CAS for HTTPS-to-HTTP retrofit scenarios

Source: Internet
Author: User
Tags cas send cookies

first of all, the specific transformation plan:Service side:First, the CAS server side of the modification 1, find cas\web-inf\deployerconfigcontext.xml to the following beans add parameter p:requiresecure= "false", which indicates whether security authentication is required, That is, Https,false is not used, plus go after the following: 
<!---    <id = "Proxyauthenticationhandler"            class= " Org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler "           P:httpclient-ref= "HttpClient"          p:requiresecure= "false"/ > 

2. Find Cas\web-inf\spring-configuration\ticketgrantingticketcookiegenerator.xml

 <  bean  id  = "Ticketgrantingticketcookiegenerator"   class  = "Org.jasig.cas.web.support.CookieRetrievingCookieGenerator"  p:cookiesecure  = "false"   p:cookiemaxage  = "-1"  p:cookiename  = "CASTGC"  p:cookiepath  = "/cas"  />  
The parameter p:cookiesecure= "true", which is related to HTTPS authentication, true for HTTPS authentication and consistent with Deployerconfigcontext.xml parameters. The parameter p:cookiemaxage= "-1", which is simply the maximum life cycle of a cookie, 1 is a life cycle, that is, only in the currently open IE window, ie close or reopen other windows, will still require validation. can be modified as necessary to a number greater than 0, such as 3600, meaning that within 3,600 seconds, open any IE window, do not need to verify. 3. Find Cas\web-inf\spring-configuration\warncookiegenerator.xml
<id= "Warncookiegenerator"  class= " Org.jasig.cas.web.support.CookieRetrievingCookieGenerator "p:cookiesecure=" false "  p:cookiemaxage= "-1"p:cookiename= "Casprivacy"P:cookiepath  = "/cas"/>
Two parameters are the same as above. should remain consistent.reasons for the transformation:Why don't you just set the Cookiesecure property to False? Let's go to the source of Cookie.class to see:
 /**   * indicates to the browser whether the     The cookie should only is sent * using a secure protocol, such as HTTPS or SSL.     * * <p>the default value is <code>false</code>. * *   @param   flag if <code>true</c     Ode> Sends the cookie from the browser * to the server if the using a secure protocol; * if <code>false</code>, sent on any protocol * *   @see   #getSecure *  */ public  void  setsecure (boolean  Span style= "color: #000000;"    > flag) {secure  = flag; }

Take a look at the comments in front of the method to understand. If set to true, then only the security protocol is used to send cookies to the server from the browser. The default is set to False. CAs, by default, supports the HTTPS protocol, and the default setting in CAs is true. If you want to change to HTTP, you have to set this property of the cookie to false.

The two beans involved in the CAs are related to cookies.

Client:Modify the HTTPS connection in the corresponding filter to http:
<Filter><Filter-name>CAS Single Sign Out Filter</Filter-name><Filter-class>Org.jasig.cas.client.session.SingleSignOutFilter</Filter-class><Init-param><Param-name>Casserverloginurl</Param-name><Param-value>Http://**.**.com/logout</Param-value><!--the server here is the IP of the service side -</Init-param></Filter><filter-mapping><Filter-name>CAS Single Sign Out Filter</Filter-name><Url-pattern>*.htm</Url-pattern></filter-mapping><filter-mapping><Filter-name>CAS Single Sign Out Filter</Filter-name><Url-pattern>*.json</Url-pattern></filter-mapping>

Now we can go to the HTTP protocol.

CAS for HTTPS-to-HTTP retrofit scenarios

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.