CAS服务端的mysql数据库查询认证机制
2016-06-13 11:04
381 查看
通过查询数据库,对用户名和密码进行相关的认证配置,deployerConfigContext.xml中配置了一个dbAuthHandler、dataSource还有一个passwordEncoder。
create table test_user(username varchar(30), password varchar(40) , primary key (username));
insert into
test_user(username,password) values ('admin','admin');
insert into
test_user(username,password) values('user','password');
2 复制所需的类库到web应用下,如下三个jar包。
commons-collections-3.2.jar
cas-server-support-jdbc-4.0.0.jar
下载:mysql-connector-java-5.1.7-bin.jar
3 配置cas/WEB-INF/目录下的deployerConfigContext.xml 文件。
3.1增加数据源
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"></property>
<property name="url" value="jdbc:mysql://localhost:3306/deamo"></property>
<property name="username" value="root"></property>
<property name="password" value="123456"></property>
</bean>
3.2 改变认证方式
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<property name="users">
<map>
<entry key="casuser" value="Mellon"/>
</map>
</property>
</bean>
变为数据库认证方式:
<bean id="dbAuthHandler"
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
p:dataSource-ref="dataSource"
p:sql="select password from app_user where username=?" />
3.修改
<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<!--
| IMPORTANT
| Every handler requires a unique name.
| If more than one instance of the same handler class is configured, you must explicitly
| set its name to something other than its default name (typically the simple class name).
-->
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
<entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />
</map>
</constructor-arg>
变为:
<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<!-- <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> -->
<entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver" />
</map>
</constructor-arg>
<property name="authenticationPolicy">
<bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
</property>
</bean>
4 启动tomcat,输入http://localhost:8080/servlets-examples
在转发的CAS登陆页面中,输入用户和密码。转发成功后就通过SSO单点登陆认证了。
数据库密码不是加密的方式则不使用passwordEncoder 加密验证
参考文献:
http://blog.sina.com.cn/s/blog_3fc815b30100ihtr.html http://www.oschina.net/question/1987045_162150?fromerr=nm8p269o
create table test_user(username varchar(30), password varchar(40) , primary key (username));
insert into
test_user(username,password) values ('admin','admin');
insert into
test_user(username,password) values('user','password');
2 复制所需的类库到web应用下,如下三个jar包。
commons-collections-3.2.jar
cas-server-support-jdbc-4.0.0.jar
下载:mysql-connector-java-5.1.7-bin.jar
3 配置cas/WEB-INF/目录下的deployerConfigContext.xml 文件。
3.1增加数据源
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"></property>
<property name="url" value="jdbc:mysql://localhost:3306/deamo"></property>
<property name="username" value="root"></property>
<property name="password" value="123456"></property>
</bean>
3.2 改变认证方式
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<property name="users">
<map>
<entry key="casuser" value="Mellon"/>
</map>
</property>
</bean>
变为数据库认证方式:
<bean id="dbAuthHandler"
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
p:dataSource-ref="dataSource"
p:sql="select password from app_user where username=?" />
3.修改
<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<!--
| IMPORTANT
| Every handler requires a unique name.
| If more than one instance of the same handler class is configured, you must explicitly
| set its name to something other than its default name (typically the simple class name).
-->
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
<entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />
</map>
</constructor-arg>
变为:
<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<!-- <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> -->
<entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver" />
</map>
</constructor-arg>
<property name="authenticationPolicy">
<bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
</property>
</bean>
4 启动tomcat,输入http://localhost:8080/servlets-examples
在转发的CAS登陆页面中,输入用户和密码。转发成功后就通过SSO单点登陆认证了。
数据库密码不是加密的方式则不使用passwordEncoder 加密验证
参考文献:
http://blog.sina.com.cn/s/blog_3fc815b30100ihtr.html http://www.oschina.net/question/1987045_162150?fromerr=nm8p269o
相关文章推荐
- mysql索引总结----mysql 索引类型以及创建
- MySQL入门03-MySQL配置安全性、易用性
- mysql中 ISNULL,IFNULL,NULLIF用法
- r语言处理mysql数据
- 安装keepalive错误:types.h:14: error: conflicting types for ‘fd_set’
- mysql索引
- Navicat For Mysql快捷键
- mysql server的安装及自定义脚本
- jira+mysql Unknown system variable 'storage_engine
- MYSQL IN 与 EXISTS 的优化示例介绍,mysql exists
- Mysql最快清空数据库表的SQL语句
- 安装keepalive错误:configure: error: No SO_MARK declaration in headers
- jira+mysql Unknown system variable 'storage_engine
- lamp部署 find mysql命令行 time() input date iptables 2016.06.12回顾
- MySQL cluster 如何创建磁盘表解读
- MySQL主从复制与读写分离
- mysql 数据表的引擎 MyISAM 和 InnoDB
- Mysql存储引擎中InnoDB与Myisam的区别
- 用Nodejs连接MySQL
- Mysql sql语句优化的10条建议