="checkbox" tabindex="4" name="rememberMe" value="true"/>
- <label for="warn">RememberMe</label>
- </td>
- </tr>
6.最后是cas.properties中增加的rememberMeDuration配置
- #服务端RememberMe的有效期,默认为1209600s,即两周
- rememberMeDuration=120960