JOSSO在JBOSS中安装与配置
JOSSO在JBOSS中安裝與配置
?
1、JOSSO單點登錄網關
1.1進入josso/bin目錄,執行josso-gsh命令
1.2 安裝JOSSO的核心Gateway,執行命令
gateway install --target <JBOSS_HOME> --jboss-instance default -? platform jb42
此命令實際上執行了如下操作:
1.2.1 Copy <JOSSO_HOME> \dist\gateway\config目錄下文件至<JBOSS_HOME>\ server\default\conf目錄下
1.2.2 Copy <JOSSO_HOME> \dist\gateway\apps目錄下josso-gateway-web-1.8.0.war包至<JBOSS_HOME>\ server\default\deploy目錄下,并重命名為josso.war
?
2、參與單點登錄的Web
2.1進入josso/bin目錄,執行josso-gsh命令
2.2安裝JOSSO的agent,執行命令
agent install --target <JBOSS_HOME> --jboss-instance default --platform jb42
此命令實際上執行了如下操作:
2.2.1修改JBOSS JAAS(Java Authentication Authorization Service)驗證
注釋默認驗證:?? <Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
修改%JAVA_HOME%\server\default\deploy\jboss-web.deployer目錄下的server.xml的JAAS驗證,用SSO驗證,添加
<Realm className="org.josso.jb42.agent.JBossCatalinaRealm" appName="josso"
userClassNames="org.josso.gateway.identity.service.BaseUserImpl"
roleClassNames="org.josso.gateway.identity.service.BaseRoleImpl" debug="1" />
2.2.2修改%JBOSS_HOME%\server\default\conf目錄下的login-config.xml文件
添加Josso的login模型。
<application-policy name = "josso">
<authentication>
<login-module code ="org.josso.jb4.agent.JBossSSOGatewayLoginModule" flag= "required">
<module-option name="debug">true</module-option>
</login-module>
</authentication>
</application-policy>
?
2.2.3修改%JAVA_HOME%\server\default\deploy\jboss-web.deployer目錄下的server.xml大約在87行,在下面的代碼后面添加SSO代理,在Host節點中添加SSO代理
<Valve className="org.josso.tc55.agent.SSOAgentValve" debug="1"/>
2.2.4在<JBOSS_HOME>\ server\default\conf目錄下新建josso-agent-config.xml文件,此文件可在下載的JOSSO包中找到,服務器版本不同,此文件都不同,主要配置修改2個地方
<!-- Gateway LOGIN and LOGOUT URLs -->
<gatewayLoginUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginUrl>
<gatewayLogoutUrl>http://localhost:8080/josso/signon/logout.do</gatewayLogoutUrl>
這里是配置josso服務器的login和logout的url
需要加入認證的app
<agent:partner-apps>
<!-- Simple definition of a partner application -->
<agent:partner-app id="MySimplePartnerApp" context="/simple-partnerapp"/>
<agent:partner-app id="MyPartnerApp1" context="/partnerapp" >
</agent:partner-apps>
2.2.5 從<JOSSO_HOME>\lib目錄COPY相關jar包到<JBOSS_HOME>\server\default\lib目錄
?
?
2.3對Web應用進行改造
2.3.1 修改web.xml 安全策略
修改Web應用的web.xml文件,在其最后添加<security-constraint>、<security- role>等配置,設置相應Web應用中哪些角色對應用哪些資源具有訪問權限,即在這里可以根據需要配置不同的角色,對應于不同的資源訪問權限。如:
??? <security-constraint>
??????? <!-- Sample Security Constraint -->
??????? <web-resource-collection>
??????????? <!-- We're going to protect this resource and make it available only to users in "role1". -->
??????????? <web-resource-name>public-resources</web-resource-name>
??????????? <url-pattern>/resources/*</url-pattern>
??????????? <http-method>HEAD</http-method>
??????????? <http-method>GET</http-method>
??????????? <http-method>POST</http-method>
??????????? <http-method>PUT</http-method>
??????????? <http-method>DELETE</http-method>
??????? </web-resource-collection>
??????? <!--
??????? No roles required, it means that this are public resources !
??????? Usefull to tell JOSSO that resources matching this security constraint
??????? should not be subject to SSO protection.
??????? -->
??? </security-constraint>
??? <security-constraint>
??????? <!-- Sample Security Constraint -->
??????? <web-resource-collection>
??????????? <!-- We're going to protect this resource and make it available only to users in "role1". -->
??????????? <web-resource-name>protected-resources</web-resource-name>
??????????? <url-pattern>/*</url-pattern>
??????????? <http-method>HEAD</http-method>
??????????? <http-method>GET</http-method>
??????????? <http-method>POST</http-method>
??????????? <http-method>PUT</http-method>
??????????? <http-method>DELETE</http-method>
??????? </web-resource-collection>
??????? <!-- NOTE: This role names will be retrieved by Josso using the proper identity store. -->
??????? <auth-constraint>
??????????? <role-name>role1</role-name>
??????? </auth-constraint>
??????? <user-data-constraint>
??????????? <transport-guarantee>NONE</transport-guarantee>
??????? </user-data-constraint>
??? </security-constraint>
??????????????????? <!-- We only need tomcat to redirect the user -->
??? <login-config>
??????? <auth-method>FORM</auth-method>
??????? <form-login-config>
??????????? <!--
??????????? NOTE: This will redirect the user to the proper login page provided by JOSSO.
??????????? -->
??????????? <form-login-page>/login-redirect.jsp</form-login-page>
??????????? <form-error-page>/login-redirect.jsp</form-error-page>
??????? </form-login-config>
??? </login-config>
??? <security-role >
??????? <description>Role 1</description>
??????? <role-name>role1</role-name>
??? </security-role>
在項目根目錄下新增login-redirect.jsp頁面,代碼如下:
<%@page contentType="text/html; charset=UTF-8" language="java" session="true" %>
<!--
Redirects the user to the proper login page.? Configured as the login url the web.xml for this application.
-->
<%response.sendRedirect(request.getContextPath() + "/josso_login/");%>
2.3.2 修改jboss-web.xml
設置<security-domain>,必須與login-config.xml中的josso login模型名稱一致,我這里名稱為josso,故配置為java:/jaas/josso,如:
<jboss-web>
??? <security-domain>java:/jaas/josso</security-domain>
??? <context-root>/</context-root>
</jboss-web>
轉載于:https://my.oschina.net/vdroid/blog/264339
總結
以上是生活随笔為你收集整理的JOSSO在JBOSS中安装与配置的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 用ASP.NET 2.0设计网络在线投票
- 下一篇: 插件之基类窗体