欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

JOSSO在JBOSS中安装与配置 JOSSOSSO

程序员文章站 2022-06-14 14:07:46
...

 

1JOSSO单点登录网关

1.1进入josso/bin目录,执行josso-gsh命令

1.2 安装JOSSO的核心Gateway,执行命令

gateway install --target <JBOSS_HOME> --jboss-instance default -  platform jb42

此命令实际上执行了如下操作:

1.2.1 Copy <JOSSO_HOME> \dist\gateway\config目录下文件至<JBOSS_HOME>\ server\default\conf目录下

1.2.2 Copy <JOSSO_HOME> \dist\gateway\apps目录下josso-gateway-web-1.8.0.war包至<JBOSS_HOME>\ server\default\deploy目录下,并重命名为josso.war

 

2、参与单点登录的Web

2.1进入josso/bin目录,执行josso-gsh命令

2.2安装JOSSO的agent,执行命令

agent install --target <JBOSS_HOME> --jboss-instance default --platform jb42

此命令实际上执行了如下操作:

2.2.1修改JBOSS JAAS(Java Authentication Authorization Service)验证

注释默认验证:   <Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"

修改%JAVA_HOME%\server\default\deploy\jboss-web.deployer目录下的server.xmlJAAS验证,用SSO验证,添加

<Realm className="org.josso.jb42.agent.JBossCatalinaRealm" appName="josso"

userClassNames="org.josso.gateway.identity.service.BaseUserImpl"

roleClassNames="org.josso.gateway.identity.service.BaseRoleImpl" debug="1" />

2.2.2修改%JBOSS_HOME%\server\default\conf目录下的login-config.xml文件

添加Josso的login模型。

<application-policy name = "josso">

<authentication>

<login-module code ="org.josso.jb4.agent.JBossSSOGatewayLoginModule" flag= "required">

<module-option name="debug">true</module-option>

</login-module>

</authentication>

</application-policy>

 

2.2.3修改%JAVA_HOME%\server\default\deploy\jboss-web.deployer目录下的server.xml大约在87行,在下面的代码后面添加SSO代理,在Host节点中添加SSO代理

<Valve className="org.josso.tc55.agent.SSOAgentValve" debug="1"/>

2.2.4在<JBOSS_HOME>\ server\default\conf目录下新建josso-agent-config.xml文件,此文件可在下载的JOSSO包中找到,服务器版本不同,此文件都不同,主要配置修改2个地方

<!-- Gateway LOGIN and LOGOUT URLs -->

<gatewayLoginUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginUrl>

<gatewayLogoutUrl>http://localhost:8080/josso/signon/logout.do</gatewayLogoutUrl>

这里是配置josso服务器的login和logout的url

需要加入认证的app

<agent:partner-apps>

<!-- Simple definition of a partner application -->

<agent:partner-app id="MySimplePartnerApp" context="/simple-partnerapp"/>

<agent:partner-app id="MyPartnerApp1" context="/partnerapp" >

</agent:partner-apps>

2.2.5 <JOSSO_HOME>\lib目录COPY相关jar包到<JBOSS_HOME>\server\default\lib目录

 

 

2.3Web应用进行改造

2.3.1 修改web.xml 安全策略

修改Web应用的web.xml文件,在其最后添加<security-constraint>、<security- role>等配置,设置相应Web应用中哪些角色对应用哪些资源具有访问权限,即在这里可以根据需要配置不同的角色,对应于不同的资源访问权限。如:

    <security-constraint>

        <!-- Sample Security Constraint -->

        <web-resource-collection>

            <!-- We're going to protect this resource and make it available only to users in "role1". -->

            <web-resource-name>public-resources</web-resource-name>

            <url-pattern>/resources/*</url-pattern>

            <http-method>HEAD</http-method>

            <http-method>GET</http-method>

            <http-method>POST</http-method>

            <http-method>PUT</http-method>

            <http-method>DELETE</http-method>

        </web-resource-collection>

        <!--

        No roles required, it means that this are public resources !

        Usefull to tell JOSSO that resources matching this security constraint

        should not be subject to SSO protection.

        -->

    </security-constraint>

    <security-constraint>

        <!-- Sample Security Constraint -->

        <web-resource-collection>

            <!-- We're going to protect this resource and make it available only to users in "role1". -->

            <web-resource-name>protected-resources</web-resource-name>

            <url-pattern>/*</url-pattern>

            <http-method>HEAD</http-method>

            <http-method>GET</http-method>

            <http-method>POST</http-method>

            <http-method>PUT</http-method>

            <http-method>DELETE</http-method>

        </web-resource-collection>

        <!-- NOTE: This role names will be retrieved by Josso using the proper identity store. -->

        <auth-constraint>

            <role-name>role1</role-name>

        </auth-constraint>

        <user-data-constraint>

            <transport-guarantee>NONE</transport-guarantee>

        </user-data-constraint>

    </security-constraint>

                    <!-- We only need tomcat to redirect the user -->

    <login-config>

        <auth-method>FORM</auth-method>

        <form-login-config>

            <!--

            NOTE: This will redirect the user to the proper login page provided by JOSSO.

            -->

            <form-login-page>/login-redirect.jsp</form-login-page>

            <form-error-page>/login-redirect.jsp</form-error-page>

        </form-login-config>

    </login-config>

    <security-role >

        <description>Role 1</description>

        <role-name>role1</role-name>

    </security-role>

在项目根目录下新增login-redirect.jsp页面,代码如下:

<%@page contentType="text/html; charset=UTF-8" language="java" session="true" %>

<!--

Redirects the user to the proper login page.  Configured as the login url the web.xml for this application.

-->

<%response.sendRedirect(request.getContextPath() + "/josso_login/");%>

2.3.2 修改jboss-web.xml

设置<security-domain>,必须与login-config.xml中的josso login模型名称一致,我这里名称为josso,故配置为java:/jaas/josso,如:

<jboss-web>

    <security-domain>java:/jaas/josso</security-domain>

    <context-root>/</context-root>

</jboss-web>

-----------------------------------------------------------------------------------------------------

From: http://xiaojianbo.iteye.com/blog/2065433

相关标签: JOSSO SSO