Posted on 2012-04-25 23:12
贝贝爸爸 阅读(1299)
评论(0) 编辑 收藏 所属分类:
CAS
nnd,今天搞了快2个小时,总是无法解决ldap支持的其他属性返回问题,因为之前配置的是3.3.5版本,现在最新的版本是3.4.11,原来的配置竟然无法使用了,原来是因为增加服务:
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
导致无法返回principal的其他属性到客户端,其实象这样配置即可:
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="contextSource" ref="contextSource" />
<property name="baseDN" value="ou=users,${ldap.basePath}" />
<property name="requireAllQueryAttributes" value="true" />
<!--
Attribute mapping beetween principal (key) and LDAP (value) names
used to perform the LDAP search. By default, multiple search criteria
are ANDed together. Set the queryType property to change to OR.
-->
<property name="queryAttributeMapping">
<map>
<entry key="username" value="uid" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<!-- Mapping beetween LDAP entry attributes (key) and Principal's (value) -->
<entry key="name" value="userName"/>
<entry key="uid" value="userId"/>
</map>
</property>
</bean>
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="0" />
<property name="name" value="HTTP" />
<property name="description" value="Only Allows HTTP Urls" />
<property name="serviceId" value="http://**" />
<property name="evaluationOrder" value="10000001" />
<property name="ignoreAttributes" value="true" />
</bean>
………………
</list>
</property>
</bean>
如上所示,其中注册的服务
registeredServices
默认是不允许返回其他属性到客户端的!!!!!,真的是很坑爹啊,不过,配置一下ignoreAttributes即可,也可以指定
allowedAttributes如下:
<property name="allowedAttributes">
<list>
<value><!-- your attribute key --></value>
</list>
</property>