uPortal配置CAS,配置登陆、登出链接

 

配置uPortal的cas

 

    uPortal 4 默认绑定了一个cas服务. 这个cas 服务跟uPortal服务一起启动。

    如果默认的cas有以下几项发生改变之后，要想uPortal继续能够使用默认绑定的cas，则uPortal也要修改两个文件才能继续使用cas：web.xml和security.properties。

• server hostname cas
• server port
• SSL/non-SSL
• application context name change
• uPortal和cas不再用localhost访问，从其他地方用ip访问

修改：1.web.xml： CAS Validate Filter里面的"localhost"改成cas服务地址

  2.security.properties： "logoutRedirect.root" 和 "org.jasig.portal.channels.CLogin.CasLoginUrl"对应的地址

 

Option 1: 修改默认自带的cas

Step 1: 修改filters/local.properties

 1. NEW: 在filters文件夹,  local.properties文件记录了cas服务器的配置，把“localhost:8080”改成cas修改后的地址即可。

# HSQL Configuration environment.build.hsql.port=8887   # Database Connection Settings (Uncomment the Maven Filters section in rdbm.properties) environment.build.hibernate.connection.driver_class=org.hsqldb.jdbc.JDBCDriver environment.build.hibernate.connection.url=jdbc:hsqldb:hsql://localhost:${environment.build.hsql.port}/uPortal environment.build.hibernate.connection.username=sa environment.build.hibernate.connection.password= environment.build.hibernate.dialect=org.hibernate.dialect.HSQLDialect   # uPortal server configuration properties environment.build.uportal.server=localhost:8080 environment.build.uportal.protocol=http environment.build.uportal.context=/uPortal environment.build.uportal.email.fromAddress=portal@university.edu   # CAS server configuration properties environment.build.cas.server=localhost:8080 environment.build.cas.protocol=http

 

Step 2: uportal-war/src/main/resources/properties/security.properties

如果你要修改uPortal首页的登录和登出连接，则找到security.properties文件,修改即可。

logoutRedirect.root 默认情况下登出是跳到了cas的登出页面. 如果你想用户点击“ logging out“跳转到你想要的页面 你就把登出超链接的"url="修改成"service=" logoutRedirect.root=${environment.build.cas.protocol}://${environment.build.cas.server}/cas/logout? service=${environment.build.uportal.protocol}://${environment.build.uportal.server}${environment.build.uportal.context}/Login

uportal-war/src/main/resources/properties/security.properties

## This is the factory that supplies the concrete authentication class root=org.jasig.portal.security.provider.UnionSecurityContextFactory root.cas=org.jasig.portal.security.provider.cas.CasAssertionSecurityContextFactory #root.cas=org.jasig.cas3.extensions.clearpass,integration.uportal.PasswordCachingCasAssertionSecurityContextFactory root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory   ## Answers what tokens are examined in the request for each context during authentication. ## A subcontext only needs to set its tokens if it differs from those of the root context. principalToken.root=userName credentialToken.root=password credentialToken.root.cas=ticket   ## Answers where the user will be redirected when log out occurs. Each security context can have one. ## (See comments in the LogoutServlet class) ## It would be better to escape the value of the url parameter, but since there are no parameters on the ## unescaped URL and since there are no further parameters on the logout URL, this does work. logoutRedirect.root=${environment.build.cas.protocol}://${environment.build.cas.server}/cas/logout?url=${environment.build.uportal.protocol}://${environment.build.uportal.server}${environment.build.uportal.context}/Login     ## This is the factory that supplies the concrete authorization class authorizationProvider=org.jasig.portal.security.provider.AuthorizationServiceFactoryImpl     ## Login URL, if specified the CLogin channel will display a Login link with ## this URL instead of the standard userName/password form. org.jasig.portal.channels.CLogin.CasLoginUrl=${environment.build.cas.protocol}://${environment.build.cas.server}/cas/login?service=${environment.build.uportal.protocol}://${environment.build.uportal.server}${environment.build.uportal.context}/Login     ## URL of the CAS cleartext password service #org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory.clearPassCasUrl=${environment.build.cas.protocol}://${environment.build.cas.server}/cas/clearPass     ### ...

 

Step 3: Rebuild uPortal

这里是要先情况之前老的部署，cmd命令进入..\uPortal-4.0.5-quick-start\uPortal-4.0.5,不能会报出找不到clean这个目标

ant clean deploy-ear

Step 4: Restart Tomcat

Note: If you choose not to configure the CasLoginUrl parameter you will receive the following error, "Could not resolve property placeholder ${org.jasig.portal.channels.CLogin.CasLoginUrl}". This error stems from the CasLoginUrl parameter being referenced in two files: jsonRenderingPipelinContext.xml andrenderingPipelineContext.xml located in the directory path, uportal-war/src/main/resources/properties/contexts. Therefore, you will need to remove (comment out) the CasLoginUrl parameter reference in the two xml files. <entry key="EXTERNAL_LOGIN_URL" value="${org.jasig.portal.channels.CLogin.CasLoginUrl}" />

Option 2: 配置使用外部独立配置的CAS

要使 uPortal 使用外部的cas.同样的要先进行上面的配置。不同的是，你也许想把原来的移除掉

Steps 1 and 2:跟上面配置一样，修改两个文件。

同上，修改 web.xml和 security.properties两个文件，让uPortal找打新的CAS的URL

Step 3: 移除默认的CAS

通过命令”ant deploy-ear“来移除默认cas，先修改:

1. 注释或删除uportal-portlets-overlay/pom.xml文件的  <module>cas</module> .
2. 注释或删除  uportal-ear/pom.xml 的CAS <dependency>部分和 <webModule> 元素 .

Step 4. Rebuild uPortal

ant clean deploy-ear

Step 5: Restart Tomcat