基本上的操作并不会改变多少,只是看认证方式复杂程度,因为这一块需要自己实现.这里使用Confluence做一个简单的Demo.
安装破解Confluence
破解工具confluence_keygen.jar
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| 我使用的是Confluence6.6.15
将Confluence安装好之后不启动Confluence
将Confluence安装目录D:\Atlassian\Confluence\confluence\WEB-INF\lib下的atlassian-extras-decoder-v2-3.2.jar复制到其他位置并改名为atlassian-extras-2.4.jar
使用破解工具的.patch!将刚复制的atlassian-extras-2.4.jar进行破解
成功后将atlassian-extras-2.4.jar改名为atlassian-extras-decoder-v2-3.2.jar
替换安装目录的jar文件
启动Confluence
选择产品验证
使用破解工具,随便输入数据,将Confluence自身的Server ID复制到指定栏
点击.gen!,复制生成Key,破解完成
|
Confluence的Cas依赖包
Cas服务架构
我们使用Cas自带的Overlay来架构自己的Cas服务,有Gradle和Maven
我选Maven模式5.3版本的GitHub分支
Cas服务下载GitHub
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| 下载好之后执行./build package
其实README上都有详细的介绍
执行之后会出现target目录,目录中有war包
新建Maven项目,将cas-overlay-template的pom文件内容复制到项目pom文件中
项目中新建webapp文件
将war包中的内容解压到webapp中
webapp
--META-INF
--org
--WEB-INF
配置下Tomcat,就可以直接启动Cas服务了
Cas的配置都在webapp/WEB-INF/classes/application.properties中
|
需要修改的3个Confluence文件
| 文件名 |
路径 |
| web.xml |
D:\Atlassian\Confluence\confluence\WEB-INF\web.xml |
| seraph-config.xml |
D:\Atlassian\Confluence\confluence\WEB-INF\classes\seraph-config.xml |
| xwork.xml |
D:\Atlassian\Confluence\confluence\WEB-INF\classes\xwork.xml |
| 其中xwork.xml来自D:\Atlassian\Confluence\confluence\WEB-INF\lib\confluence-6.6.15.jar,将其复制到classes文件夹内 |
|
配置web.xml
所有filter之后
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
<filter>
<filter-name>CasSingleSignOutFilter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://192.168.40.124:8080/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://192.168.40.124:8090/</param-value>
</init-param>
</filter>
<filter>
<filter-name>CasAuthenticationFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://192.168.40.124:8080/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://192.168.40.124:8090/</param-value>
</init-param>
</filter>
<filter>
<filter-name>CasValidationFilter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://192.168.40.124:8080</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://192.168.40.124:8090/</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter>
|
login之前
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
<filter-mapping>
<filter-name>CasSingleSignOutFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CasAuthenticationFilter</filter-name>
<url-pattern>/login.action</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CasValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
|
Servlet Context Listeners之后
1
2
3
4
5
6
|
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
|
配置seraph-config.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| <init-param>
<param-name>login.url</param-name>
<param-value>http://192.168.40.124:8080/login?service=${originalurl}</param-value>
</init-param>
<init-param>
<param-name>link.login.url</param-name>
<param-value>http://192.168.40.124:8080/login?service=${originalurl}</param-value>
</init-param>
<authenticator class="org.jasig.cas.client.integration.atlassian.ConfluenceCasAuthenticator"/>
|
配置xwork.xml
1
2
3
4
5
6
7
| <action name="logout" class="com.atlassian.confluence.user.actions.LogoutAction">
<interceptor-ref name="defaultStack"/>
<result name="success" type="redirect">http://192.168.40.124:8080/logout</result>
</action>
|
注意点
- 依赖包一定要3.3.3版本的,我下3.5.1版本的会报错
- Cas服务需要修改支持http,修改WEB-INF\classes\services\HTTPSandIMAPS-10000001.json
- 出现403错误ticket验证不了需要使用IP的方式,不能使用localhost
application.properties配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
| # 出现服务未定义时,需要加上这个配置
cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.json.location=classpath:/services
##
# CAS Authentication Credentials
#
#cas.authn.accept.users=superadmin::system
#数据库配置
#配置密码加密
cas.authn.jdbc.query[0].passwordEncoder.type=DEFAULT
cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8
cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5
cas.authn.jdbc.query[0].sql=SELECT * FROM global_users WHERE user_name =?
#select * from cms_auth_user where user_name=?
cas.authn.jdbc.query[0].healthQuery=
cas.authn.jdbc.query[0].isolateInternalQueries=false
cas.authn.jdbc.query[0].url=jdbc:mysql://dmysql01:3306/fdfs?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&useSSL=false
#cas.authn.jdbc.query[0].failFast=true
#cas.authn.jdbc.query[0].isolationLevelName=ISOLATION_READ_COMMITTED
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect
cas.authn.jdbc.query[0].leakThreshold=10
#cas.authn.jdbc.query[0].propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.jdbc.query[0].batchSize=1
cas.authn.jdbc.query[0].user=root
#cas.authn.jdbc.query[0].ddlAuto=create-drop
#cas.authn.jdbc.query[0].maxAgeDays=180
cas.authn.jdbc.query[0].password=123456
cas.authn.jdbc.query[0].autocommit=false
cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
cas.authn.jdbc.query[0].idleTimeout=5000
# cas.authn.jdbc.query[0].credentialCriteria=
# cas.authn.jdbc.query[0].name=
# cas.authn.jdbc.query[0].order=0
# cas.authn.jdbc.query[0].dataSourceName=
# cas.authn.jdbc.query[0].dataSourceProxy=false
cas.authn.jdbc.query[0].fieldPassword=PASSWORD
|