將CAS https認證的方式改為http

最近，在做CAS單點登陸的一個模組，由於公司的產品太多，各個系統都要部署，在開發中Https的認證的部署比較麻煩，所以，打算把CAS的Https去掉。具體的修改如下

1.修改cas-servlet.xml Java代碼

1. <bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"  
2.         p:cookieSecure="true"  
3.         p:cookieMaxAge="-1"  
4.         p:cookieName="CASPRIVACY"  
5.         p:cookiePath="/cas" />   
6.        
7.     <bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"  
8.         p:cookieSecure="true "  
9.         p:cookieMaxAge="-1"  
10.         p:cookieName="CASTGC"  
11.         p:cookiePath="/cas" />  

<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"p:cookieSecure="true"p:cookieMaxAge="-1"p:cookieName="CASPRIVACY"p:cookiePath="/cas" /><bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"p:cookieSecure="true "p:cookieMaxAge="-1"p:cookieName="CASTGC"p:cookiePath="/cas" />

把上面連個bean中的p:cookieSecure="true "修改為p:cookieSecure="false"
2.修改deployerConfigContext.xml Java代碼

1. <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"  
2.                     p:httpClient-ref="httpClient" />  

<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"p:httpClient-ref="httpClient" />

添加p:requireSecure="false"

3.修改casclient的用戶端

修改用戶端的https驗證
(1).edu.yale.its.tp.cas.client.filter.edu.yale.its.tp.cas.client.filter

Java代碼

1. if (! casValidate.startsWith("https://")){   
2.             throw new ServletException("validateUrl must start with https://, its current value is [" + casValidate + "]");   
3.         }   
4. if (casServiceUrl != null){   
5.             if (! (casServiceUrl.startsWith("https://")|| (casServiceUrl.startsWith("http://") ))){   
6.                 throw new ServletException("service URL must start with http:// or https://; its current value is [" + casServiceUrl + "]");   
7.             }   
8.         }  

if (! casValidate.startsWith("https://")){            throw new ServletException("validateUrl must start with https://, its current value is [" + casValidate + "]");        }if (casServiceUrl != null){            if (! (casServiceUrl.startsWith("https://")|| (casServiceUrl.startsWith("http://") ))){                throw new ServletException("service URL must start with http:// or https://; its current value is [" + casServiceUrl + "]");            }        }

把這兩段內容注釋掉

(2).修改edu.yale.its.tp.cas.util.SecureURL

Java代碼

1. if (!u.getProtocol().equals("https")){   
2.                 // IOException may not be the best exception we could throw here   
3.                 // since the problem is with the URL argument we were passed, not   
4.                 // IO. -awp9   
5.                 log.error("retrieve(" + url + ") on an illegal URL since protocol was not https.");   
6.                             throw new IOException("only 'https' URLs are valid for this method");   
7.             }  

if (!u.getProtocol().equals("https")){            // IOException may not be the best exception we could throw here            // since the problem is with the URL argument we were passed, not            // IO. -awp9            log.error("retrieve(" + url + ") on an illegal URL since protocol was not https.");throw new IOException("only 'https' URLs are valid for this method");            }

把這段內容注釋掉