CAS实战の自定义登录

　　由于每个版本的改动较大，所以先把版本号列出：

　　服务端版本：cas server 4.0.0

　　客户端版本：cas client 3.3.3

一、自定义登录页面

　　页面路径：/WebContent/WEB-INF/view/jsp/default/ui/casLoginView.jsp

　　在定义登录页面的时候，记住include cas自带的两个页面，不能少：

/WebContent/WEB-INF/view/jsp/default/ui/includes/bottom.jsp

/WebContent/WEB-INF/view/jsp/default/ui/includes/top.jsp

　　注意以下核心代码的替换，其余的依葫芦画瓢：

<div class="fl con">
<div class="login_wrap">
<h1>中央登陆系统</h1>
<div class="login">
<form:form method="post" id="fm1" commandName="${commandName}" htmlEscape="true">

<div class="clearfix mb15">
<label for="account" class="fl">登录名：</label><input type="text" name="username" id="username" class="fl" required="true" />
</div>
<div class="clearfix mb15">
<label for="psd" class="fl">登录密码</label><input type="password" id="password" name="password" class="fl" required="true" />
</div>
<div class="clearfix lastline">
<span class="fl mt10"><input type="checkbox" class="check"><em>记住登录名</em></span> <input class="btn fl" name="submit" value="登陆" accesskey="l"  tabindex="4" type="submit" />
</div>
<form:errors path="*" id="msg" cssClass="errors" element="div" htmlEscape="false" />
<h1><spring:message code="screen.welcome.instructions" /></h1>
<br />
<div id="loadInfo" style="color: #ffffff"></div>
<div id="loginRslt" style="color: red"></div>
<input type="hidden" name="lt" value="${loginTicket}" />
<input type="hidden" name="execution" value="${flowExecutionKey}" />
<input type="hidden" name="_eventId" value="submit" />
<!-- <input class="btn fl" name="submit" accesskey="l"  tabindex="4" type="submit" /> -->
</form:form>
</div>
</div>
</div>

　　标红的，在后台获取的时候必须写法保证一致！

二、自定义登录流程

　　step1:由于cas在deployerConfigContext.xml中默认配置固定登录方式（用户名：casuser 密码：Mellon），所以第一步先注释如下代码：

<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<!-- <property name="users">
<map>
<entry key="casuser" value="Mellon"/>
</map>
</property>
-->
</bean>

　　step2:自定义认证类，此类继承AbstractUsernamePasswordAuthenticationHandler，重写authenticateUsernamePasswordInternal方法：

@Override
protected final HandlerResult authenticateUsernamePasswordInternal(
final UsernamePasswordCredential credential) throws GeneralSecurityException,
PreventedException {
// TODO Auto-generated method stub
//表单录入数据
final String userName = credential.getUsername();
final String password = credential.getPassword();
User u = new User();
u.setUserName(userName);
u.setPassword(MD5.getMD5(password));
boolean flag = dbService.checkAuth(u);
if (flag) {
return createHandlerResult(credential, new SimplePrincipal(userName), null);
}else if (adService.check(userName,password)) {
u = adService.GetADInfo(userName);
dbService.addUser(u);
return createHandlerResult(credential, new SimplePrincipal(userName), null);
}else {
throw new FailedLoginException("");
}
}

　　自定义认证，还可以直接在deployerConfigContext.xml配置database，配置用户验证的sql。网上资料丰富，暂且不表。

　　类编写完之后，注意将deployerConfigContext.xml配置的验证bean的类路径修改为你自定义的认证类：

<bean id="primaryAuthenticationHandler"
class="xx.xx.xx">
<!-- <property name="users">
<map>
<entry key="casuser" value="Mellon"/>
</map>
</property>
-->
</bean>

三、自定义登录提示

　　提示信息在/src/messages.properties配置，以下是验证失败之后，可以提示内容的配置：

# Authentication failure messages
authenticationFailure.AccountDisabledException=This account has been disabled.
authenticationFailure.AccountLockedException=This account has been locked.
authenticationFailure.CredentialExpiredException=Your password has expired.
authenticationFailure.InvalidLoginLocationException=You cannot login from this workstation.
authenticationFailure.InvalidLoginTimeException=Your account is forbidden to login at this time.
authenticationFailure.AccountNotFoundException=Invalid credentials.
authenticationFailure.FailedLoginException=\u7528\u6237\u540D\u6216\u5BC6\u7801\u9519\u8BEF.
authenticationFailure.UNKNOWN=Invalid credentials.