CAS server 自定义认证方式和返回多个参数
沃阳飙
Mac上搭建cas
http://blog.csdn.net/qq_33264648/article/details/66475964
自定义认证方式
在项目的webapp/WEB-INF文件夹下,有个deployerConfigContext.xml文件,打开,找到这个地方。
<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<!--
| IMPORTANT
| Every handler requires a unique name.
| If more than one instance of the same handler class is configured, you must explicitly
| set its name to something other than its default name (typically the simple class name).
-->
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver"/>
<entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver"/>
</map>
</constructor-arg>
<!-- Uncomment the metadata populator to allow clearpass to capture and cache the password
This switch effectively will turn on clearpass.
<property name="authenticationMetaDataPopulators">
<util:list>
<bean class="org.jasig.cas.extension.clearpass.CacheCredentialsMetaDataPopulator"
c:credentialCache-ref="encryptedMap" />
</util:list>
</property>
-->
<!--
| Defines the security policy around authentication. Some alternative policies that ship with CAS:
|
| * NotPreventedAuthenticationPolicy - all credential must either pass or fail authentication
| * AllAuthenticationPolicy - all presented credential must be authenticated successfully
| * RequiredHandlerAuthenticationPolicy - specifies a handler that must authenticate its credential to pass
-->
<property name="authenticationPolicy">
<bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy"/>
</property>
</bean><entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver"/>
primaryAuthenticationHandler对应的bean就是cas默认的认证方式我们可以去修改它,添加我们自己认证的方式。新建ValidUserQueryAuthenticationHandler类,继承org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler这个类,在authenticateUsernamePasswordInternal这个方法中写自己的验证逻辑,我这里用jdbc的方式认证,首先在pom.xm中添加
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>${mysql.version}</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>${druid.version}</version>
</dependency>
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-support-jdbc</artifactId>
<version>${cas.version}</version>
</dependency>
在cas-server-support-jdbc这个模块中有4个可以继承的类,在这里我选择继承org.jasig.cas.adaptors.jdbc.AbstractJdbcUsernamePasswordAuthenticationHandler这个类,
public class ValidUserQueryAuthenticationHandler extends AbstractJdbcUsernamePasswordAuthenticationHandler {
private final String sql;
public ValidUserQueryAuthenticationHandler() {
sql = "SELECT password FROM user where name=?";
}
@Override
protected final HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential)
throws GeneralSecurityException, PreventedException {
String username = credential.getUsername();
String password = credential.getPassword();
try {
if (username == null || username.length() == 0) {
throw new FailedLoginException("username can't be null");
}
String e = this.getJdbcTemplate().queryForObject(this.sql, String.class, username);
String encryptedPassword = this.getPasswordEncoder().encode(password);
if (!e.equals(encryptedPassword)) {
throw new FailedLoginException("Password does not match value on record.");
}
} catch (IncorrectResultSizeDataAccessException var5) {
if (var5.getActualSize() == 0) {
throw new AccountNotFoundException(username + " not found with SQL query");
}
throw new FailedLoginException("Multiple records found for " + username);
} catch (DataAccessException var6) {
throw new PreventedException("SQL exception while executing query for " + username, var6);
}
return this.createHandlerResult(credential, new SimplePrincipal(username), null);
}
}
然后在deployerConfigContext.xml文件中写上
<!--<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<property name="users">
<map>
<entry key="casuser" value="Mellon"/>
</map>
</property>
</bean>-->
<bean id="primaryAuthenticationHandler" class="com.castest.ValidUserQueryAuthenticationHandler"
p:dataSource-ref="dataSource" p:passwordEncoder-ref="passwordEncoder"/>
<bean id="passwordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" c:_0="md5"/>
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="init" destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<property name="url" value="jdbc:mysql://localhost:3306/webtest?useUnicode=true&characterEncoding=utf-8"/>
<property name="username" value="root"/>
<property name="password" value="123456"/>
<property name="validationQuery" value="select 1"/>
</bean>它原来的认证逻辑要注释掉,换上自己的,这里有一个passwordEncoder,这是密码加密方式,可以不写,也可以自定义,只要实现接口org.jasig.cas.authentication.handler.PasswordEncoder就可以了,dataSource是数据源,自己另外配置。
整个流程就完成了。
返回多个参数
在deployerConfigContext.xml文件中找到这段代码
<bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"
p:backingMap-ref="attrRepoBackingMap"/>
<util:map id="attrRepoBackingMap">
<entry key="uid" value="uid"/>
<entry key="eduPersonAffiliation" value="eduPersonAffiliation"/>
<entry key="groupMembership" value="groupMembership"/>
</util:map>StubPersonAttributeDao这个类就是对返回的值的处理,我们可以继承这个类来处理。新建MultipleAttributeUserDao类,继承StubPersonAttributeDao,在deployerConfigContext.xml文件中把上面的代码换成下面的代码。
<bean id="attributeRepository" class="com.castest.MultipleAttributeUserDao"/>在MultipleAttributeUserDao这个类中重写public IPersonAttributes getPerson(String uid)这个方法,这个类就是处理返回值的方法,uid就是登陆传的username,类似下面的代码。
@Override
public IPersonAttributes getPerson(String uid) {
Map<String, List<Object>> attributes = new HashMap<String, List<Object>>();
attributes.put("from_name", Collections.<Object>singletonList(uid));
attributes.put("email", Collections.<Object>singletonList("123456@qq.com"));
attributes.put("phone", Collections.<Object>singletonList("123456"));
return new AttributeNamedPersonImpl(attributes);
}
类似资料: