1.修改cas-servlet.xml
- <bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
- p:cookieSecure="true"
- p:cookieMaxAge="-1"
- p:cookieName="CASPRIVACY"
- p:cookiePath="/cas" />
- <bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
- p:cookieSecure="true "
- p:cookieMaxAge="-1"
- p:cookieName="CASTGC"
- p:cookiePath="/cas" />
<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="true"
p:cookieMaxAge="-1"
p:cookieName="CASPRIVACY"
p:cookiePath="/cas" />
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
p:cookieSecure="true "
p:cookieMaxAge="-1"
p:cookieName="CASTGC"
p:cookiePath="/cas" />
把上面連個bean中的p:cookieSecure="true "修改爲p:cookieSecure="false"
2.修改deployerConfigContext.xml
- <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
- p:httpClient-ref="httpClient" />
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
添加p:requireSecure="false"
3.修改casclient的客戶端
修改客戶端的https驗證
(1).edu.yale.its.tp.cas.client.filter.edu.yale.its.tp.cas.client.filter
- if (! casValidate.startsWith("https://")){
- throw new ServletException("validateUrl must start with https://, its current value is [" + casValidate + "]");
- }
- if (casServiceUrl != null){
- if (! (casServiceUrl.startsWith("https://")|| (casServiceUrl.startsWith("http://") ))){
- throw new ServletException("service URL must start with http:// or https://; its current value is [" + casServiceUrl + "]");
- }
- }
if (! casValidate.startsWith("https://")){
throw new ServletException("validateUrl must start with https://, its current value is [" + casValidate + "]");
}
if (casServiceUrl != null){
if (! (casServiceUrl.startsWith("https://")|| (casServiceUrl.startsWith("http://") ))){
throw new ServletException("service URL must start with http:// or https://; its current value is [" + casServiceUrl + "]");
}
}
把這兩段內容註釋掉
(2).修改edu.yale.its.tp.cas.util.SecureURL
- if (!u.getProtocol().equals("https")){
- // IOException may not be the best exception we could throw here
- // since the problem is with the URL argument we were passed, not
- // IO. -awp9
- log.error("retrieve(" + url + ") on an illegal URL since protocol was not https.");
- throw new IOException("only 'https' URLs are valid for this method");
- }
if (!u.getProtocol().equals("https")){
// IOException may not be the best exception we could throw here
// since the problem is with the URL argument we were passed, not
// IO. -awp9
log.error("retrieve(" + url + ") on an illegal URL since protocol was not https.");
throw new IOException("only 'https' URLs are valid for this method");
}
把這段內容註釋掉